Issuu on Google+

PECB

P r o fe s s i o n a l E v a l u a t i o n a n d C e r t i f i c a t i o n B o a r d

TRAINING CATALOGUE INFORMATION SECURITY

RISK MANAGEMENT

BUSINESS CONTINUITY

SERVICE MANAGEMENT

ENVIRONMENTAL MANAGEMENT

QUALITY MANAGEMENT

FOOD SAFETY

OCCUPATIONAL HEALTH & SAFETY

SOCIAL RESPONSIBILITY

SUPPLY CHAIN SECURITY 1


cation Bo

a r d

o i nal s s e f Ev o Pr

ifi

2

rt

a

a n nd o i t a Ce u l


TRAINING CATALOGUE

Professional Evaluation and Certification Board


TABLE OF CONTENTS ABOUT PECB

06

PECB CODE OF ETHICS

07

PECB CERTIFICATION PROCESS

08

INFORMATION SECURITY TRAINING

09

CERTIFIED ISO 27001 LEAD IMPLEMENTER CERTIFIED ISO 27001 LEAD AUDITOR CERTIFIED ISO 27001 FOUNDATION INTRODUCTION TO ISO 27001

RISK MANAGEMENT TRAINING CERTIFIED ISO 27005 RISK MANAGER CERTIFIED ISO 27005 RISK MANAGER WITH OCTAVE CERTIFIED ISO 27005 RISK MANAGER WITH EBIOS CERTIFIED ISO 27005 RISK MANAGER WITH MEHARI CERTIFIED ISO 27005 RISK MANAGER WITH AN INTRODUCTION TO RISK ASSESSMENT METHODOLOGIES CERTIFIED ISO 31000 RISK MANAGER RISK ASSESSMENT WITH THE OCTAVE METHOD INTRODUCTION TO THE OCTAVE METHOD RISK ASSESSMENT WITH THE EBIOS METHOD INTRODUCTION TO THE EBIOS METHOD RISK ASSESSMENT WITH THE MEHARI METHOD INTRODUCTION TO THE MEHARI METHOD INTRODUCTION TO ISO 27005 INTRODUCTION TO RISK ASSESSMENT METHODOLOGIES

SERVICE MANAGEMENT TRAINING CERTIFIED ISO 20000 LEAD IMPLEMENTER CERTIFIED ISO 20000 LEAD AUDITOR CERTIFIED ISO 20000 FOUNDATION INTRODUCTION TO ISO 20000

BUSINESS CONTINUITY TRAINING CERTIFIED ISO 22301 LEAD IMPLEMENTER CERTIFIED ISO 22301 LEAD AUDITOR CERTIFIED ISO 22301 FOUNDATION INTRODUCTION TO ISO 22301 CERTIFIED ISO/IEC 24762 DISASTER RECOVERY MANAGER

10 12 14 15

17 18 20 22 24 26 28 29 30 31 32 33 34 35 35

37 38 40 42 44

45 46 48 50 52 53


QUALITY MANAGEMENT TRAINING CERTIFIED ISO 9001 LEAD IMPLEMENTER CERTIFIED ISO 9001 LEAD AUDITOR CERTIFIED ISO 9001 FOUNDATION INTRODUCTION TO ISO 9001

ENVIRONMENTAL MANAGEMENT TRAINING CERTIFIED ISO 14001 LEAD IMPLEMENTER CERTIFIED ISO 14001 LEAD AUDITOR CERTIFIED ISO 14001 FOUNDATION INTRODUCTION TO ISO 14001

55 56 58 60 61

63 64 66 68 70

OCCUPATIONAL HEALTH & SAFETY TRAINING 71 CERTIFIED OHSAS 18001 LEAD IMPLEMENTER CERTIFIED OHSAS 18001 LEAD AUDITOR CERTIFIED OHSAS 18001 FOUNDATION INTRODUCTION TO OHSAS 18001

FOOD SAFETY TRAINING CERTIFIED ISO 22000 LEAD IMPLEMENTER CERTIFIED ISO 22000 LEAD AUDITOR CERTIFIED ISO 22000 FOUNDATION INTRODUCTION TO ISO 22000

SOCIAL RESPONSIBILITY TRAINING CERTIFIED ISO 26000 LEAD IMPLEMENTER CERTIFIED ISO 26000 LEAD AUDITOR CERTIFIED ISO 26000 FOUNDATION INTRODUCTION TO ISO 26000

SUPPLY CHAIN SECURITY TRAINING CERTIFIED ISO 28000 LEAD IMPLEMENTER CERTIFIED ISO 28000 LEAD AUDITOR CERTIFIED ISO 28000 FOUNDATION INTRODUCTION TO ISO 28000

72 74 76 78

79 80 82 84 86

87 88 90 92 94

95 96 98 100 102


ABOUT

PECB

PECB is a personnel certification body for various standards, including ISO 9001, ISO 14001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001 and ISO/IEC 27005. Our mission is to provide our clients comprehensive personnel examination and certification services. Certification represents the intersection of protection of the public, fairness to candidates, and often, various interests of the profession. Although these may appear to be competing interests, a well-designed certification program will be most effective in meeting these interests when its resources are deployed to enhance validity and reliability. The guidance that follows in our Quality Manual is intended to ensure that PECB develops, maintains and improves a high quality recognized certification program.

The purpose of PECB, as stated in its Bylaws, is to develop and promote professional standards for certification and to administer certification programs for individuals who practice in disciplines involving the audit and the implementation of a compliance management system. This principal purpose includes: 1 Establishing the minimum requirements necessary to qualify certified professional 2 Reviewing and verifying the qualifications of applicants 3 Developing and maintaining reliable, valid, and current certification examinations 4 Granting certificates to qualified candidates, maintaining certificant records, and publishing a directory of the holders of valid certificates 5 Establishing requirements for the periodic renewal of certification and determining compliance with those requirements 6 Ascertaining that certificants meet ethical standards in their professional practice 7 Representing its members, where appropriate, in matters of common interest 8 Promoting the benefits of certification to employers, public officials, practitioners in related fields, and the public

OUR ACCREDITATION AND CERTIFICATIONS PECB is in the process of accreditation by ANSI to the ISO/IEC 17024 standard (General requirements for bodies operating certification schemes for persons)

PECB is certified to the ISO 9001:2008 standard. The scope of this certification covers all of PECB personnel certification processes, including the development and maintenance of certification schemes, examiners records management and protection, requirements for employees and certification process. This standard demonstrates PECB’s commitment to quality management and customer service.

6

PECB is also certified to the ISO/IEC 27001:2005 standard, the international standard for information security. The scope of this certification covers all processes, systems and technologies that support the entire certification to ensure that best security practices are consistently applied to ensure the confidentiality of all PECB applicants’ and certified individuals’ financial and personal information. PECB is the only personal certification body that is certified to both ISO 9001:2008 and ISO/IEC 27001:2005.


PECB

CODE OF ETHICS Adherence of professionals to PECB code of ethics is a voluntary engagement. However, if a member does not follow this code by engaging in gross misconduct, PECB membership may be terminated and certifications revoked. Not only is it important for PECB certified professionals to adhere to the principles expressed in this Code, each member should encourage and support adherence by other members.

PECB professionals will: 1 Conduct themselves professionally, with honesty, accuracy, fairness, responsibility and independence. 2 Act at all times solely in the best interest of their employer, their clients, the public, and the profession by acting in accordance with the professional standards and applicable techniques while performing professional services. 3 Maintain their competency in their respective fields and strive to constantly improve their professional skills. 4 Offer only professional services for which they are qualified to perform, and adequately inform clients and consumers about the nature of proposed services, including any relevant concerns or risks. 5 Inform each employer or client of any business interests or affiliations which might influence their judgment or impair their fairness. 6 Treat in a confidential and private manner information acquired during professional and business dealings of any present or former employer or client without its proper consent. 7 Comply with all laws and regulations of the jurisdictions where professional activities are conducted. 8 Respect the intellectual property and contributions of others. 9 Not intentionally communicate false or falsified information that may compromise the integrity of the evaluation process of a candidate for a professional designation. 10 Not act in any manner that could compromise the reputation of PECB or its certification programs for persons

and will fully cooperate on the inquiry following a claimed infringement of this Code of Ethics.

7


PECB CERTIFICATION PROCESS 1. Decide which certification is right for you Each PECB certification has specific education and experience requirements. To determine which certification is right for you, verify all eligibility requirements for the different certifications and your professional needs.

2. Prepare for the exam All certification candidates are responsible for their own study and preparation for the examination. No specific set of courses or curriculum of study is required as part of the certification process. Likewise, the completion of a recognized PECB course or program of study will significantly enhance your chance of passing a PECB certification examination. You can verify the list of recognized organizations that offer PECB official training sessions.

3. Apply and schedule the exam Candidates must complete the easy and secure online application. PECB’ online application is available at www. PECB.org. Candidates will register for a password-protected account where they can then create, manage, update, and submit their application. Applicants can pay the application fees online and upload all required supporting documents to PECB. Applicants will also have the option of mailing the payment (checks) but this will result in delays of the application process. Applicants will then be able to select a date and location for their certification exam. Dates and location can be found at www.PECB.org. You must register at least fifteen (15) days before the exam date.

4. Take the exam Candidates will be required to arrive at least 30 minutes before the beginning of the certification exam. Candidates arriving late will not be given additional time to compensate for the late arrival and may be denied entry to the examination room. All candidates will need to present a valid identity card such as a driver’s license to the proctor and the exam confirmation letter. The duration of the exam varies according to the type of examination taken (see description of the different exams for more details at www.PECB.org).

5. Receive your exam results It takes 4 to 8 weeks for participants to receive their exam results. All results are sent via email. The examination results will not include the exact grade that you had, only a mention of pass or fail. In the case of a failure, the results will be accompanied with the list of domains in which you had a mark lower than the passing grade to provide guidance to prepare yourself to retake the exam.

6. Apply for certification All participants who successfully pass their certification exam (or an equivalent accepted by PECB) are entitled to apply for the PECB credentials they were examined for. Specific educational and professional requirements may be needed for you to be PECB certified. Candidates will need to fill out the online certification application form (that can be accessed via their PECB online profile), including contact details of references who will be contacted to validate the candidate’s professional experience. Once PECB will have validated that, you fulfill all certification requirements, you will be informed by e-mail of our decision and you will receive your certificate by e-mail in electronic format.

7. Maintain your certification Every year, PECB certified professionals would need to provide PECB with the number of hours of auditing and/ or implementation related tasks they have performed with the contact details of individuals who can validate these tasks, as well as paying their yearly certification maintenance fees. In addition, PECB certified professionals need to abide to PECB’s code of ethics.

For more information, please visit the FAQ section at www.PECB.org

8


TRAINING CATALOGUE

INFORMATION SECURITY TRAINING ISO/IEC 27001 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.


CERTIFIED ISO 27001 LEAD IMPLEMENTER MASTERING THE IMPLEMENTATION AND MANAGEMENT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO 27001 SUMMARY

DAY 1

This five-day intensive course enables the participants to develop the expertise necessary to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001:2005. Participants will also be given a thorough grounding in best practices used to implement information security controls from all areas of ISO 27002. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is also fully compatible with ISO 27003 (Guidelines for the Implementation of an ISMS), ISO 27004 (Measurement of Information Security) and ISO 27005 (Risk Management in Information Security).

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; Initiating an ISMS

PREREQUISITES

• • • • •

Introduction to management systems and the process approach Presentation of the ISO 27000 family standards and regulatory framework Fundamental principles of Information Security Preliminary analysis and determining the level of maturity based upon ISO 21827 Writing a business case and a project plan for the implementation of an ISMS

DAY 2

Planning the implementation of an ISMS based on ISO 27001 • • • • •

Defining the scope of an ISMS Drafting an ISMS and information security policies Selection of the approach and methodology for risk assessment Risk management: identification, analysis and treatment of risk (based on ISO 27005) Drafting the Statement of Applicability

DAY 3

Implementing an ISMS based on ISO 27001 • • • • •

Implementation of a document management framework Design of and implementation of controls Information security training, awareness and communication program Incident management (drawing on guidance from ISO 27035) Operations management of an ISMS

DAY 5

DAY 4

Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO 27001 • Monitoring the ISMS controls • Development of metrics, performance indicators and dashboards in accordance with ISO 27004 • ISO 27001 internal Audit • Management review of an ISMS • Implementation of a Continual improvement program • Preparing for a ISO 27001 certification audit

Certification Exam • 3 hours

• ISO 27001 Foundation Certification or a basic knowledge of ISO 27001 is recommended

WHO SHOULD ATTEND? • Compliance project managers • Information security consultants • Internal and external ISO 27001 auditors • Members of an information security team

LEARNING OBJECTIVES • To understand the implementation of an ISMS • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS • To acquire the necessary expertise to manage a team implementing ISO 27001 This is a PECB official training course


EXAM • The “Certified ISO/IEC 27001 Lead Implementer” exam fully meets the requirements of the PECB Examination Certification Programme (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of information security - Domain 2: Information security control best practice based on ISO 27002 - Domain 3: Planning an ISMS based on ISO 27001 - Domain 4: Implementing an ISMS based on ISO 27001 - Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO 27001 - Domain 6: Continual improvement of an ISMS based on ISO 27001 - Domain 7: Preparing for an ISMS certification audit • The “Certified ISO/IEC 27001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27001 Provisional Implementer, Certified ISO/IEC 27001 Implementer or Certified ISO/IEC 27001 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

CREDENTIAL

EXAM

PROFESSIONAL EXPERIENCE

ISMS AUDIT EXPERIENCE

ISMS PROJECT EXPERIENCE

OTHER REQUIREMENTS Signing the PECB code of ethics

ISO 27001 Provisional Implementer

ISO 27001 Lead Implementer Exam

None

None

None

ISO 27001 Implementer

ISO 27001 Lead Implementer Exam

Two years One years of information security work experience

None

Project activities totaling 200 hours

ISO 27001 Lead Implementer

ISO 27001 Lead Implementer Exam

Five years Two years of information security work experience

None

Project activities totaling 300 hours

Signing the PECB code of ethics

Signing the PECB code of ethics

GENERAL INFORMATION • Certification fees are included in the exam price • A student manual containing over 450 pages of information and practical examples will be distributed to participants • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants

11


CERTIFIED ISO 27001 LEAD AUDITOR MASTERING THE AUDIT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO 27001 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the expertise needed to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with the certification process of the ISO/IEC 27001:2005 standard. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently.

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001

PREREQUISITES

• • • •

Normative, regulatory and legal framework related to information security Fundamental principles of information security The ISO 27001 certification process Detailed presentation of the clauses 4 to 8 of ISO27001

DAY 2

Planning and Initiating an ISO 27001 audit • • • •

Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 27001 certification audit Documenting of an ISMS audit

DAY 3

Conducting an ISO 27001 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Drafting test plans • Formulation of audit findings, drafting of nonconformity reports

DAY 4

Concluding and ensuring the follow-up of an ISO 27001 audit • • • •

Audit documentation Conducting a closing meeting and conclusion of an ISO 27001 audit Evaluation of corrective action plans ISO 27001 Surveillance audit and Audit management program

Certification Exam DAY 5

• 3 hours

12

• ISO 27001 Foundation Certification or basic knowledge of ISO 27001 is recommended

WHO SHOULD ATTEND? • Internal auditors • Auditors wanting to perform and lead ISMS certification audits • Members of an information security team • Technical experts wanting to prepare for an Information security audit function LEARNING OBJECTIVES • To acquire expertise to perform an ISO 27001 internal audit following ISO 19011 guidelines • To acquire expertise to perform an ISO 27001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006 • To acquire necessary expertise to manage an ISMS audit team • To understand the operation of an ISO 27001

This is a PECB official training course


EXAM • The “Certified ISO/IEC 27001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of information security - Domain 2: Information Security Management System (ISMS) - Domain 3: Fundamental audit concepts and principles - Domain 4: Preparation of an ISO 27001 audit - Domain 5: Conducting an ISO 27001 audit - Domain 6: Closing an ISO 27001 audit - Domain 7: Managing an ISO 27001 audit program • The “Certified ISO/IEC 27001 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about the exam, refer to PECB section on ISO 27001 Lead Auditor Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27001 Provisional Auditor, Certified ISO/IEC 27001 Auditor or Certified ISO/IEC 27001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential

CREDENTIAL

EXAM

PROFESSIONAL EXPERIENCE

ISMS AUDIT EXPERIENCE

ISMS PROJECT EXPERIENCE

OTHER REQUIREMENTS Signing the PECB code of ethics

ISO 27001 Provisional Auditor

ISO 27001 Lead Auditor Exam

None

None

None

ISO 27001 Auditor

ISO 27001 Lead AuditorExam

Two years One year of information security work experience

Audit activities totaling 200 hours

None

ISO 27001 Lead Auditor

ISO 27001 Lead Auditor Exam

Five years Two years of information security work experience

Audit activities totaling 300 hours

None

Signing the PECB code of ethics

Signing the PECB code of ethics

GENERAL INFORMATION • Certification fees are included in the exam price • A student manual containing over 450 pages of information and practical examples will be distributed to participants • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants

13


CERTIFIED ISO 27001 FOUNDATION SUMMARY This course enables the participants to learn about the best practices for implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2005, as well as the best practices for implementing the information security controls of the eleven domains of the ISO 27002. This training also helps to understand how ISO 27001 and ISO 27002 are linked with ISO 27003 (Guidelines for the implementation of an ISMS), ISO 27004 (Measurement of information security) and ISO 27005 (Risk Management in Information Security).

DAY 2

DAY 1

COURSE AGENDA Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001 • • • • •

Introduction to the ISO 27000 standards family Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 8 of ISO 27001 Implementation phases of the ISO 27001 framework Continual improvement of Information Security

DURATION: 2 DAYS PREREQUISITES None

Implementing controls in information security according to ISO 27002 and Certification Exam

Certified ISO/IEC 27001

• • • •

• 1 hour

Principles and design of information security controls Documentation of a information security control environment Monitoring and reviewing the information security controls Security controls based on ISO 27002 best practices

WHO SHOULD ATTEND?

EXAM • The “Certified ISO/IEC 27001 Foundation” exam fully meets the requirements of the PECB Examination Certification Programme (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of information security - Domain 2: Information Security Management System (ISMS) • The “Certified ISO/IEC 27001 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour

CERTIFICATION A certificate of “Certified ISO/IEC 27001 Foundation” will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential Credential

Exam

Professional experience

ISMS Audit experience

ISO 27001 Foundation

ISO 27001 Foundation exam

None

None

ISMS Other project requirements experience None

Foundation exam

Signing the PECB code of ethics

GENERAL INFORMATION • Certification fees are included in the exam price • A student manual containing over 200 pages of information and practical examples will be distributed to participants • A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants

• Members of an information security team • Staff involved in the implementation of the ISO 27001 standard • Technicians involved in operations related to an ISMS • Auditors LEARNING OBJECTIVES • To understand the implementation of an Information Security Management System in accordance with ISO27001 • To understand the relationship between an ISMS, including risk management, controls and compliance • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage an ISMS This is a PECB official training course


ISO 27001 INTRODUCTION INTRODUCTION TO THE IMPLEMENTATION OF MANAGEMENT SYSTEM (ISMS) BASED ON ISO 27001

AN

INFORMATION

SECURITY

SUMMARY This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2005. The participant will learn the different components of an ISMS, including the ISMS policy, risk management, measuring performance, management’s commitment, internal audit, management review and Continual improvement.

COURSE AGENDA

DURATION: 1 DAY PREREQUISITES

• Introduction to the ISO 27000 standards family Introduction to management systems and the process approach • General requirements: presentation of the clauses 4 to 8 of ISO 27001 • Implementation phases of the ISO 27001 framework • Introduction to risk management according to ISO 27005 • Continual improvement of information security • Conducting an ISO 27001 certification audit

None

EXAMINATION AND CERTIFICATION

LEARNING OBJECTIVES • Understanding the fundamentals of information security • Knowing the interrelationships between ISO 27001 and the other information security standards (ISO 27002, ISO 27003, ISO 27004, and ISO 27005…) • Knowing the key components of an Information Security Management System (ISMS) in accordance with ISO 27001 • Introducing the concepts, approaches, standards, methods and techniques allowing to effectively manage an ISMS • Understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization • Understanding the stages of the ISO27001 certification process

None

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued to participants

WHO SHOULD ATTEND? • IT Professionals wanting to gain a comprehensive knowledge of the main processes of an ISMS • Staff involved in the implementation of the ISO 27001 standard • Expert advisors in IT • Auditors

This is a PECB official training course


"The course material was exceptional. Unlike so many courses, this one didn't simply address vague high-level concepts, but made theory explicit with concrete applicable examples."

Steven T. Compliance Officer, Fortune 1000 Company


TRAINING CATALOGUE

RISK MANAGEMENT TRAINING ISO/IEC 27005

ISO 31000

provides guidelines for information security risk management. ,WVXSSRUWVWKHJHQHUDOFRQFHSWVVSHFLÄşHGLQ,62,(& 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach

,62SURYLGHVSULQFLSOHVDQG generic guidelines on risk management. ,62FDQEHXVHGE\DQ\ public, private or community enterprise, association, group or individual. 7KHUHIRUH,62LVQRWVSHFLÄşF to any industry or sector.

EBIOS

OCTAVE

MEHARI

the methodological approach offered E\(%,26SURYLGHVDJOREDODQG consistent view of information V\VWHPVVHFXULW\ ,66  The method takes into account all technical entities (software, KDUGZDUHQHWZRUNV DQG non-technical entities (organization, KXPDQDVSHFWVSK\VLFDOVDIHW\ 

2&7$9(‹ 2SHUDWLRQDOO\ &ULWLFDO7KUHDW$VVHW DQG9XOQHUDELOLW\ (YDOXDWLRQ60 LVDVXLWH of tools, techniques, and methods for risk-based information security strategic assessment and planning.

FRPSOLDQWWR,62,(&ULVN management standard, is suitable for WKH,606SURFHVVGHVFULEHGE\,62 27001, allowing to provide accurate indications for building security plans, based on a complete list of vulnerability control points and an accurate monitoring process in a continual improvement cycle


CERTIFIED ISO 27005 RISK MANAGER MASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT IN INFORMATION SECURITY BASED ON ISO 27005 SUMMARY

DAY 1

In this two-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 2 DAYS

Introduction, risk management program, risk identification and assessment according to ISO 27005

PREREQUISITES

• • • •

Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Implementation of an information security risk management program Risk identification and assessment

DAY 2

Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • • • •

Risk evaluation and treatment Acceptance of information security risks and management of residual risks Information security risk communication, monitoring and review Certified ISO/IEC 27005 Risk Manager Exam

EXAM • The “Certified ISO/IEC 27005 Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “Certified ISO/IEC 27005 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO 27005 Risk Manager Exam

18

None

WHO SHOULD ATTEND? • Risk managers • Persons responsible for information security or conformity within an organization • Member of the information security team • IT consultants LEARNING OBJECTIVES • To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with all other requirements

This is a PECB official training course


CERTIFICATION • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential

Credential

Exam

Professional experience

ISO 27005 Foundation

ISO 27005 Foundation exam

None

ISRM Audit experience

None

ISMS Other project requirements experience None

Signing the PECB code of ethics

• For more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 150 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.

19


CERTIFIED ISO 27005 RISK MANAGER WITH OCTAVE MASTERING RISK EVALUATION AND OPTIMAL RISK MANAGEMENT IN INFORMATION SECURITY BASED ON ISO 27005 WITH THE OCTAVE METHOD SUMMARY

DAY 1

In this five-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework and OCTAVE method. The OCTAVE method was developed by the CERT. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 5 DAYS

Introduction, risk management program, risk identification and assessment according to ISO 27005

PREREQUISITES • A basic knowledge of risk management and the OCTAVE method is recommended

• • • •

Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implementation of an information security risk management program Risk identification and assessment

DAY 2

Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • • • •

Risk evaluation, treatment Acceptance of information security risks and management of residual risks Information security risk communication, Information security risk monitoring and review

DAY 3

Start of a risk assessment with OCTAVE • • • •

Presentation of OCTAVE Phase 1 - Process 1 to 3 (Understanding the Organization) Phase 1 - Process 4 (Create threat profiles) Phase 2 - Process 5 (Identification of key components)

DAY 4

Assessment of vulnerabilities and risk, according to OCTAVE • • • •

Phase 2 - Process 5 (Continued) Phase 2 - Process 6 (Evaluation of selected components) Phase 3 - Process 7 (Conducting the risk assessment) Phase 3 - Process 8 (Development of a Protection Strategy)

DAY 5

The OCTAVE Method Implementation approach and conclusion • • • •

Phase 3 – Process 8 (Development of a Protection Strategy – cont.) The OCTAVE Method Implementation Guide Tailoring the evaluation to your organization OCTAVE exam

20

WHO SHOULD ATTEND? • Risk managers and IT consultants • Persons responsible for information security or conformity • Member of the information security team • Staff implementing or seeking to comply with ISO 27001 and involved in a risk management program based upon the OCTAVE method

LEARNING OBJECTIVES • To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To develop the necessary skills to conduct a risk assessment with the OCTAVE method • To master the steps to conduct a risk assessment with the OCTAVE method • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization • To acquire the competence to implement, maintain and manage an ongoing information security risk management program according to ISO27005 • To acquire the competence to effectively advise organizations on the best practices in information security risk management

This is a PECB official training course


EXAM • The “Certified ISO/IEC 27005 Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “Certified ISO/IEC 27005 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO 27005 Risk Manager Exam

CERTIFICATION • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential

Credential

Exam

Professional experience

ISO 27005 Risk Manager with OCTAVE

ISO 27005 RM with OCTAVE Exam

Two years One years of risk management work experience

ISRM Audit experience

None

ISMS project experience

Other requirements

Project activities totaling 200 hours

Signing the PECB code of ethics

• For more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certifications

GENERAL INFORMATION • Certification fees are included in the exam price • The training material on OCTAVE is only available in English • A copy of the official documentation on OCTAVE published by CERT will be distributed to participants together with a student manual containing over 400 pages of information and practical examples • A participation certificate of 31 CPD (Continuing Professional Development) credits is awarded to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.

21


CERTIFIED ISO 27005 RISK MANAGER WITH EBIOS MASTERING RISK EVALUATION AND OPTIMAL RISK MANAGEMENT IN INFORMATION SECURITY BASED ON ISO 27005 WITH THE EBIOS METHOD SUMMARY

DAY 1

In this five-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework and the EBIOS method. The EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) method was developed by ANSSI in France. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 5 DAYS

Introduction, risk management program, risk identification and assessment according to ISO 27005

PREREQUISITES • A basic knowledge of risk management and the EBIOS method is recommended

• • • •

Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implementation of an information security risk management program Risk identification and assessment

DAY 2

Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • • • •

Risk evaluation and treatment Acceptance of information security risks and management of residual risks Information security risk communication, monitoring and review Certified ISO/IEC 27005 Risk Manager Exam

WHO SHOULD ATTEND? • Risk managers • Persons responsible for information security or conformity within an organization • Member of the information security team • IT consultants • Staff implementing or seeking to comply with ISO 27001 and involved in a risk management program based upon the EBIOS method LEARNING OBJECTIVES

DAY 3

Conduct of a risk assessment with EBIOS • • • •

Presentation of EBIOS Phase 1 - Context establishment Phase 2 – Feared security event analysis Phase 3 – Threat scenarios analysis

DAY 4

Completing a risk assessment with EBIOS • Phase 4 – Risk analysis • Phase 5 - Determination of security controls • Workshop with case studies

• To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To master the steps to conduct a risk assessment with the EBIOS method • To acquire the competence to implement, maintain and manage an ongoing information security risk management program according to ISO27005 This is a PECB official training course

DAY 5

Workshop with case studies and EBIOS exam • Workshop with case studies • EBIOS exam

22


EXAM • The “Certified ISO/IEC 27005 Risk Manager” exams and “EBIOS Advanced” fully meets the requirements of the PECB Examination Certification Program (ECP). • The “Certified ISO/IEC 27005 Risk Manager” exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “EBIOS Advanced” exam fully meets the requirements of the PECB Examination Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management according to EBIOS - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on EBIOS • The exams is available in different languages (the complete list of languages can be found in the examination application form) • Duration of the exams: 2 hours for “Certified ISO/IEC 27005 Risk Manager” and 3 hours for “EBIOS Advanced” • For more information about the exams, refer to PECB section on ISO 27005 Risk Manager Exam

CERTIFICATION • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential

Credential

Exam

ISO 27005 Risk Manager with EBIOS

ISO 27005 RM with with EBIOS

Professional experience Two years One years of risk management work experience

ISRM Audit experience

None

ISMS project experience

Other requirements

Project activities totaling 200 hours

Signing the PECB code of ethics

• For more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certification

GENERAL INFORMATION • Certification fees are included in the exam price • The training material on EBIOS is only available in French and is based on ANSSI official training material • A copy of the official documentation on EBIOS published by ANSSI is given to participants together with a student manual containing over 400 pages of information and practical examples • A participation certificate of 35 CPD (Continuing Professional Development) credits is awarded to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.

23


CERTIFIED ISO 27005 RISK MANAGER WITH MEHARI MASTERING THE EVALUATION AND OPTIMAL MANAGEMENT OF RISK IN INFORMATION SECURITY BASED ON THE MEHARI METHOD SUMMARY

DAY 1

In this five-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework and MEHARI method. The MEHARI method was developed by “Club de la Sécurité des Systèmes d’Information Français” (CLUSIF) in France. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 5 DAYS

Introduction, risk management program, risk identification and assessment according to ISO 27005

PREREQUISITES • A basic knowledge of risk management and the MEHARI method is recommended.

• • • •

Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implementation of an information security risk management program Risk identification and assessment

DAY 2

Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • • • •

Risk evaluation and treatment Acceptance of information security risks and management of residual risks Information security risk communication, monitoring and review Certified ISO/IEC 27005 Risk Manager Exam

WHO SHOULD ATTEND? • Risk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff implementing or seeking to comply with ISO 27001 and involved in a risk management program based upon the MEHARI method LEARNING OBJECTIVES

DAY 3

Start of a risk assessment with MEHARI • • • •

Introduction to MEHARI Assessment and classification issues The value chain for failures Classification of resources

DAY 4

Assessment of vulnerabilities and risk, according to MEHARI • • • •

Assessment of the vulnerabilities Qualities of a security service Measuring the quality of a security service Evaluation and Risk assessment process

• To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 • To develop the necessary skills to conduct a risk assessment with the MEHARI method • To master the steps to conduct a risk assessment with the MEHARI method • To acquire the competence to implement, maintain and manage an ongoing ISRM program according to ISO 27005 This is a PECB official training course

DAY 5

Security planning according to MEHARI & Exam • Security plans and procedures • Tools to support the implementation of MEHARI • The “MEHARI advanced” exam

24


EXAM • The “Certified ISO/IEC 27005 Risk Manager” and the “MEHARI Advanced” exams fully meet the requirements of the PECB Examination Certification Program (ECP). • The “Certified ISO/IEC 27005 Risk Manager” exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “MEHARI Advanced” exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management according to MEHARI - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on MEHARI • The training " Risk assessment with MEHARI method” including exam is labeled by CLUSIF • The “Certified ISO/IEC 27005 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours for each exam • For more information about the exams, refer to PECB section on ISO 27005 Risk Manager Exam

CERTIFICATION • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential

Credential

Exam

ISO 27005 Risk Manager with MEHARI

ISO 27005 RM with EBIOS Exam

Professional experience Two years One years of risk management work experience

ISRM Audit experience

None

ISMS project experience

Other requirements

Project activities totaling 200 hours

Signing the PECB code of ethics

• For more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certification

GENERAL INFORMATION • Certification fees are included in the exam price • An educational version of the software "Risicare” is given to the participants and a copy of the official MEHARI documentation published by the CLUSIF • A student manual containing over 400 pages of information and practical examples are given to participants • A participation certificate of 35 CPD (Continuing Professional Development) credits is awarded to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.

25


CERTIFIED ISO 27005 RISK MANAGER WITH AN INTRODUCTION TO RISK ASSESSMENT METHODOLOGIES MASTERING RISK EVALUATION AND OPTIMAL RISK MANAGEMENT IN INFORMATION SECURITY AND LEARNING THE METHODS OF RISK ASSESSMENT SUMMARY

DAY 1

In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. Participants will learn the different methods of risk assessment used on the market e.g.: CRAMM, EBIOS, MEHARI, OCTAVE and Microsoft Security Risk Management Guide. This training fits perfectly in the framework of an ISO/ IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 3 DAYS

Introduction, risk management program, risk identification and assessment according to ISO 27005

PREREQUISITES

• • • •

Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implementation of an information security risk management program Risk identification and assessment

DAY 2

Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005 • Risk evaluation and treatment • Acceptance of information security risks and management of residual risks • Information security risk communication, monitoring and review

None

WHO SHOULD ATTEND? • Risk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff implementing or seeking to comply with ISO 27001 or involved in a risk management program LEARNING OBJECTIVES

DAY 3

Introduction to methods of risk assessment and Certification Exam • • • • • •

Introduction to CRAMM Introduction to EBIOS Introduction to MEHARI Introduction to OCTAVE Introduction to Microsoft Security Risk Management Certified ISO/IEC 27005 Risk Manager Exam

EXAM • The “Certified ISO/IEC 27005 Risk Manager” exam fully meets the requirements of the PECB Examination Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 27005 • The “Certified ISO/IEC 27005 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO 27005 Risk Manager Exam

• To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization This is a PECB official training course


CERTIFICATION • A certificate of “ISO/IEC 27005 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential

Credential

Exam

ISO 27005 Risk Manager

ISO 27005 Risk Manager

Professional experience Two years One years of risk management work experience

ISRM Audit experience

None

ISMS project experience

Other requirements

Project activities totaling 200 hours

Signing the PECB code of ethics

• For more information about ISO 27005 certifications and PECB certification process, refer to PECB section on ISO 27005 Risk Manager Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 250 pages of information and practical examples are given to participants A participation certificate of 21 CPD (Continuing Professional Development) credits is awarded to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.

27


CERTIFIED ISO 31000 RISK MANAGER MASTERING RISK ASSESSMENT BASED ON ISO 31000

SUMMARY

DAY 2

DAY 1

In this two-day intensive course participants develop the competence to master the basic risk management elements using the ISO 31000 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform risk assessments, including risk identification, risk analysis and risk evaluation, as well as preparing and implementing risk treatment.

COURSE AGENDA

DURATION: 2 DAYS

Introduction, risk management program, risk identification and assessment according to ISO 31000

PREREQUISITES

• • • • •

WHO SHOULD ATTEND? • Executive level stakeholders • Appointment holders in the enterprise risk management group • Risk analysts and management officers • Line managers and project managers • Compliance and internal auditors • Independent consultants.

Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Communication and consultation Establishing context and defining risk criteria Risk identification and assessment

Risk evaluation, treatment, monitoring and review according to ISO 31000 • • • •

Risk evaluation and treatment Risk treatment options Preparing and implementing risk treatment plans Certified ISO 31000 Risk Manager Exam

DAY 3

Introduction to methods of risk assessment and Certification Exam • • • • • •

Introduction to CRAMM Introduction to EBIOS Introduction to MEHARI Introduction to OCTAVE Introduction to Microsoft Security Risk Management Certified ISO/IEC 27005 Risk Manager Exam

EXAM • The “Certified ISO 31000 Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and frameworks of risk management - Domain 2: Preparation and implementation of a risk management program - Domain 3: Information security risk assessment based on ISO 31000 • The “Certified ISO 31000 Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO 31000 Risk Manager Exam

None

LEARNING OBJECTIVES • To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO 31000 • To understand how to align objectives of the governance frameworks with ISO 31000 • To understand how to improve management system reporting mechanisms • To understand how to define uniform risk criteria and evaluation metrics • To understand the relationship between the information security risk management, the security controls and the compliance with all other requirements This is a PECB official training course


RISK ASSESSMENT WITH THE OCTAVE METHOD DEVELOPING THE NECESSARY SKILLS TO PERFORM A RISK ASSESSMENT BASED ON THE OCTAVE METHOD SUMMARY

DAY 1

In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using OCTAVE method. The OCTAVE method (Operationally Critical Threat, Asset, and Vulnerability Evaluation) was developed by CERT (Computer Emergency Response Team). Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 3 DAYS

Start of a risk assessment with OCTAVE

PREREQUISITES • A basic knowledge of risk management is recommended

• • • •

Standards, frameworks and methodologies in risk management Phase 1 - Process 1 to 3 (Understanding the Organization) Phase 1 - Process 4 (Create profile threats) Phase 2 - Process 5 (identification of key components)

DAY 2

Assessment of vulnerabilities and risk, according to OCTAVE • • • •

Phase 2 - Process 5 (Continued) Phase 2 - Process 6 (Evaluation of selected components) Phase 3 - Process 7 (Conduct the risk assessment) Phase 3 - Process 8 (Development of Protection Strategy)

DAY 3

The OCTAVE Method Implementation approach and conclusion • • • •

Phase 3 – Process 8 (Development of a Protection Strategy – cont.) The OCTAVE Method Implementation Guide Tailoring the evaluation to your organization OCTAVE -S

EXAM AND CERTIFICATION Not applicable

GENERAL INFORMATION • A copy of the official documentation on OCTAVE published by CERT is given to participants together with a student manual containing over 250 pages of information and practical examples • A participation certificate of 21 CPD (Continuing Professional Development) credits is awarded to participants

WHO SHOULD ATTEND? • Risk managers • Persons responsible for information security or conformity within an organization • Member of the information security team • IT consultants • Staff participating in the activities of risk assessment with the OCTAVE method LEARNING OBJECTIVES • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to the OCTAVE method • To develop the necessary skills to conduct a risk assessment with the OCTAVE method • To master the steps to conduct a risk assessment with the OCTAVE method • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization • To acquire the competence to implement, maintain and manage an ongoing information security risk management program This is a PECB official training course


INTRODUCTION TO THE OCTAVE METHOD DEVELOPING THE NECESSARY SKILLS TO PARTICIPATE IN A RISK ASSESSMENT BASED ON THE OCTAVE METHOD SUMMARY This training allows learning the stages of conducting a risk assessment with the OCTAVE method. The OCTAVE method (Operationally Critical Threat, Asset, and Vulnerability Evaluation) was developed by CERT (Computer Emergency Response Team). This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 1 DAY

Conduct a risk assessment with OCTAVE

PREREQUISITES None

• • • • • • •

Presentation of OCTAVE Phase 1 - Process 1 to 3 (Understanding the Organization) Phase 1 - Process 4 (Create threat profiles) Phase 2 - Process 5 (Identification of key components) Phase 2 - Process 6 (Evaluation of selected components) Phase 3 - Process 7 (Conduct the risk assessment) Phase 3 - Process 8 (Development of a Protection Strategy)

EXAM AND CERTIFICATION Not applicable

GENERAL INFORMATION • A copy of the official documentation on OCTAVE published by CERT is given to participants together with a student manual containing over 100 pages of information and practical examples • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants • ISO 27005 is a Guidance on information security risk management and it is not a certifiable standard for an organization

WHO SHOULD ATTEND? • Risk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff participating in the activities of risk assessment with the OCTAVE method LEARNING OBJECTIVES • To learn the stages of conducting a risk assessment with the OCTAVE method • To develop the necessary skills to participate in a risk assessment with the OCTAVE method • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to OCTAVE • To interpret the requirements of ISO 27001 on information security risk management

This is a PECB official training course

30


RISK ASSESSMENT WITH THE EBIOS METHOD DEVELOPING THE NECESSARY SKILLS TO PERFORM A RISK ASSESSMENT BASED ON THE EBIOS METHOD SUMMARY

DAY 3

DAY 2

DAY 1

In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using EBIOS method. The EBIOS method (Expression des Besoins et Identification des Objectifs de Sécurité) was developed by ANSSI in France. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 3 DAYS

Conduct of a risk assessment with EBIOS

PREREQUISITES • A basic knowledge of risk management is recommended

• • • •

Presentation of EBIOS Phase 1 - Context establishment Phase 2 – Feared security event analysis Phase 3 – Threat scenarios analysis

Completing a risk assessment with EBIOS • Phase 4 – Risk analysis • Phase 5 - Determination of security controls • Workshop with case studies

Workshop with case studies and EBIOS exam • Workshop with case studies • EBIOS exam

EXAM AND CERTIFICATION • The “EBIOS Advanced” exam fully meets the requirements of the PECB Examination Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and techniques of risk management according to EBIOS - Domain 2: Implementation of a risk management program - Domain 3: Information security risk assessment based on EBIOS • The “ISO 27005 Certified Risk Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about the exam, refer to PECB section on ISO 27005 Risk Manager Exam

CERTIFICATION • A certificate will be issued to participants who successfully pass the exam

GENERAL INFORMATION • A copy of the official documentation on EBIOS published by ANSSI is given to participants together with a student manual containing over 250 pages of information and practical examples • A participation certificate of 21 CPD (Continuing Professional Development) credits is awarded to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.

WHO SHOULD ATTEND? • Risk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff participating in the activities of risk assessment with the EBIOS method LEARNING OBJECTIVES • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to EBIOS method • To develop the necessary skills to conduct a risk assessment with the EBIOS method • To master the steps to conduct a risk assessment with the EBIOS method • To interpret the requirements of ISO 27001 on information security risk management • To acquire the competence to implement, maintain and manage an ongoing ISRM program

This is a PECB official training course


INTRODUCTION TO THE EBIOS METHOD DEVELOPING THE NECESSARY SKILLS TO PARTICIPATE IN A RISK ASSESSMENT BASED ON THE EBIOS METHOD SUMMARY This training allows learning the stages of conducting a risk assessment with the EBIOS method. The EBIOS method (Expression des Besoins et Identification des Objectifs de Sécurité: Expression of Needs and Identification of Security Objectives) was developed by ANSSI in France. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 1 DAY

Conduct a risk assessment with EBIOS

PREREQUISITES None

• • • • • •

Presentation of EBIOS Phase 1 - Context establishment Phase 2 – Feared security event analysis Phase 3 – Threat scenarios analysis Phase 4 – Risk analysis Phase 5 - Determination of security controls

WHO SHOULD ATTEND?

Not applicable

• Risk managers • Persons responsible for information security or conformity within an organization • Member of the information security team • IT consultants • Staff participating in the activities of risk assessment with the EBIOS method

GENERAL INFORMATION

LEARNING OBJECTIVES

EXAM AND CERTIFICATION

• The training material on EBIOS is only available in French and is based on ANSSI official training material • A copy of the official documentation on EBIOS published by ANSSI is given to participants together with a student manual containing over 100 pages of information and practical examples • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants

• To learn the stages of conducting a risk assessment with the EBIOS method • To develop the necessary skills to participate in a risk assessment with the EBIOS method • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to EBIOS • To interpret the requirements of ISO 27001 on information security risk management

This is a PECB official training course

32


RISK ASSESSMENT WITH THE MEHARI METHOD DEVELOPING THE NECESSARY SKILLS TO PERFORM A RISK ASSESSMENT BASED ON THE MEHARI METHOD SUMMARY

DAY 1

This training using MEHARI enables participants to master the basic risk management elements related to information security using the MEHARI method. The MEHARI (MEthode Harmonisée d'Analyse de Risques) method was developed by the “Club de la Sécurité des Systèmes d’Information Français” (CLUSIF). Based on practical exercises and case studies, participants acquire the necessary knowledge and skills needed to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 3 DAYS

Start of a risk assessment with MEHARI

PREREQUISITES • A basic knowledge of risk management is recommended

• • • • •

Standards, frameworks and methodologies in risk management Presentation of MEHARI Assessment and classification issues The value chain for failures Classification of resources

DAY 2

Assessment of vulnerabilities and risk, according MEHARI • • • •

Assessment of the vulnerabilities Qualities of a security service Measuring the quality of a security service Risk evaluation and assessment process

WHO SHOULD ATTEND? • Risk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff participating in the activities of risk assessment with the MEHARI method

DAY 3

LEARNING OBJECTIVES

Security planning according to MEHARI & Exam • Security plans and procedures • Tools to support the implementation of MEHARI • The “MEHARI advanced” exam (2 hours)

EXAM AND CERTIFICATION • The training " Risk assessment with MEHARI method” including exam is labeled by CLUSIF • Duration: 2 hours

CERTIFICATION • A certificate will be issued to participants who successfully complete the exam

GENERAL INFORMATION • An educational version of the software "Risicare” is given to the participants and a copy of the official MEHARI documentation published by the CLUSIF • The course material and exam are available only in French • A student manual containing over 300 pages of information and practical examples are given to participants • A participation certificate of 21 CPD (Continuing Professional Development) credits is awarded to participants

• To develop the necessary skills to conduct a risk assessment with the MEHARI method • To master the steps to conduct a risk assessment with the MEHARI method • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to MEHARI • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the other requirements This is a PECB official training course


INTRODUCTION TO THE MEHARI METHOD DEVELOPING THE NECESSARY SKILLS TO PARTICIPATE IN A RISK ASSESSMENT BASED ON THE MEHARI METHOD SUMMARY This training allows learning the stages of conducting a risk assessment with the MEHARI method. The MEHARI (MEthode Harmonisée d'Analyse de RIsques) method was developed by the “Club de la Sécurité des Systèmes d’Information Français” (CLUSIF). Based on practical exercises and case studies, the participant will be able to perform an optimal risk evaluation and manage risks in time by being familiar with their life cycle. This training fits perfectly in the framework of an ISO/IEC 27001:2005 standard implementation process.

COURSE AGENDA

DURATION: 1 DAY PREREQUISITES None

• • • • • •

Presentation of MEHARI Assessment and classification issues Diagnosis of security services Risk Assessment Definition of security plans Tools to support the implementation of MEHARI

EXAM AND CERTIFICATION Not applicable

GENERAL INFORMATION • An educational version of the software "Risicare” is given to the participants and a copy of the official MEHARI documentation published by the CLUSIF • A student manual containing over 100 pages of information and practical examples are given to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants

WHO SHOULD ATTEND? • Risk managers and IT consultants • Persons responsible for information security or conformity within an organization • Member of the information security team • Staff participating in the activities of risk assessment with the MEHARI method LEARNING OBJECTIVES • To develop the necessary skills to participate in a risk assessment with the MEHARI method • To learn the stages of conducting a risk assessment with the MEHARI method • To understand the relationship between the information security management system (including risk management), the security measures and the compliance with the requirements of different stakeholders of an organization

This is a PECB official training course

34


INTRODUCTION TO ISO 27005 LEARNING THE BEST PRACTICES IN RISK MANAGEMENT BASED ON ISO 27005

SUMMARY This one day course allows participants to familiarize themselves with the fundamentals of risk management related to information using the standard ISO 27005 as a reference framework. Participants will see different parts of a risk management program and the implementation stages of an optimal risk assessment. It should be noted that this course fits perfectly into the framework of a process of implementation of ISO 27001.

COURSE AGENDA • • • • • • •

Concepts and definitions related to risk management Standards, frameworks and methodologies in risk management Implement a risk management program Risk assessment (identification and estimation) Risk assessment and Risk treatment Acceptance of risk and management of residual risks Communicating, monitoring and controlling risk

EXAM AND CERTIFICATION Not applicable

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples are given to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants

DURATION: 1 DAYS PREREQUISITES None

WHO SHOULD ATTEND? • IT professionals wishing to obtain a comprehensive understanding of risk management within an organization • Staff implementing or seeking to comply with ISO 27001 or involved in a RM program • Member of the information security team LEARNING OBJECTIVES • To understand the basics of the implementation, management and maintenance of an ongoing risk management program • To introduce the concepts, approaches, standards, methods and techniques allowing an effective management of risk • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the other requirements This is a PECB official training course


INTRODUCTION TO RISK ASSESSMENT METHODOLOGIES LEARNING THE DIFFERENT METHODOLOGIES IN RISK MANAGEMENT

SUMMARY This one day course allows participants to learn about the different methods of risk estimation, most used on the market, as CRAMM, EBIOS, MEHARI, OCTAVE and Microsoft Security Risk Management Guide. The methods discussed are compatible with the principles of ISO 27005 and within the framework of an implementation process of ISO 27001. Participants will see different stages of conducting a risk assessment based on each of the methodologies presented.

COURSE AGENDA • • • • • • •

Concepts and definitions related to risk management according to ISO 27005 Standards, frameworks and methodologies in risk management Introduction to CRAMM Introduction to EBIOS Introduction to MEHARI Introduction to OCTAVE Introduction to Microsoft Security Risk Management

EXAM AND CERTIFICATION Not applicable

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples are given to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to participants

DURATION: 1 DAY PREREQUISITES None WHO SHOULD ATTEND? • IT professionals wishing to obtain a comprehensive understanding of risk management within an organization • Staff implementing or seeking to comply with ISO 27001 or involved in a risk management program • Member of the information security team LEARNING OBJECTIVES • To understand the concepts, approaches, methods and techniques allowing an effective management of risk according to ISO 27005 • To interpret the requirements of ISO 27001 on information security risk management • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization • To become familiar with the most used risk management methods on the market as CRAMM, EBIOS, MEHARI, OCTAVE and Microsoft Security Risk Management Guide This is a PECB official training course

36


TRAINING CATALOGUE

SERVICE MANAGEMENT TRAINING ISO/IEC 20000-1 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.


CERTIFIED ISO 20000 LEAD IMPLEMENTER MASTERING THE IMPLEMENTATION AND MANAGEMENT OF AN SERVICE MANAGEMENT SYSTEM (SMS) BASED ON ISO 20000 SUMMARY This five-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Service Management System as specified in ISO/IEC 20000-1. Also, the participant will gain a thorough understanding of in best practices for planning and implementing Service Management processes starting from the six fields of ISO 20000: planning and implementing new and changed services, service delivery process, relationship management processes, problem resolution process, control processes and release processes. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 20000-2 (Guidelines for the Implementation of an SMS) and ITIL.

COURSE AGENDA

DAY 1

Introduction to Service Management System (SMS) concepts as required by ISO 20000 Initiating an SMS • Presentation of the ISO 20000 family of standards and comparison with ITIL V2 and V3 • Fundamental principles of Service Management System • Preliminary analysis and establishment of the maturity level of an existing SMS • Writing a business case and a project plan for the implementation of an SMS

DAY 2

Planning an SMS based on ISO 20000 • • • •

Definition of the scope of an SMS Definition of an SMS policy and objectives Documentation of the processes and procedures and SLAs Budgeting and accounting for IT services

DAY 3

Implementing an SMS based on ISO 20000 • • • •

Change, configuration, release, capacity and availability management Service continuity and security management Incident and problem management Operations management of an SMS

DAY 4

Controlling, monitoring, measuring and improving an SMS certification audit of an SMS in accordance with ISO 20000 • • • • •

Controlling and monitoring an SMS Development of metrics, performance indicators and dashboards ISO 20000 internal Audit and Management review Implementation of a continual improvement program Preparing for an ISO 20000 certification audit

DAY 5

Certification Exam

38

DURATION: 5 DAYS PREREQUISITES • ISO 20000 Foundation Certification or basic knowledge of ISO 20000 and ITIL is recommended

WHO SHOULD ATTEND? • Project managers or consultants wanting to implement of an Service Management System (SMS) • ISO 20000 auditors who wish to fully understand the SMS implementation process • Persons responsible for the SMS conformity in an organization • Technical experts wanting to prepare for an SMS function

LEARNING OBJECTIVES • To understand the implementation of an Service Management System in accordance with ISO 20000 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques allowing an effective management of an Service Management System • To know the interrelationships between ISO/IEC 20000-1, ISO/ IEC 20000-2 and ITIL • To acquire expertise to support an organization in implementing, managing and maintaining an Service Management System (SMS) as specified in ISO/IEC 20000 • To acquire the necessary expertise to manage a team in implementing the ISO 20000 standard

This is a PECB official training course


EXAM • The “Certified ISO/IEC 20000 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of SMS - Domain 2: Information Technology Service Best Practice based on ISO 20000-2 - Domain 3: Planning an SMS based on ISO 20000 - Domain 4: Implementing an SMS based on ISO 20000 - Domain 5: Performance evaluation, monitoring and measurement of an SMS based on ISO 20000 - Domain 6: Continual improvement of an SMS based on ISO 20000 - Domain 7: Preparing for an ISO 20000-1 certification audit • The “Certified ISO/IEC 20000 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 20000 Lead Implementer Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 20000 Provisional Implementer, Certified ISO/IEC 20000 Implementer or Certified ISO/IEC 20000 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Professional experience

SMS Audit experience

SMS project experience

Other requirements

Credential

Exam

ISO 20000 Provisional Implementer

ISO 20000 Lead Implementer Exam

None

None

None

Signing the PECB code of ethics

ISO 20000 Implementer

ISO 20000 Lead Implementer Exam

Two years One years of ITSM work experience

None

Project activities totaling 200 hours

Signing the PECB code of ethics

ISO 20000 Lead Implementer

ISO 20000 Lead Implementer Exam

Five years Two years of ITSM work experience

None

Project activities totaling 300 hours

Signing the PECB code of ethics

• For more information about ISO 20000 certifications and PECB certification process, refer to PECB section on ISO 20000 Lead Implementer Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

39


CERTIFIED ISO 20000 LEAD AUDITOR MASTERING THE AUDIT OF AN SERVICE MANAGEMENT SYSTEM (SMS) BASED ON ISO 20000 SUMMARY This five day intensive course enables participants to develop the necessary expertise to audit an Service Management System (SMS) based on ISO 20000 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit

COURSE AGENDA

DAY 1

Introduction to Service Management System (SMS) concepts as required by ISO 20000 • • • •

Fundamental principles of Information Technology Service ISO 20000 certification process Service Management System (SMS) Detailed presentation of the clauses 4 to 9 of ISO 20000-1

DAY 2

Planning and Initiating an ISO 20000 audit • • • • •

Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 20000 certification audit SMS Documentation audit Conducting an opening meeting

DURATION: 5 DAYS PREREQUISITES • ISO 20000 Foundation Certification or basic knowledge of ISO 20000 and ITIL is recommended

WHO SHOULD ATTEND? • Internal auditors and expert advisors in IT service management • Auditors wanting to perform and lead Service Management System (SMS) certification audits • Project managers or consultants wanting to master the SMS audit process • Persons responsible for the Information Technology Service conformity in an organization • Technical experts wanting to prepare for an SMS audit function LEARNING OBJECTIVES

DAY 3

Conducting an ISO 20000 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities

DAY 4

Concluding and ensuring the follow-up of an ISO 20000 audit • • • •

Audit documentation Conducting a closing meeting and conclusion of an ISO 20000 audit Evaluation of corrective action plans ISO 20000 Surveillance and internal audit management program

DAY 5

Certification Exam

40

• To acquire the expertise to perform an ISO 20000 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO 20000 certification audit following ISO 19011 guidelines and ISO 17021 specifications • To acquire the necessary expertise to manage an SMS audit team • To understand the operation of an ISO 20000 conformant service management system • To know the interrelationships between ISO/IEC 20000-1,ISO/ IEC 20000-2 and ITIL This is a PECB official training course


EXAM • The “Certified ISO/IEC 20000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of IT Service Management - Domain 2: Service Management System (SMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 20000-1 audit - Domain 5: Conducting of an ISO 20000-1 audit - Domain 6: Closing an ISO 20000-1 audit - Domain 7: Managing an ISO 20000-1 audit program • The “Certified ISO/IEC 20000 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 20000 Lead Auditor Exam)

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 20000 Provisional Auditor, Certified ISO/IEC 20000 Auditor or Certified ISO/IEC 20000 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.

Professional experience

SMS Audit experience

SMS project experience

ISO 20000 Lead Auditor Exam

None

None

None

Signing the PECB code of ethics

ISO 20000 Auditor

ISO 20000 Lead Auditor Exam

Two years One years of ITSM work experience

Audit activities totaling 200 hours

None

Signing the PECB code of ethics

ISO 20000 Lead Auditor

ISO 20000 Lead Auditor Exam

Five years Two years of ITSM work experience

Audit activities totaling 300 hours

None

Signing the PECB code of ethics

Credential

Exam

ISO 20000 Provisional Auditor

Other requirements

• For more information about ISO 20000 certifications and PECB certification process, refer to PECB section on ISO 20000 Lead Auditor Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

41


CERTIFIED ISO 20000 FOUNDATION BECOME ACQUAINTED WITH THE BEST PRACTICES FOR IMPLEMENTING AND MANAGING AN SERVICE MANAGEMENT SYSTEM (SMS) BASED ON ISO 20000 SUMMARY

DAY 1

This course enables participants to learn about the best practices for implementing and managing an Service Management System as specified in ISO/IEC 20000-1, as well as the best practices for implementing the Service Management processes starting from the ISO 20000: planning and implementing new and changed services, service delivery process, relationship management process, problem resolution process, control processes and release processes.

COURSE AGENDA

DURATION: 2 DAYS

Introduction to Service Management System (SMS) concepts as required by ISO 20000

PREREQUISITES

• • • • • • •

Introduction to the ISO 20000 family of standards Introduction to management systems and the process approach Fundamental principles in Service Management General requirements presentation of ISO/IEC 20000-1 clauses Implementation phases of the ISO/IEC 20000 framework Continual improvement of IT management Conducting an ISO/IEC 20000-1 certification audit

DAY 2

Implementing the Service Management processes based on ISO 20000 and Certification Exam • • • • • •

Planning and implementing change management Supplier management Relationship management Problem management Release management Certified ISO/IEC 20000 Foundation exam

EXAM • The “Certified ISO/IEC 20000 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of Information Technology Service - Domain 2: Service Management System (SMS) • The “Certified ISO/IEC 20000 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on ISO 20000 Foundation Exam)

42

None

WHO SHOULD ATTEND? • Members of an Information Technology Service team • IT Professionals wanting to gain a comprehensive knowledge of the main processes of an SMS • Staff involved in the implementation of the ISO 20000 standard • Auditors LEARNING OBJECTIVES • To understand the implementation of an SMS in accordance with ISO 20000 • To understand the relationship between the SMS, including the management processes and compliance with the other requirements • To know the interrelationships between ISO/IEC 20000-1, ISO/ IEC 20000-2 and ITIL • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage an SMS

This is a PECB official training course


CERTIFICATION • A certificate of Certified ISO/IEC 20000 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential

Credential

Exam

ISO 20000 Foundation

ISO 20000 Foundation exam

Professional experience

SMS Audit experience

SMS project experience

None

None

None

Other requirements Signing the PECB code of ethics

• For more information about ISO 20000 certifications and PECB certification process, refer to PECB section on ISO 20000 Foundation Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development )will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

43


INTRODUCTION TO ISO 20000 INTRODUCTION TO THE IMPLEMENTATION OF AN SERVICE MANAGEMENT SYSTEM (SMS) BASED ON ISO 20000 SUMMARY This one-day training enables participants to be familiar with the basic concepts of implementation and management of an Service Management System (SMS) as specified in ISO/IEC 20000-1. The participant will learn the different components of an SMS, including the SMS policy, measuring performance, management’s commitment, internal audit, management review and continual improvement.

COURSE AGENDA

DURATION: 1 DAY

• • • • • •

PREREQUISITES

Introduction to the ISO 20000 family of standards Introduction to management systems and the process approach Presentation of main processes of an SMS Implementation phases of the ISO 20000 framework Continuous improvement of IT management Conducting an ISO 20000 certification audit

EXAM None

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development)will be issued to participants

None

WHO SHOULD ATTEND? • IT Professionals wanting to gain a comprehensive knowledge of the main processes of an SMS • Staff involved in the implementation of the ISO 20000 standard • Expert advisors in IT and auditors • Managers responsible for implementing an SMS LEARNING OBJECTIVES • To understand the fundamentals of IT management • To know the interrelationships between ISO/IEC 20000-1 and ISO/IEC 20000-2 • To introduce the concepts, approaches, standards, methods and techniques allowing an effective management of an SMS in accordance with ISO 20000 • To understand the stages of the ISO 20000 certification process

This is a PECB official training course

44


TRAINING CATALOGUE

BUSINESS CONTINUITY TRAINING BUSINESS CONTINUITY TRAINING The emerging ISO standard, ISO 22301, "Societal security -- Preparedness and Continuity Management 6\VWHPV  5HTXLUHPHQWV VSHFLĺHV UHTXLUHPHQWV IRU VHWWLQJXSDQGPDQDJLQJDQHIIHFWLYH%XVLQHVV&RQWLQXLW\ 0DQDJHPHQW6\VWHP %&06  ISO/DIS 22301 adopts the same ‘Plan-Do-Check-Act’ F\FOH DV %6 DQG PDQ\ RWKHU 0DQDJHPHQW 6\VWHPV +RZHYHULWDOVRGUDZVRQDQXPEHURIRWKHU QDWLRQDOVWDQGDUGVDQGVRPHRIWKHWHUPLQRORJ\XVHGLV GLIIHUHQWWRWKH%ULWLVK6WDQGDUG

,62,(&  SURYLGHV JXLGHOLQHV RQ WKH SURYLVLRQ RI LQIRUPDWLRQ DQG FRPPXQLFDWLRQV WHFKQRORJ\ GLVDVWHU UHFRYHU\ ,&7 '5  VHUYLFHV DV SDUW RI EXVLQHVV FRQWLQXLW\ PDQDJHPHQW DSSOLFDEOHWRERWKqLQKRXVHrDQGqRXWVRXUFHGr ,&7 '5 VHUYLFH SURYLGHUV RI SK\VLFDO IDFLOLWLHV DQGVHUYLFHV


CERTIFIED ISO 22301 LEAD IMPLEMENTER MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A BUSINESS CONTINUITY MANAGEMENT SYSTEM (BCMS) BASED ON ISO 22301 SUMMARY This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Business Continuity Management System (BCMS) based on ISO 22301:2010. Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with BS 25999 (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).

COURSE AGENDA

DAY 1

Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301; Initiating a BCMS • Introduction to management systems and the process approach • Presentation of the standards ISO 22301, ISO/PAS 22399, ISO 27031, BS 25999 and regulatory framework • Fundamental principles of Business continuity • Preliminary analysis and determining the level of maturity of the existing BCMS based upon ISO 21827 • Writing a business case and a project plan for the implementation of a BCMS

DAY 2

Planning a BCMS based on ISO 22301 • Definition of the scope of a BCMS • Development of a BCMS and business continuity policies • Business impact analysis (BIA) and risk assessment

DAY 3

Implementing a BCMS based on ISO 22301 • • • • •

Implementation of a document management framework Design and implementation of business continuity processes and writing procedures Development of a training & awareness program and communicating about the BCMS Incident management and emergency management Operations management of a BCMS

DAY 4

Controlling , monitoring and measuring e a BCMS and the certification audit of a BCMS in accordance with ISO 22301 • • • • •

Monitoring BCMS processes Development of metrics, performance indicators and dashboards Internal Audit and management review of a BCMS Implementation of a continual improvement program Preparing for an ISO 22301 certification audit

DAY 5

Certification Exam

46

DURATION: 5 DAYS PREREQUISITES • ISO 22301 Foundation Certification or basic knowledge of ISO 27031 or BS 25999 and business continuity concepts is recommended

WHO SHOULD ATTEND? • Project managers or consultants wanting to prepare and to support an organization in the implementation of a Business Continuity Management System (BCMS) • Business continuity auditors who wish to fully understand the implementation of a Business Continuity Management System • Persons responsible for the business continuity or conformity in an organization • Members of an business continuity team • Expert advisors in business continuity • Member of an organization that want to prepare for an business continuity function or for a BCMS project management function

LEARNING OBJECTIVES • To understand the implementation of a BCMS in accordance with ISO 22301, ISO 27031 or BS 25999 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a BCMS • To understand the relationship between the components of a BCMS and the compliance with the other requirements • To acquire the necessary expertise to support an organization in implementing, managing and maintaining a BCMS as specified in ISO22301 or BS 25999 • To acquire the necessary expertise to manage a team implementing ISO22301 or BS 25999

This is a PECB official training course


EXAM • The “Certified ISO 22301 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of business continuity - Domain 2: Business continuity Control Best Practice - Domain 3: Planning a BCMS based on ISO 22301 - Domain 4: Implementing a BCMS based on ISO 22301 - Domain 5: Performance evaluation, monitoring and measurement of a BCMS based on ISO 22301 - Domain 6: Continual improvement of a BCMS based on ISO 22301 - Domain 7: Preparing for a BCMS certification audit • The “Certified ISO 22301 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 22301 Lead Implementer Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 22301 Provisional Implementer, Certified ISO 22301 Implementer or Certified ISO 22301 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Credential

Exam

ISO 22301 Provisional Implementer

ISO 22301 Lead Implementer Exam

Professional experience

BCMS Audit experience

BCMS project experience

None

None

None

Signing the PECB code of ethics

Other requirements

ISO 22301 Implementer

ISO 22301 Lead Implementer Exam

Two years One years of Business Continuity work experience

None

Project activities totaling 200 hours

Signing the PECB code of ethics

ISO 22301 Lead Implementer

ISO 22301 Lead Implementer Exam

Five years Two years of Business Continuity work experience

None

Project activities totaling 300 hours

Signing the PECB code of ethics

• For more information about ISO 22301 certifications and PECB certification process, refer to PECB section on ISO 22301 Lead Implementer Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

47


CERTIFIED ISO 22301 LEAD AUDITOR MASTERING THE AUDIT OF A BUSINESS CONTINUITY MANAGEMENT SYSTEM (BCMS) BASED ON ISO 22301 SUMMARY This five-day intensive course enables participants to develop the needed expertise to audit a Business Continuity Management System (BCMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit. This training is compatible with BS 25999 audit (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).

COURSE AGENDA

DAY 1

Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301 • Presentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS 25999 and regulatory framework • Fundamental principles of business continuity • ISO 22301 certification process • Business Continuity Management System (BCMS) • Detailed presentation of the clauses 4 to 8 of ISO22301

DAY 2

Planning and Initiating an ISO 22301 audit • • • • •

Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 22301 certification audit BCMS documentation audit Conducting an opening meeting

DAY 3

Conducting an ISO 22301 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting of nonconformities

DAY 5

DAY 4

Concluding and ensuring the follow-up of an ISO 22301 audit • • • • •

Audit documentation Conducting a closing meeting and conclusion of an ISO 22301 audit Evaluation of corrective action plans ISO 22301 surveillance audit ISO 22301 internal Audit management program and second party audits

Certification Exam 48

DURATION: 5 DAYS PREREQUISITES • ISO 22301 Foundation Certification or basic knowledge of BS 25999 or ISO 27031 and business continuity concepts is recommended

WHO SHOULD ATTEND? • Internal auditors and auditors wanting to perform and lead BCMS certification audits • Project managers or consultants wanting to master the BCMS audit process • Persons responsible for the Business continuity or conformity in an organization • Members of an business continuity team • Expert advisors in information technology • Technical experts wanting to prepare for an Business continuity audit function

LEARNING OBJECTIVES • To acquire the expertise to perform an ISO 22301 or BS 25999 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO 22301 or BS 25999 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 • To acquire the expertise necessary to manage a BCMS audit team • To understand the operation of the BCMS in accordance with ISO22301, ISO 27031 or BS 25999 • To understand the relationship between a Business Continuity Management System, including risk management, controls and compliance with the other requirements

This is a PECB official training course


EXAM • The “Certified ISO 22301 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of business continuity - Domain 2: Business Continuity Management System (BCMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 22301 audit - Domain 5: Conducting of an ISO 22301 audit - Domain 6: Closing an ISO 22301 audit - Domain 7: Managing an ISO 22301 audit program • The “Certified ISO 22301 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 22301 Lead Auditor Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 22301 Provisional Auditor, Certified ISO 22301 Auditor or Certified ISO 22301 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors. • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.

Credential

Exam

ISO 22301 Provisional Auditor

ISO 22301 Lead Auditor Exam

Professional experience

BCMS Audit experience

BCMS project experience

None

None

None

Signing the PECB code of ethics

Other requirements

ISO 22301 Auditor

ISO 22301 Lead Auditor Exam

Two years Audit activities One year of totaling Business Continuity 200 hours work experience

None

Signing the PECB code of ethics

ISO 22301 Lead Auditor

ISO 22301 Lead Auditor Exam

Five years Audit activities Two years of totaling Business Continuity 300 hours work experience

None

Signing the PECB code of ethics

• For more information about ISO 22301 certifications and PECB certification process, refer to PECB section on ISO 22301 Lead Auditor Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

49


CERTIFIED ISO 22301 FOUNDATION BECOME ACQUAINTED WITH THE BEST PRACTICES FOR IMPLEMENTING AND MANAGING A BUSINESS CONTINUITY MANAGEMENT SYSTEM (BCMS) BASED ON ISO 22301 SUMMARY

DAY 2

DAY 1

This course enables the participants to learn about the best practices for implementing and managing a Business Continuity Management System (BCMS) as specified in ISO 22301:2010, as well as the best practices for implementing the business continuity processes based on the ISO/PAS 22399. This training is fully compatible with BS 25999 (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).

COURSE AGENDA

DURATION: 2 DAYS

Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301

PREREQUISITES None

• Presentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS 25999 and regulatory framework • Introduction to management systems and the process approach • Fundamental principles in business continuity • General requirements: presentation of the clauses 4 to 8 of ISO 22301

Implementing controls in business continuity according to ISO 22301and Certification Exam • • • • •

Business impact analysis (BIA) and risk management Implementation phases of the ISO 22301 framework Continual improvement of business continuity Conducting an ISO 22301 certification audit ISO 22301 Foundation Exam

EXAM • The “Certified ISO 22301 Foundation” exam fully meets the requirements of the PECB Examination Certification Programme (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of business continuity - Domain 2: Business Continuity Management System (BCMS) • The “Certified ISO 22301 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on ISO 22301 Foundation Exam

WHO SHOULD ATTEND? • Members of an business continuity team • IT Professionals wanting to gain a comprehensive knowledge of the main processes of a BCMS • Staff involved in the implementation of the ISO 22301 standard • Auditors and technicians involved in operations related to a BCMS LEARNING OBJECTIVES • To Understand the implementation of a BCMS in accordance with ISO 22301, ISO 27031 or BS 25999 • To Understand the relationship between a BCMS, including risk management, controls and compliance with the requirements of different stakeholders of the organization • To Know the concepts, approaches, standards, methods and techniques allowing to effectively manage a BCMS This is a PECB official training course

50


CERTIFICATION • A certificate of Certified ISO 22301 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential

Credential

Exam

ISO 22301 Foundation

ISO 22301 Foundation exam

Professional experience

BCMS Audit experience

BCMS project experience

None

None

None

Other requirements Signing the PECB code of ethics

• For more information about ISO 22301 certifications and PECB certification process, refer to PECB section on ISO 22301 Lead Auditor Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development)will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

51


INTRODUCTION TO ISO 22301 INTRODUCTION TO THE IMPLEMENTATION OF A BUSINESS CONTINUITY MANAGEMENT SYSTEM (BCMS) BASED ON ISO 22301 SUMMARY This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of a Business Continuity Management System (BCMS) as specified in ISO 22301:2010, as well as the best practices for implementing the business continuity processes based on the ISO/PAS 22399. The participant will learn the different components of a BCMS, including the BCMS policy, risk management, measuring performance, management’s commitment, internal audit, management review and continual improvement. This training is fully compatible with BS 25999 (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).

COURSE AGENDA • Presentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS 25999 and regulatory framework • Introduction to management systems and the process approach • General requirements: presentation of the clauses 4 to 8 of ISO 22301 • Implementation phases of the ISO 22301 framework • Business impact analysis (BIA) and risk management • Continual improvement of business continuity • ISO 22301 certification audit

EXAM None

DURATION: 1 DAY PREREQUISITES None

WHO SHOULD ATTEND? • IT Professionals wanting to gain a comprehensive knowledge of the main processes of a BCMS • Staff involved in the implementation of the ISO 22301 standard • IT Expert advisors • Auditors and managers responsible for implementing a BCMS LEARNING OBJECTIVES

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) will be issued to participants

• To understand the fundamentals of business continuity • To know the interrelationships between ISO 22301, ISO 27031 and the other business continuity standards as BS 25999 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage a BCMS • To understand the stages of the ISO22301 or BS 25999 certification process This is a PECB official training course

52


CERTIFIED ISO/IEC 24762 DISASTER RECOVERY MANAGER MASTERING DISASTER RECOVERY BASED ON ISO/IEC 24762

SUMMARY

DAY 1

In this two-day intensive course participants develop the competence to master the basic disaster recovery principles and techniques using the ISO/IEC 24762 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform disaster recoveries, including selection of recovery sites, outsources services and continuous improvement.

COURSE AGENDA

DURATION: 2 DAYS

Disaster recovery main elements and disaster recovery facilities according to ISO/IEC 24762

PREREQUISITES None

• • • • • • •

Asset management and site-related issues Vendor management and outsourcing arrangements Activation and deactivation of DRP Training, education and testing Physical access controls and security Environmental controls Telecommunications, power supply, cable management and fire protection

DAY 2

Outsourcing, recovery sites and continuous improvements according to ISO/IEC 24762 • • • • • •

Types and proximity of services Activation of subscribed services Organization testing and emergency response plan Infrastructure, manpower and support Performance measurement Risk mitigation

EXAM • The “Certified ISO/IEC 24762 Disaster Recovery Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental concepts, approaches, methods and frameworks of disaster recovery - Domain 2: Preparation and implementation of a disaster recovery program - Domain 3: Testing, measurement and improvement of a disaster recovery program • The “Certified ISO/IEC 24762 Disaster Recovery Manager” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 2 hours • For more information about the exam, refer to PECB section on ISO/IEC 24762 Disaster Recovery Manager Exam

WHO SHOULD ATTEND? • Project managers or consultants wanting to prepare and to support an organization in the implementation of disaster recovery mechanisms. • Disaster recovery auditors who wish to fully understand the implementation of a disaster recovery plan • Persons responsible for the disaster recovery or conformity in an organization • Members of a disaster recovery team • Expert advisors in disaster recovery LEARNING OBJECTIVES • To understand the concepts, approaches, methods and techniques for effective disaster recovery management according to ISO/IEC 24762 • To understand issues related to sites, facilities and location in disaster recovery • To understand the importance of outsourcing in disaster recovery • To understand how to measure and improve disaster recovery mechanisms This is a PECB official training course


"I never performed an audit before going to this class. On the first day, the trainer said that at the end of the course, we'd be able to perform and lead audits, from audit planning to audit conclusion and follow-up on audit findings. He wasn't lying! The course and exercises clearly addressed all stages of an audit in a methodical way, and I was able to join an audit team the following weeks." Ben D. Consultant and Auditor, Large International Consulting Firm


TRAINING CATALOGUE

QUALITY MANAGEMENT TRAINING ISO 9001 specifies requirements for a quality management system where an organization • needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and • aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements. All requirements of ISO 9001:2008 are generic and are intended to be applicable to all organizations, regardless of type, size and product provided.


CERTIFIED ISO 9001 LEAD IMPLEMENTER MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A QUALITY MANAGEMENT SYSTEM (QMS) BASED ON ISO 9001 SUMMARY This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Quality Management System (QMS) based on ISO 9001:2008. Participants will also gain a thorough understanding of best practices used to implement quality processes based on requirements from ISO 9001. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 9004 guidance’s (Managing for the sustained success of an organization -- A quality management approach).

COURSE AGENDA

DAY 1

Introduction to Quality Management System (QMS) concepts as required by ISO 9001 • • • •

Introduction to management systems and the process approach Fundamental principles of Quality Presentation of the ISO 9000 family standard Understanding the requirements of ISO 9001:2008 clause-by-clause, - Quality Management System - Management responsibility - Resource management - Product/Service realization - Measurement, analysis and improvement

DAY 2

Initiating a QMS project based on ISO 9001 • • • • •

Selection of the approach and implementation methodology Identification and analysis of customer needs and requirements Writing a business case and a project plan for the implementation of a QMS Implementation of a document management framework Drafting a QMS (quality manual, procedures, records)

DAY 3

Implementing a QMS based on ISO 9001 • Development of a training & awareness program and communicating about the Quality • Resource management processes (human resources, infrastructure and work environment) • Product realization processes • Purchasing process • Operations management of a QMS

DAY 4

Controlling, monitoring and measuring a QMS and the certification audit of a QMS in accordance with ISO 9001 • • • • • •

Controlling and monitoring a QMS Measurement of customer satisfaction ISO 9001 internal Audit Management review of a QMS Implementation of a continual improvement program Preparing for a ISO 9001 certification audit

DAY 5

Certification Exam 56

DURATION: 5 DAYS PREREQUISITES • ISO 9001 Foundation Certification or a basic knowledge of ISO 9001 is recommended

WHO SHOULD ATTEND? • Project managers or consultants wanting to prepare and to support an organization in the implementation of a Quality Management System (QMS) • Quality executives • ISO 9001 auditors who wish to fully understand the Quality Management System implementation process • Persons responsible for the Quality or conformity in an organization • Members of an quality team • Expert advisors in Quality Management Systems • Technical experts wanting to prepare for an quality function or for a QMS project management function

LEARNING OBJECTIVES • To understand the implementation of a Quality Management System in accordance with ISO 9001 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Quality Management System • To understand the relationship between the components of a Quality Management System and the compliance with the requirements of different stakeholders of an organization • To acquire necessary expertise to support an organization in implementing, managing and maintaining a QMS as specified in ISO9001 and ISO 9004 • To acquire necessary expertise to manage a team implementing ISO 9001 • To develop knowledge and skills required to advise organizations on best practices in the management of quality • To improve the capacity for analysis and decision making in the context of quality management • To prepare an organization for an ISO9001 audit

This is a PECB official training course


EXAM • The “Certified ISO 9001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of Quality - Domain 2: Quality Management System Best Practice based on ISO 9001 - Domain 3: Planning a QMS based on ISO 9001 - Domain 4: Implementing a QMS based on ISO 9001 - Domain 5: Performance evaluation, monitoring and measurement of a QMS based on ISO 9001 - Domain 6: Continual improvement of a QMS based on ISO 9001 - Domain 7: Preparing for a QMS certification audit • The “Certified ISO 9001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 9001 Lead Implementer Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 9001 Provisional Implementer, Certified ISO 9001 Implementer or Certified ISO 9001 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Credential

Exam

ISO 9001 Provisional Implementer

ISO 9001 Lead Implementer Exam

ISO 9001 I mplementer

ISO 9001 Lead Implementer Exam

ISO 9001 Lead Implementer

ISO 9001 Lead Implementer Exam

Professional experience

QMS Audit experience

QMS project experience

None

None

None

Signing the PECB code of ethics

Two years One years of quality management work experience

None

Project activities totaling 200 hours

Signing the PECB code of ethics

Five years Two years of quality management work experience

None

Project activities totaling 300 hours

Signing the PECB code of ethics

Other requirements

• For more information about ISO 9001 certifications and PECB certification process, refer to PECB section on ISO 9001 Lead Implementer Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

57


CERTIFIED ISO 9001 LEAD AUDITOR MASTERING THE AUDIT OF A QUALITY MANAGEMENT SYSTEM (QMS) BASED ON ISO 9001 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the needed expertise to audit a Quality Management System (QMS) based on ISO 9001 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.the. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Quality Management System (QMS) concepts as required by ISO 9001

PREREQUISITES

• • • • •

Normative, regulatory and legal framework related to Quality Fundamental principles of Quality ISO 9001 certification process Quality Management System (QMS) Detailed presentation of the clauses 4 to 8 of ISO 9001

DAY 2

Planning and Initiating an ISO 9001 audit • • • • •

Fundamental audit concepts and principles Audit approach based on evidence Preparation of an ISO 9001 certification audit QMS documentation audit Conducting an opening meeting

DAY 3

Conducting an ISO 9001 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities

DAY 4

Concluding and ensuring the follow-up of an ISO 9001 audit • • • •

Audit documentation Conducting a closing meeting and conclusion of an ISO 9001 audit Evaluation of corrective action plans ISO 9001 Surveillance audit and Internal Audit management program

DAY 5

Certification Exam

58

ISO 9001 Foundation Certification or basic knowledge of ISO 9001 is recommended

WHO SHOULD ATTEND? • Internal auditors • Auditors wanting to perform and lead Quality Management System (QMS) certification audits • Project managers or consultants wanting to master the QMS audit process • Persons responsible for the Quality or conformity in an organization • Expert advisors in Quality Management Systems • Technical experts wanting to prepare for a Quality audit function

LEARNING OBJECTIVES • To acquire expertise to perform an ISO9001 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO9001 certification audit following ISO 19011 guidelines and ISO 17021 specifications • To acquire the expertise necessary to manage a QMS audit team • To understand the relationship between a QMS and compliance with the requirements of different stakeholders of the organization • To improve the ability to analyze the internal and external environment of an organization, and audit decision-making in the context of a QMS

This is a PECB official training course


EXAM • The “Certified ISO 9001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of Quality - Domain 2: Quality Management System (QMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 9001 audit - Domain 5: Conducting of an ISO 9001 audit - Domain 6: Closing an ISO 9001 audit - Domain 7: Managing an ISO 9001 audit program • The “Certified ISO 9001 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 9001 Lead Auditor Exams

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 9001 Provisional Auditor, Certified ISO 9001 Auditor or Certified ISO 9001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.

Credential

Exam

ISO 9001 Provisional Auditor

ISO 9001 Lead Auditor Exam

ISO 9001 I Auditor

ISO 9001 Lead Auditor Exam

ISO 9001 Lead Auditor

ISO 9001 Lead Auditor Exam

Professional experience

QMS Audit experience

QMS project experience

None

None

None

Signing the PECB code of ethics

Two years Audit activities One year of totaling quality management 200 hours work experience

None

Signing the PECB code of ethics

Five years Audit activities Two years of totaling quality management 300 hours work experience

None

Signing the PECB code of ethics

Other requirements

• For more information about ISO 9001 certifications and PECB certification process, refer to PECB section on ISO 9001 Lead Auditor Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

59


CERTIFIED ISO 9001 FOUNDATION BECOME ACQUAINTED WITH THE BEST PRACTICES FOR IMPLEMENTING AND MANAGING A QUALITY MANAGEMENT SYSTEM (QMS) BASED ON ISO 9001 SUMMARY

DAY 2

DAY 1

This course enables the participants to learn about the best practices for implementing and managing a Quality Management System (QMS) as specified in ISO 9001:2008, as well as ISO 9004:2009 (Managing for the sustained success of an organization -- A quality management approach). The participant will learn the different components of a QMS, including the QMS quality manual, required procedures, records, measuring performance, management’s commitment, internal audit, management review and continual improvement.

COURSE AGENDA

DURATION: 2 DAYS

Introduction to Quality Management System (QMS) concepts as required by ISO 9001

PREREQUISITES

• • • •

Introduction to the ISO 9000 family of standards Introduction to management systems and the process approach Fundamental principles of Quality Management General requirements: presentation of the clauses 4 to 8 of ISO 9001

WHO SHOULD ATTEND?

Implementing requirements from ISO 9001:2008 and Certification Exam • • • •

Implementation phases of the ISO 9001 framework Continual improvement of Quality Conducting an ISO 9001 certification audit Certification Exam

• A certificate of Certified ISO 9001 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential Exam

ISO 9001 Foundation

ISO 9001 Foundation exam

• Members of an Quality team • Professionals wanting to gain a comprehensive knowledge of the main processes of a Quality Management System (QMS) • Staff involved in the implementation or operations related to ISO 9001 • Auditors LEARNING OBJECTIVES

CERTIFICATION

Credential

None

Professional experience

QMS Audit experience

QMS project experience

None

None

None

Other requirements Signing the PECB code of ethics

• For more information about ISO 9001 certifications and PECB certification process, refer to PECB section on ISO 9001 Foundation Certification

GENERAL INFORMATION • Certification fees are included in the exam price • A student manual containing over 200 pages of information and practical examples will be distributed to participants • A participation certificate of 14 CPD (Continuing Professional Development) will be issued to participants • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

• To understand the implementation of a QMS in accordance with ISO9001 • To understand the relationship between a QMS and compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage a QMS • To acquire the necessary knowledge to contribute in implementing a QMS as specified in ISO9001 This is a PECB official training course


INTRODUCTION TO ISO 9001 INTRODUCTION TO THE IMPLEMENTATION OF A QUALITY MANAGEMENT SYSTEM (QMS) BASED ON ISO 9001 SUMMARY This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of a Quality Management System (QMS) as specified in ISO 9001:2008. The participant will learn the different components of a QMS, including the QMS quality manual, required procedures, records, measuring performance, management’s commitment, internal audit, management review and continual improvement.

COURSE AGENDA

DURATION: 1 DAY PREREQUISITES

• • • • • •

Introduction to the ISO 9000 family of standards Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 8 of ISO 9001 Implementation phases of the ISO 9001 framework Continual improvement of Quality Conducting an ISO 9001 certification audit

EXAM AND CERTIFICATION None

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples will be distributed to participants • Participation certificate of 7 CPD (Continuing Professional Development) will be issued to participants

None

WHO SHOULD ATTEND? • Professionals wanting to gain a comprehensive knowledge of the main processes of a Quality Management System (QMS) • Staff involved in the implementation of the ISO 9001 standard • Managers responsible for implementing a QMS • Auditors LEARNING OBJECTIVES • To understand the fundamentals of Quality Management • To know the interrelationships between ISO9001 and the other Quality standards • To know the key components of a Quality Management System (QMS) in accordance with ISO 9001 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage a QMS • To understand the stages of the ISO 9001 certification process

This is a PECB official training course


"The trainer had several years of practical experience and you could tell. He brilliantly mastered the course material and illustrated the course theory with real-life examples that made complex concepts it so clear. One of the greatest speaker I've met." Clara S. Quality Manager, Fortune 1000 company


TRAINING CATALOGUE

ENVIRONMENTAL MANAGEMENT TRAINING ISO 14001 specifies requirements for an environmental management system to enable an organization to develop and implement a policy and objectives which take into account legal requirements and other requirements to which the organization subscribes, and information about significant environmental aspects. It applies to those environmental aspects that the organization identifies as those which it can control and those which it can influence. It does not itself state specific environmental performance criteria.


CERTIFIED ISO 14001 LEAD IMPLEMENTER MASTERING THE IMPLEMENTATION AND MANAGEMENT OF AN ENVIRONMENTAL MANAGEMENT SYSTEM (EMS) BASED ON ISO 14001 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing an Environmental Management System (EMS) based on ISO 14001:2004. Participants will also gain a thorough understanding of best practices used to implement requirements of Environmental Management System of ISO 14001. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 14004 (Environmental management systems -- General guidelines on principles, systems and support techniques) and ISO 10012 (Measurement management systems -- Requirements for measurement processes and measuring equipment)

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Environmental Management System (EMS) concepts as required by ISO 14001

PREREQUISITES • ISO 14001 Foundation

• • • • •

Introduction to management systems and the process approach Presentation of ISO 14001:2004 structure and requirements ISO 14001:2004 Application / Fundamental principles Identification and evaluation of environmental aspects/impacts and their significance Writing a business case and a project plan for the implementation of an EMS

DAY 2

Initiating an EMS based on ISO 14001 • • • •

Selection of the approach and implementation methodology Definition of environment policy and objectives Identification and analysis of customer needs and requirements Writing a business case and a project plan for the implementation of a EMS

Certification or a basic knowledge of ISO 14001 is recommended

WHO SHOULD ATTEND? • Project managers or consultants wanting to prepare and to support an organization in the implementation of an EMS • ISO 14001 auditors who wish to fully understand the EMS implementation process • Persons responsible for the Environmental conformity in an organization • Environmental expert advisors • Technical experts wanting to prepare for an environmental function or for an EMS project management function

LEARNING OBJECTIVES

DAY 3

Implementing an EMS based on ISO 14001 • • • • •

Implementation of a document management framework Development of a training & awareness program and communicating about Environment Resource management processes (HR, infrastructure and work environment) Product / Service realization processes /Purchasing process Operational management of an EMS

DAY 4

Controlling, monitoring, measuring and improving an EMS and the certification audit of an EMS in accordance with ISO 14001 • Controlling and monitoring an EMS • Development of metrics, performance indicators and dashboards in accordance with IS 14001 • ISO 14001 Internal Audit and management review • Implementation of a continual improvement program • Preparing for an ISO 14001 certification audit

DAY 5

Certification Exam

64

• To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective implementation and management of an EMS based on ISO 14001 • To understand the relationship between the components of an EMS and compliance with the other requirements • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an EMS as specified in ISO14001 • To acquire the necessary expertise to manage a team implementing ISO14001

This is a PECB official training course


EXAM • The “Certified ISO 14001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of Environmental Management System - Domain 2: Environmental Control Best Practices based on ISO 14004 - Domain 3: Planning an EMS based on ISO 14001 - Domain 4: Implementing an EMS based on ISO 14001 - Domain 5: Performance evaluation, monitoring and measurement of an EMS based on ISO 14001 - Domain 6: Continual improvement of an EMS based on ISO 14001 - Domain 7: Preparing for an EMS certification audit • The “Certified ISO 14001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 14001 Lead Implementer Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 14001 Certified Provisional Implementer, Certified ISO 14001 Implementer or Certified ISO 14001 Lead Implementer depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Credential

Exam

ISO 14001 Provisional Implementer

ISO 14001 Lead Implementer Exam

ISO 14001 Implementer

ISO 14001 Lead Implementer Exam

ISO 14001 Lead Implementer

ISO 14001 Lead Implementer Exam

Professional experience

EMS Audit experience

EMS project experience

None

None

None

Signing the PECB code of ethics

None

Project activities totaling 200 hours

Signing the PECB code of ethics

None

Project activities totaling 300 hours

Signing the PECB code of ethics

Two years One years of Environmental management work experience

Five years Two years of Environmental management work experience

Other requirements

• For more information about ISO 14001 certifications and PECB certification process, refer to PECB section on ISO 14001 Lead Implementer Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation of 31 CPD (Continuing Professional Development) certificate will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

65


CERTIFIED ISO 14001 LEAD AUDITOR MASTERING THE AUDIT OF AN ENVIRONMENTAL MANAGEMENT SYSTEM (EMS) BASED ON ISO 14001 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the necessary expertise to audit an Environmental Management System (EMS) based on ISO 14001 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Environmental Management System (EMS) concepts as required by ISO 14001

PREREQUISITES • ISO 14001 Foundation Certification or basic knowledge of ISO 14001 is recommended

• • • • •

Normative, regulatory and legal framework related to EMS Fundamental principles of Environmental Management System ISO 14001 certification process Environmental Management System (EMS) Detailed presentation of the clauses 4 to 4.6 of the 14001

DAY 2

Planning and Initiating an ISO 14001 audit • • • •

Fundamental audit concepts and principles Audit approach based on evidence Preparation of an ISO 14001 certification audit An EMS Documentation audit

WHO SHOULD ATTEND? • Internal auditors and members of an Environmental team • Auditors wanting to perform and lead EMS certification audits • Project managers or consultants wanting to master the EMS audit process • Persons responsible for the Environmental conformity in an organization • Experts wanting to prepare for an Environmental audit function LEARNING OBJECTIVES

DAY 3

Conducting an ISO 14001 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities

DAY 4

Concluding and ensuring the follow-up of an ISO 14001 audit • • • •

Audit documentation Conducting a closing meeting and conclusion of an ISO 14001 audit Evaluation of corrective action plans ISO 14001 Surveillance and internal audit management program

DAY 5

Certification Exam

66

• To acquire the expertise to perform an ISO 14001 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO14001 certification audit following ISO 19011 to guidelines and ISO 17021 specifications • To acquire necessary expertise to manage an EMS audit team • To understand the operation of an ISO 14001 conformant EMS • To understand the relationship between an EMS controls and compliance with the requirements of different stakeholders of the organization This is a PECB official training course


EXAM • The “Certified ISO 14001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of Environmental Management System - Domain 2: Environmental Control Best Practices based on ISO 14004 - Domain 3: Planning an EMS based on ISO 14001 - Domain 4: Implementing an EMS based on ISO 14001 - Domain 5: Performance evaluation, monitoring and measurement of an EMS based on ISO 14001 - Domain 6: Continual improvement of an EMS based on ISO 14001 - Domain 7: Preparing for an EMS certification audit • The “Certified ISO 14001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 14001 Lead Implementer Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 14001 Certified Provisional Implementer, Certified ISO 14001 Implementer or Certified ISO 14001 Lead Implementer depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Credential

Exam

ISO 14001 Provisional Implementer

ISO 14001 Lead Implementer Exam

ISO 14001 Implementer

ISO 14001 Lead Implementer Exam

ISO 14001 Lead Implementer

ISO 14001 Lead Implementer Exam

Professional experience

EMS Audit experience

EMS project experience

None

None

None

Signing the PECB code of ethics

Audit activities totaling 200 hours

None

Signing the PECB code of ethics

Audit activities totaling 300 hours

None

Signing the PECB code of ethics

Two years One year of Environmental management work experience

Five years Two years of Environmental management work experience

Other requirements

• For more information about ISO 14001 certifications and PECB certification process, refer to PECB section on ISO 14001 Lead Implementer Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation of 31 CPD (Continuing Professional Development) certificate will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

67


CERTIFIED ISO 14001 FOUNDATION BECOME ACQUAINTED WITH THE BEST PRACTICES FOR IMPLEMENTING AND MANAGING AN ENVIRONMENTAL MANAGEMENT SYSTEM (EMS) BASED ON ISO 14001 SUMMARY

DAY 1

This course enables the participants to learn about the best practices for implementing and managing an Environmental Management System (EMS) as specified in ISO 14001:2004. This training also helps to understand how ISO 14001 is linked with other management systems. The participant will learn the different components of an EMS, including the EMS policy, procedures, measuring performance, management’s commitment, internal audit, management review and Continual improvement.

COURSE AGENDA

DURATION: 2 DAYS

Introduction to Environmental Management System (EMS) concepts as required by ISO 14001

PREREQUISITES None

• • • • • •

Introduction to the ISO 14000 family of standards Introduction to management systems and the process approach Fundamental principles in Environmental Management General requirements: presentation of the clauses 4 to 4.6 of the ISO 14001 standard Implementation phases of the ISO 14001 framework Continual improvement of Environmental Management System

DAY 2

Implementing an Environmental Management System and Certification Exam • • • •

Implementation phases of the ISO 14001 framework Continual improvement of Environmental Management System Conducting an ISO 14001 certification audit Certified ISO 14001 Foundation exam

EXAM • The “Certified ISO 14001 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of environmental - Domain 2: Environmental Management System (EMS) • The “Certified ISO 14001 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on ISO 14001 exams

68

WHO SHOULD ATTEND? • Members of an Environmental team • Professionals wanting to gain a comprehensive knowledge of the main processes of an Environmental Management System (EMS) • Staff involved in the implementation of the ISO 14001 standard • Staff involved in operations related to an EMS • Auditors LEARNING OBJECTIVES • To understand the implementation of an Environmental Management System in accordance with ISO14001 • To understand the relationship between an Environmental Management System with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage an Environmental Management System • To acquire the necessary knowledge to contribute in implementing an Environmental Management System (EMS) as specified in ISO 14001 This is a PECB official training course


CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 14001 Certified Provisional Implementer, Certified ISO 14001 Implementer or Certified ISO 14001 Lead Implementer depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Credential

Exam

ISO 14001 Foundation

ISO 14001 Foundation exam

Professional experience

EMS Audit experience

EMS project experience

Other requirements

None

None

None

Signing the PECB code of ethics

• For more information about ISO 14001 certifications and PECB certification process, refer to PECB section on ISO 14001 Lead Implementer Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation 14 CPD (Continuing Professional Education) certificate will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

69


INTRODUCTION TO ISO 14001 INTRODUCTION TO THE IMPLEMENTATION OF AN ENVIRONMENTAL MANAGEMENT SYSTEM (EMS) BASED ON ISO 14001 SUMMARY This one-day training enables participants to be familiar with the basic concepts of the implementation and management of an Environmental Management System (EMS) as specified in ISO 14001:2004. The participant will learn the different components of an EMS, including the EMS policy, procedures, measuring performance, management’s commitment, internal audit, management review and Continual improvement.

COURSE AGENDA • • • • • •

Introduction to the ISO 14000 family of standards Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 4.6 of the ISO 14001 standard Implementation phases of ISO 14001 framework Continual improvement of Environmental Management System Conducting an ISO 14001 certification audit

EXAM AND CERTIFICATION None

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate 7 CPD (Continuing Professional Education) participation will be issued to participants

DURATION: 1 DAY PREREQUISITES None

WHO SHOULD ATTEND? • Professionals wanting to gain a comprehensive knowledge of the main processes of an EMS • Staff involved in the implementation of the ISO 14001 standard • Expert advisors, auditors and managers responsible for implementing an EMS LEARNING OBJECTIVES • To understand the fundamentals of Environmental • To know the interrelationships between ISO 14001 and the other ISO Management Systems • To know the key components of an EMS in accordance with ISO14001 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage an EMS • To understand the stages of the ISO14001 certification process This is a PECB official training course

70


TRAINING CATALOGUE

OCCUPATIONAL HEALTH & SAFETY TRAINING OHSAS 18001:2007 is an international standard that is developed by the OHSAS project Group, an association that includes government agencies, certification bodies, national standards, industry associations, and consultants. It comprises two parts, 18001 and 18002 and embraces a number of other publications. The aim of OHSAS 18001 is to assist organizations in managing and controlling their health and safety risks and improving their OH&S performance. In response to customer demand for an occupational health and safety management system that can be assessed objectively, certified credibly, and recognized internationally, the Occupational Health and Safety Assessment Series (OHSAS) standards are developed for use by all types of organizations and industries


CERTIFIED OHSAS 18001 LEAD IMPLEMENTER MASTERING THE IMPLEMENTATION AND MANAGEMENT OF AN OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEM (OHSMS) BASED ON OHSAS 18001 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing an Occupational Health and Safety Management System (OHSMS) based on OHSAS 18001:2007. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects) and OHSAS 18002 (Guidelines for the implementation of OHSAS 18001).

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Occupational Health and Safety Management System (OHSMS) concepts as required by OHSAS 18001; Initiating an OHSMS

PREREQUISITES

• • • •

Introduction to management systems and the process approach Fundamental principles of Occupational Health and Safety Presentation of OHSAS 18001 clause-by-clause Preliminary analysis and determining the level of maturity of the existing occupational Health and Safety management system • Writing a business case and a project plan for the implementation of an OHSMS

DAY 2

Planning an OHSMS based on OHSAS 18001 • Definition the scope of the OHSMS • Development of the OHSMS and occupational Health and Safety policies • Selection of the approach and methodology for hazard identification, hazard assessment and hazard control • Drafting the project plan

DAY 3

Implementing an OHSMS based on OHSAS 18001 • • • •

Implementation of a document management framework Development of a training & awareness program and communicating about the OHS Operational control / Emergency preparedness and response Operations management of an OHSMS

DAY 4

Controlling, monitoring and measuring an OHSMS; certification audit of an OHSMS • • • • •

Controlling and Monitoring an OHSMS Development of metrics, performance indicators and dashboards Internal Audit and management review of an OHSMS Implementation of a continual improvement program Preparing for an OHSAS 18001 certification audit

DAY 5

Certification Exam 72

• OHSAS 18001 Foundation

Certification or a basic knowledge of OHSAS 18001 is recommended

WHO SHOULD ATTEND? • Project managers or consultants wanting to prepare and to support an organization in the implementation of an OHSMS • OHSAS 18001 auditors who wish to fully understand the OHSMS implementation process • Persons responsible for the occupational Health and Safety or conformity in an organization • Expert advisors and members of an Occupational Health and Safety team • Experts wanting to prepare for an OHS function or for an OHSMS project management function

LEARNING OBJECTIVES • To understand the implementation of an Occupational Health and Safety Management System in accordance with OHSAS 18001 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an OHSMS • To understand the relationship between the components of an Occupational Health and Safety Management System, including hazard assessment & management, controls and compliance with the requirements of different stakeholders of the organization • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an OHSMS as specified in OHSAS18001 • To acquire the necessary expertise to manage a team implementing OHSAS18001

This is a PECB official training course


EXAM • The “Certified OHSAS 18001 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of occupational health and safety - Domain 2: Occupational Health and Safety Best Practices - Domain 3: Planning an OHSMS based on OHSAS 18001 - Domain 4: Implementing an OHSMS based on OHSAS 18001 - Domain 5: Performance evaluation, monitoring and measurement of an OHSMS based on OHSAS 18001 - Domain 6: Continual improvement of an OHSMS based on OHSAS 18001 - Domain 7: Preparing for an OHSMS certification audit • The “Certified OHSAS 18001 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on OHSAS18001Lead Implementer Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified OHSAS 18001 Provisional Implementer, Certified OHSAS 18001 Implementer or Certified OHSAS 18001 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Credential

Exam

OHSAS 18001 Provisional Implementer

OHSAS 18001 Lead Implementer Exam

Professional experience

OHSMS Audit experience

OHSMS project experience

None

None

None

Signing the PECB code of ethics

Other requirements

OHSAS 18001 Implementer

OHSAS 18001 Lead Implementer Exam

Two years One years of Occupational Health and Safety work experience

None

Project activities totaling 200 hours

Signing the PECB code of ethics

OHSAS 18001 Lead Implementer

OHSAS 18001 Lead Implementer Exam

Five years Two years of Occupational Health and Safety work experience

None

Project activities totaling 300 hours

Signing the PECB code of ethics

• For more information about OHSAS18001 certifications and PECB certification process, refer to PECB section on OHSAS 18001 Lead Implementer Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

73


CERTIFIED OHSAS 18001 LEAD AUDITOR MASTERING THE AUDIT OF AN OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEM (OHSMS) BASED ON OHSAS 18001 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the necessary expertise to audit an Occupational Health and Safety Management System (OHSMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with the certification process of the OHSAS 18001:2007 standards. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Occupational Health and Safety Management System (OHSMS) concepts as required by OHSAS 18001

PREREQUISITES

• • • • •

Normative, regulatory and legal framework related to occupational health and safety Fundamental principles of occupational Health and Safety OHSAS 18001 certification process Occupational Health and Safety Management System (OHSMS) Detailed presentation of OHSAS18001 clause-by-clause

DAY 2

Planning and Initiating an OHSAS 18001 audit • • • • •

Fundamental audit concepts and principles Audit approach based on evidence and on hazard Preparation of an OHSAS 18001 certification audit OHSMS documentation audit Conducting an opening meeting

DAY 3

Conducting an OHSAS 18001 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plan • Formulation of audit findings and documenting of nonconformities

DAY 4

Concluding and ensuring the follow-up of an OHSAS 18001 audit • • • •

Audit documentation Conducting a closing meeting and conclusion of an OHSAS 18001 audit Evaluation of corrective action plans OHSAS 18001 Surveillance audit and internal Audit management program

DAY 5

Certification Exam

74

• OHSAS 18001 Foundation

Certification or basic knowledge of OHSAS 18001 is recommended

WHO SHOULD ATTEND? • Internal auditors and expert advisors in Health & Safety • Auditors wanting to perform and lead Occupational Health and Safety Management System (OHSMS) certification audits • Project managers or consultants wanting to master the OHSMS audit process • Persons responsible for the Occupational Health and Safety or conformity in an organization • Experts wanting to prepare for an Occupational Health and Safety audit function

LEARNING OBJECTIVES • To acquire the expertise to perform an OHSAS 18001 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an OHSAS 18001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 • To acquire the expertise necessary to manage an OHSMS audit team • To understand the operation of an OHSAS 18001 conformant OHSMS • To understand the relationship between an OHSMS, including hazard assessment & management, controls and compliance with the requirements of different stakeholders of the organization

This is a PECB official training course


EXAM • The “Certified OHSAS 18001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of occupational health and safety - Domain 2: Occupational Health and Safety Management System (OHSMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an OHSAS 18001 audit - Domain 5: Conducting OHSAS 18001 audit - Domain 6: Closing an OHSAS 18001 audit - Domain 7: Managing an OHSAS 18001 audit program • The “Certified OHSAS 18001 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on OHSAS18001 Lead Auditor Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified OHSAS 18001 Provisional Auditor, Certified OHSAS 18001 Auditor or Certified OHSAS 18001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.

Credential

Exam

OHSAS 18001 Provisional Auditor

OHSAS 18001 Lead Auditor Exam

Professional experience

OHSMS Audit experience

OHSMS project experience

None

None

None

Signing the PECB code of ethics

Other requirements

OHSAS 18001 Auditor

OHSAS 18001 Lead Auditor Exam

Two years Audit activities One year of totaling Occupational Health 200 hours and Safety work experience

None

Signing the PECB code of ethics

OHSAS 18001 Lead Auditor

OHSAS 18001 Lead Auditor Exam

Five years Audit activities Two years of totaling Occupational Health 200 hours and Safety work experience

None

Signing the PECB code of ethics

• For more information about OHSAS18001 certifications and PECB certification process, refer to PECB section on OHSAS18001 Lead Auditor Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

75


CERTIFIED OHSAS 18001 FOUNDATION BECOME ACQUAINTED WITH THE BEST PRACTICES FOR IMPLEMENTING AND MANAGING AN OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEM (OHSMS) BASED ON OHSAS 18001 SUMMARY

DAY 1

This course enables the participants to learn about the best practices for implementing and managing an Occupational Health and Safety Management System (OHSMS) as specified in OHSAS 18001:2007. This training also helps to understand how OHSAS 18001 relate with ISO 14001 and ISO 9001

COURSE AGENDA

DURATION: 2 DAYS

Introduction to Occupational Health and Safety Management System (OHSMS) concepts as required by OHSAS 18001

PREREQUISITES

• • • • • • •

Presentation of the OHSAS 18000 family of standards Introduction to management systems and the process approach Fundamental principles in Health & Safety General requirements: presentation of OHSAS 18001 clause-by-clause Implementation phases of the OHSAS 18001 framework Continual improvement of Occupational Health and Safety Conducting an OHSAS 18001 certification audit

DAY 2

Implementing Occupational Health and Safety according to OHSAS 18001 and Certification Exam • • • •

Development of a training & awareness program and communication about the OHS Operational controls / emergency preparedness and response Operational management of an OHSMS Certified OHSAS 18001 Foundation Exam

EXAM • The “Certified OHSAS 18001 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of occupational health and safety - Domain 2: Occupational Health and Safety Management System (OHSMS) • The “Certified OHSAS 18001 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on OHSAS18001 Foundation Exam

76

None

WHO SHOULD ATTEND? • Members of an occupational Health and Safety team • Professionals wanting to gain a comprehensive knowledge of the main processes of an OHSMS • Staff involved in the implementation of the OHSAS 18001 standard • Auditors and technicians involved in operations related to an OHSMS LEARNING OBJECTIVES • To understand the implementation of an OHSMS in accordance with OHSAS18001 • To understand the relationship between an OHSMS including hazard assessment & management, controls and compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage an OHSMS This is a PECB official training course


CERTIFICATION • A certificate of Certified OHSAS 18001 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential

Credential

Exam

OHSAS 18001 Foundation

OHSAS 18001 Foundation exam

Professional experience

OHSMS project experience

OHSMS project experience

Other requirements

None

None

None

Signing the PECB code of ethics

• For more information about OHSAS18001 certifications and PECB certification process, refer to PECB section on c OHSAS18001 Foundation Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

77


INTRODUCTION TO OHSAS 18001 INTRODUCTION TO THE IMPLEMENTATION OF AN OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEM (OHSMS) BASED ON OHSAS 18001 SUMMARY This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of an Occupational Health and Safety Management System (OHSMS) as specified in OHSAS 18001:2007. The participant will learn the different components of an OHSMS, including the OHSMS policy, hazard management, measuring performance, management’s commitment, internal audit, management review and continual improvement.

COURSE AGENDA • • • • • • •

Presentation of the OHSAS 18000 family of standards Introduction to management systems and the process approach General requirements: presentation of OHSAS 18001 clause-by-clause Implementation phases of the OHSAS 18001 framework Introduction to hazard assessment and management according to OHSAS 18001 Continual improvement of occupational Health and Safety Conducting an OHSAS 18001 certification audit

EXAM AND CERTIFICATION None

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued to participants.

DURATION: 1 DAY PREREQUISITES None

WHO SHOULD ATTEND? • Professionals wanting to gain a comprehensive knowledge of the main processes of an Occupational Health and Safety Management System (OHSMS) • Staff involved in the implementation of the OHSAS 18001 standard • Expert advisors in Health & Safety • Auditors and managers responsible for implementing an OHSMS LEARNING OBJECTIVES • To understand the fundamentals of OHS • To know the interrelationships between OHSAS 18001 and the other OHS standards • To know the key components of an OHSMS in accordance with OHSAS 18001 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage an OHSMS • To understand the stages of the OHSAS18001 certification process This is a PECB official training course

78


TRAINING CATALOGUE

FOOD SAFETY TRAINING ISO 22000:2005 specifies requirements for a food safety management system where an organization in the food chain needs to demonstrate its ability to control food safety hazards in order to ensure that food is safe at the time of human consumption. It is applicable to all organizations, regardless of size, which are involved in any aspect of the food chain and want to implement systems that consistently provide safe products. The means of meeting any requirements of ISO 22000:2005 can be accomplished through the use of internal and/or external resources.


CERTIFIED ISO 22000 LEAD IMPLEMENTER MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A FOOD SAFETY MANAGEMENT SYSTEM (FSMS) BASED ON ISO 22000 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Food Safety Management System (FSMS) based on ISO 22000:2005. Participants will also be given a thorough grounding in best practices used to implement food safety controls from all areas of ISO 22000. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is compatible with ISO/TS 22004:2005 (Food Safety Management Systems -- Guidance on the application of ISO 22000:2005) and ISO/TS 22002-1:2009 (Prerequisite programs on food safety -- Part 1: Food manufacturing)

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Food Safety Management System (FSMS) concepts as required by ISO 22000; Initiating a FSMS

PREREQUISITES

• Introduction to management systems and the process approach • Presentation of the standards ISO 22000, ISO 22004 and ISO/TS 22002 • Preliminary analysis and establishment of the maturity level of the existing Food Safety Management System • Writing a business case and a project plan for the implementation of a FSMS

DAY 2

Planning a FSMS based on ISO 22000 • • • •

Definition of the scope of a FSMS Development of a FSMS and food safety policies and objectives Preliminary steps to enable hazard analysis Hazard analysis

DAY 3

Implementing a FSMS based on ISO 22000 • • • • •

Implementation of a document management framework Implementation of controls and a traceability system Development of a training & awareness program and communication about food safety Emergency preparedness and response Operations management of a FSMS

DAY 4

Control, monitor and measure a FSMS and the certification audit of a FSMS in accordance with ISO 22000 • • • • •

Controlling and monitoring the FSMS controls Development of metrics, performance indicators and dashboards ISO 22000 internal Audit and management review Implementation of a continual improvement program Preparing for an ISO 22000 certification audit

DAY 5

Certification Exam

80

• ISO 22000 Foundation Certification or a basic knowledge of ISO 22000 and/or ISO 9001 & HACCP is recommended

WHO SHOULD ATTEND? • Project managers or consultants wanting to prepare and to support an organization in the implementation of a FSMS • ISO 22000 auditors who wish to fully understand the FSMS implementation process • Persons responsible for the food safety conformity in an organization • Technical experts wanting to prepare for a food safety function or for a FSMS project management function

LEARNING OBJECTIVES • To understand the implementation of a FSMS in accordance with ISO 22000 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a FSMS • To acquire the necessary expertise to support an organization in implementing, managing and maintaining a FSMS as specified in ISO22000 • To understand prerequisite programs • To master the knowledge of Good Practice guides for: Manufacturing (GMP), Production (GPP), Hygiene (GHP), Agriculture (GAP), Veterinary (GVP), Distribution (GDP) and Trading (GTP) • To master the principles of HACCP as defined by the Codex Alimentarius.

This is a PECB official training course


EXAM • The “Certified ISO 22000 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of food safety - Domain 2: Food safety best practices - Domain 3: Planning a FSMS based on ISO 22000 - Domain 4: Implementing a FSMS based on ISO 22000 - Domain 5: Performance evaluation, monitoring and measurement of an FSMS based on ISO 22000 - Domain 6: Continual improvement of a FSMS based on ISO 22000 - Domain 7: Preparing for a FSMS certification audit • The “Certified ISO 22000 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about the exam, refer to PECB section on ISO 22000 Lead Implementer Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 22000 Provisional Implementer, Certified ISO 22000 Implementer or Certified ISO 22000 Lead Implementer, depending on their experience level • A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential

Credential

Exam

ISO 22000 Provisional Implementer

ISO 22000 Lead Implementer Exam

Professional experience

FSMS Audit experience

FSMS project experience

None

None

None

Signing the PECB code of ethics

Other requirements

ISO 22000 Implementer

ISO 22000 Lead Implementer Exam

Two years One years of Food Safety work experience

None

Project activities totaling 200 hours

Signing the PECB code of ethics

ISO 22000 Lead Implementer

ISO 22000 Lead Implementer Exam

Five years Two years of Food Safety work experience

None

Project activities totaling 300 hours

Signing the PECB code of ethics

• For more information about ISO 22000 certifications and PECB certification process, refer to PECB section on ISO 22000 Lead Implementer Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.

81


CERTIFIED ISO 22000 LEAD AUDITOR MASTERING THE AUDIT OF A FOOD SAFETY MANAGEMENT SYSTEM (FSMS) BASED ON ISO 22000 SUMMARY This five-day intensive course enables participants to develop the necessary expertise to audit a Food Safety Management System (FSMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.Based on practical exercises, the participant will develop the necessary skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) to efficiently conduct an audit.

COURSE AGENDA

DAY 1

Introduction to Food Safety Management System (FSMS) concepts as required by ISO 22000 • • • •

Normative, regulatory and legal framework related to food safety ISO 22000 certification process Food Safety Management System (FSMS) Detailed presentation of the clauses 4 to 8 of ISO22000

DAY 2

Planning and Initiating an ISO 22000 audit • • • • •

Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 22000 certification audit FSMS documentation audit Conducting an opening meeting

DURATION: 5 DAYS PREREQUISITES • ISO 22000 Foundation Certification

or a basic knowledge of ISO 22000 and/or ISO 9001 & HACCP is recommended

WHO SHOULD ATTEND? • Internal auditors • Auditors wanting to perform and lead FSMS certification audits • Project managers or consultants wanting to master the FSMS audit process • Persons responsible for the Food safety conformity in an organization • Experts wanting to prepare for a Food safety audit function LEARNING OBJECTIVES

DAY 3

Conducting an ISO 22000 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities

DAY 4

Concluding and ensuring the follow-up of an ISO 22000 audit • • • •

Audit documentation Conducting a closing meeting and conclusion of an ISO 22000 audit Evaluation of corrective action plans ISO 22000 surveillance and Internal audit management program

DAY 5

Certification Exam

82

• To acquire the expertise to perform an ISO 22000 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO 22000 certification audit following ISO 19011 guidelines and ISO 17021 specifications • To acquire the necessary expertise to manage a FSMS audit team • To understand the relationship between a FSMS, including controls and compliance with the requirements of different organization’s stakeholders This is a PECB official training course


EXAM • The “Certified ISO 22000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of food safety - Domain 2: Food Safety Management System (FSMS) - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 22000 audit - Domain 5: Conduct of an ISO 22000 audit - Domain 6: Closing an ISO 22000 audit - Domain 7: Managing an ISO 22000 audit program • The “Certified ISO 22000 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about the exam, refer to PECB section on ISO 22000 Lead Auditor Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 22000 Provisional Auditor, Certified ISO 22000 Auditor or Certified ISO 22000 Lead Auditor depending on their experience level. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential.

Credential

Exam

ISO 22000 Provisional Auditor

ISO 22000 Lead Auditor Exam

Professional experience

FSMS Audit experience

FSMS project experience

None

None

None

Signing the PECB code of ethics

Other requirements

ISO 22000 Auditor

ISO 22000 Lead Auditor Exam

Two years One year of Food Safety work experience

Audit activities totaling 200 hours

None

Signing the PECB code of ethics

ISO 22000 Lead Auditor

ISO 22000 Lead Auditor Exam

Five years Two years of Food Safety work experience

Audit activities totaling 300 hours

None

Signing the PECB code of ethics

• For more information about ISO 22000 certifications and PECB certification process, refer to PECB section on ISO 22000 Lead Auditor Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.

83


CERTIFIED ISO 22000 FOUNDATION BECOME ACQUAINTED WITH THE BEST PRACTICES FOR IMPLEMENTING AND MANAGING A FOOD SAFETY MANAGEMENT SYSTEM (FSMS) BASED ON ISO 22000 SUMMARY

DAY 1

This course enables participants to learn about the best practices for implementing and managing a Food Safety Management System (FSMS) as specified in ISO 22000:2005, as well as the best practices for implementing the food safety controls of the eleven domains of ISO 27002. This training also helps to understand how ISO 22000 is related with ISO/TS 22004:2005 (Food Safety Management Systems -- Guidance on the application of ISO 22000:2005) and ISO/ TS 22002-1:2009 (Prerequisite programs on food safety -- Part 1: Food manufacturing)

COURSE AGENDA

DURATION: 2 DAYS

Introduction to Food Safety Management System (FSMS) concepts as required by ISO 22000

PREREQUISITES

• • • •

Introduction to the ISO 22000 family of standards Introduction to management systems and the process approach Fundamental principles in food safety Management General requirements: presentation of the clauses 4 to 8 of ISO 22000

DAY 2

Implementation of a FSMS and Certification Exam • • • •

Implementation phases of ISO 22000 framework Continual improvement of food safety Conducting an ISO 22000 certification audit Certified ISO 22000 Foundation exam

EXAM • The “Certified ISO 22000 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of food safety - Domain 2: Food Safety Management System (FSMS) • The “Certified ISO 22000 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about the exam, refer to PECB section on ISO 22000 Foundation Exam

None

WHO SHOULD ATTEND? • Auditors and members of a food safety team • Professionals wanting to gain a comprehensive knowledge of the main processes of a FSMS • Staff involved in the implementation of the ISO 22000 standard LEARNING OBJECTIVES • To understand the implementation of a FSMS in accordance with ISO22000 • To understand the relationship between a FSMS, including risk management, controls and compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage a FSMS • To acquire the necessary expertise to contribute in implementing a FSMS as specified in ISO22000

This is a PECB official training course

84


CERTIFICATION • A certificate of Certified ISO 22000 Foundation will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential

Credential

Exam

ISO 22000 Foundation

ISO 22000 Foundation exam

Professional experience

FSMS Audit experience

FSMS project experience

Other requirements

None

None

None

Signing the PECB code of ethics

• For more information about ISO 22000 certifications and PECB certification process, refer to PECB section on ISO 22000 Foundation Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions.

85


INTRODUCTION TO ISO 22000 INTRODUCTION TO THE IMPLEMENTATION OF A FOOD SAFETY MANAGEMENT SYSTEM (FSMS) BASED ON ISO 22000 SUMMARY This one-day training enables participants to be familiar with the basic concepts of the implementation and management of a Food Safety Management System (FSMS) as specified in ISO 22000:2005. The participant will learn the different components of a FSMS, including the FSMS policy, HACCP analysis, measuring performance, management’s commitment, internal audit, management review and continual improvement.

COURSE AGENDA

DURATION: 1 DAY PREREQUISITES None

• • • • • •

Introduction to ISO 22000 family of standards Introduction to management systems and the process approach General requirements: presentation of clauses 4 to 8 of ISO 22000 Implementation phases of ISO 22000 framework Continual improvement of food safety Conducting an ISO 22000 certification audit

EXAM AND CERTIFICATION None

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued to participants

WHO SHOULD ATTEND? • Professionals wanting to gain a comprehensive knowledge of the main processes of a FSMS • Staff involved in the implementation of the ISO 22000 standard • Expert advisors in food and safety • Auditors and managers responsible for implementing an FSMS LEARNING OBJECTIVES • To understand the fundamentals of food safety • To know the interrelationships between ISO 22000 and the other food safety standards • To know the key components of a FSMS in the context of ISO 22000 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage a FSMS accordance with ISO 22000 • To understand the stages of ISO22000 certification process This is a PECB official training course

86


TRAINING CATALOGUE

SOCIAL RESPONSIBILITY TRAINING ISO 26000:2010 is intended to assist organizations in contributing to sustainable development. It is intended to encourage them to go beyond legal compliance, recognizing that compliance with law is a fundamental duty of any organization and an essential part of their social responsibility. It is intended to promote common understanding in the field of social responsibility, and to complement other instruments and initiatives for social responsibility, not to replace them.


CERTIFIED ISO 26000 LEAD IMPLEMENTER MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A SOCIAL RESPONSIBILITY PROGRAM BASED ON ISO 26000 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Social responsibility program based on ISO 26000:2010. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). The participant will learn the different core subjects and issues: human rights, labor practices, the environment, fair operating practices, consumer issues, community involvement and development. This training is fully compatible with SA8000 (Global social accountability standard by the Social Accountability International).

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Corporate Social Responsibility concepts as defined by ISO 26000

PREREQUISITES

• Normative, regulatory and legal framework related to social responsibility of organizations • Fundamental principles of social responsibility of organizations • Presentation of ISO 26000 clauses and the six core subjects • Preliminary analysis and determining the level of maturity of an existing social responsibility program • Writing a business case and a project plan for the implementation of a social responsibility program

DAY 2

Planning a social responsibility program based on ISO 26000 • • • • • • •

Development of the social responsibility policy Human rights issues and best practices Labor practices issues and best practices The environment issues and best practices Fair operating practices issues and best practices Consumer issues and best practices Community involvement and development issues and best practices

DAY 5

DAY 4

DAY 3

Implementing a social responsibility program based on ISO 26000 • Implementation of a document management framework • Implementation of social responsibility action plans • Development of a training & awareness program and communicating about social responsibilities • Operations management of a social responsibility program

Controlling, monitoring and measuring e a social responsibility program • • • •

Monitoring a social responsibility program Development of metrics, performance indicators and dashboards ISO 26000 internal and external assessment Implementation of a continual improvement program

Certification Exam 88

• ISO 26000 Foundation Certification

or a basic knowledge of ISO 26000 and/or SA8000 is recommended

WHO SHOULD ATTEND? • Project managers or consultants wanting to prepare and to support an organization in the implementation of a social responsibility program • ISO 26000 assessors who wish to fully understand the implementation of a social responsibility program • Persons responsible for a social responsibility program or conformity in an organization • Members of a social responsibility team

LEARNING OBJECTIVES • To understand the implementation of a social responsibility program of an organization in accordance with ISO 26000 • To gain a comprehensive understanding of the concepts, approaches, subjects, methods and techniques required for the effective management of social responsibilities for an organization • To understand the relationship between the components of a SR program based on ISO 26000 and compliance with the requirements of different stakeholders of the organization • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an social responsibility program as proposed in ISO26000 • To acquire the necessary expertise to manage a team implementing ISO26000

This is a PECB official training course


EXAM • The “Certified ISO 26000 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of social responsibilities - Domain 2: Social responsibility best practices - Domain 3: Planning a social responsibility program based on ISO 26000 - Domain 4: Implementing a social responsibility program based on ISO 26000 - Domain 5: Performance evaluation, monitoring and measurement of a social responsibility program based on ISO 26000 - Domain 6: Continual improvement of a social responsibility program based on ISO 26000 - Domain 7: Preparing for a social responsibility program assessment • The “Certified ISO 26000 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 26000 Lead Implementer Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 26000 Provisional Implementer, Certified ISO 26000 Implementer or Certified ISO 26000 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Credential

Exam

ISO 26000 ISO 26000 Lead Implementer Provisional Exam Implementer

Professional experience

SRMS Audit experience

SRMS project experience

None

None

None

Signing the PECB code of ethics

Other requirements

ISO 26000 Implementer

ISO 26000 Lead Implementer Exam

Two years One years of social responsibility work experience

None

Project activities totaling 200 hours

Signing the PECB code of ethics

ISO 26000 Lead Implementer

ISO 26000 Lead Implementer Exam

Five years Two years of social responsibility work experience

None

Project activities totaling 300 hours

Signing the PECB code of ethics

• For more information about ISO 26000 certifications and PECB certification process, refer to PECB section on ISO 26000 Lead Implementer Certification

GENERAL INFORMATION • • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants ISO 26000 is guidance on social responsibility and it is not a certifiable standard for an organization In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

89


CERTIFIED ISO 26000 LEAD AUDITOR MASTERING THE AUDIT OF A SOCIAL RESPONSIBILITY PROGRAM BASED ON ISO 26000 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the needed expertise to audit a social responsibility program based on ISO 26000 and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently. This training is fully compatible with SA8000 (Global social accountability standard by the Social Accountability International).

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Corporate Social Responsibility concepts as defined by ISO 26000

PREREQUISITES • ISO 26000 Foundation Certification or basic knowledge of ISO 26000 is recommended

• Normative, regulatory and legal framework related to social responsibility of organizations • Fundamental principles of social responsibility of organizations • Presentation of ISO 26000 clauses and the six core subjects • Social responsibility program • Detailed presentation of ISO 26000 clause-by-clause

DAY 2

Planning and initiating a social responsibility audit based on ISO 26000 • • • • •

Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an social responsibility audit Documenting of a social responsibility audit Conducting an opening meeting

DAY 4

DAY 3

Conducting a social responsibility audit based on ISO 26000 • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Drafting test plans • Formulation of audit findings and documenting nonconformities

Concluding and ensuring the follow-up of a social responsibility audit based on ISO 26000 • • • •

Audit documentation Conducting a closing meeting and conclusion of an ISO 26000 audit Evaluation of corrective action plans ISO 26000 Audit management program

DAY 5

Certification Exam 90

WHO SHOULD ATTEND? • Internal auditors • Auditors wanting to perform and lead social responsibility program audits • Project managers or consultants wanting to master social responsibility program audit process • Persons responsible for the social responsibility or conformity in an organization • Expert advisors in social responsibility

LEARNING OBJECTIVES • To acquire the expertise to perform an ISO 26000 internal audit following ISO 19011 guidelines • To acquire the expertise necessary to manage a social responsibility audit team • To understand the operation of a social responsibility program in accordance with ISO26000 • To understand the relationship between a social responsibility program with the requirements of different stakeholders of the organization • To improve the ability to analyze the internal and external environment of social responsibilities of an organization in accordance with ISO26000

This is a PECB official training course


EXAM • The “Certified ISO 26000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of social responsibilities - Domain 2: Social responsibility program - Domain 3: Fundamental Audit Concepts and Principles - Domain 4: Preparation of an ISO 26000 audit - Domain 5: Conducting of an ISO 26000 audit - Domain 6: Closing an ISO 26000 audit - Domain 7: Managing an ISO 26000 audit program • The “Certified ISO 26000 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 26000 Lead Auditor Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 26000 Provisional Auditor, Certified ISO 26000 Auditor or Certified ISO 26000 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.

Credential

Exam

ISO 26000 ISO 26000 Lead Auditor Provisional Exam Implementer

Professional experience

SRMS Audit experience

SRMS project experience

None

None

None

Signing the PECB code of ethics

Other requirements

ISO 26000 Implementer

ISO 26000 Lead Auditor Exam

Two years One year of social responsibility management work experience

Audit activities totaling 200 hours

None

Signing the PECB code of ethics

ISO 26000 Lead Implementer

ISO 26000 Lead Auditor Exam

Five years Two years of social responsibility management work experience

Audit activities totaling 300 hours

None

Signing the PECB code of ethics

• For more information about ISO 26000 certifications and PECB certification process, refer to PECB section on ISO 26000 certifications

GENERAL INFORMATION • • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants ISO 26000 is guidance on social responsibility and it is not a certifiable standard for an organization In case of failure of the exam, participants are allowed to retake the exam for free under certain condition

91


CERTIFIED ISO 26000 FOUNDATION BECOME ACQUAINTED WITH THE BEST PRACTICES FOR IMPLEMENTING AND MANAGING A SOCIAL RESPONSIBILITY PROGRAM BASED ON ISO 26000 SUMMARY

DAY 1

This course enables the participants to learn about the best practices for implementing and managing a social responsibility program as proposed in ISO 26000:2010. The participant will learn the different core subjects and issues: human rights, labour practices, the environment, fair operating practices, consumer issues, community involvement and development. This training is fully compatible with SA8000 (Global social accountability standard by the Social Accountability International).

COURSE AGENDA

DURATION: 2 DAYS

Introduction to Corporate Social Responsibility concepts as defined by ISO 26000

PREREQUISITES

• Normative, regulatory and legal framework related to social responsibility of organizations • Fundamental principles of social responsibility of organizations • Introduction to management systems and the process approach • Presentation of ISO 26000 clauses and the six core subjects • Implementation phases of the ISO 26000 program • Continual improvement of a social responsibility program • Conducting an ISO 26000 audit

DAY 2

Implementing controls in social responsibility according to ISO 26000 and Certification Exam • • • • • • • •

Drafting a social responsibility policy Human rights issues and best practices Labor practices issues and best practices The environment issues and best practices Fair operating practices issues and best practices Consumer issues and best practices Community involvement and development issues and best practices Certification Exam

EXAM • The “Certified ISO 26000 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of social responsibilities - Domain 2: Social responsibility program • The “Certified ISO 26000 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about ISO 26000 certifications and PECB certification process, refer to PECB section on ISO 26000 Foundation Certification

92

None

WHO SHOULD ATTEND? • Project managers or consultants wanting to prepare and to support an organization in the implementation of a social responsibility program • Persons responsible for a social responsibility program or conformity in an organization • Members of a social responsibility team • Auditors LEARNING OBJECTIVES • To understand the implementation of a social responsibility program in accordance with ISO26000 • To understand the relationship between a social responsibility program and the compliance with the requirements of different stakeholders of the organization • To acquire the necessary expertise to contribute in implementing a social responsibility program as presented in ISO 26000

This is a PECB official training course


CERTIFICATION • A certificate of Certified ISO 26000 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential

Credential

Exam

ISO 26000 Foundation

ISO 22000 Foundation exam

Professional experience

SRMS Audit experience

SRMS project experience

Other requirements

None

None

None

Signing the PECB code of ethics

• For more information about ISO 26000 certifications and PECB certification process, refer to PECB section on ISO 26000 certifications

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participants ISO 26000 is guidance on social responsibility and it is not a certifiable standard for an organization

• In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

93


INTRODUCTION TO ISO 26000 INTRODUCTION TO THE IMPLEMENTATION OF A SOCIAL RESPONSIBILITY PROGRAM BASED ON ISO 26000 SUMMARY This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of a social responsibility program as proposed in ISO 26000:2010. The participant will learn the different core subjects and issues: human rights, labour practices, the environment, fair operating practices, consumer issues, community involvement and development. This training is fully compatible with SA8000 (Global social accountability standard by the Social Accountability International).

COURSE AGENDA

DURATION: 1 DAY PREREQUISITES None

• • • • • • • •

Presentation of the ISO 26000 clauses and the six core subjects Drafting a social responsibility policy Human rights issues and best practices Labor practices issues and best practices The environment issues and best practices Fair operating practices issues and best practices Consumer issues and best practices Community involvement and development issues and best practices

EXAM AND CERTIFICATION None

WHO SHOULD ATTEND? • Members of a social responsibility team • Project managers or consultants wanting to prepare and to support an organization in the implementation of a social responsibility program • Persons responsible for a social responsibility program or conformity in an organization • Auditors LEARNING OBJECTIVES

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development) credits will be issued to participants • ISO 26000 is guidance on social responsibility and it is not a certifiable standard for an organization

• To understand the implementation of a social responsibility program in accordance with ISO26000 • To understand the relationship between a social responsibility program and the compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage a social responsibility program • To understand the stages of a ISO 26000 audit This is a PECB official training course

94


TRAINING CATALOGUE

SUPPLY CHAIN SECURITY TRAINING ISO 28000:2007 specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain. ISO 28000 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain.


CERTIFIED ISO 28000 LEAD IMPLEMENTER MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A SUPPLY CHAIN SECURITY MANAGEMENT SYSTEM (SCSMS) BASED ON ISO 28000 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Supply Chain Security Management System (SCSMS) based on ISO 28000:2007. Participants will also gain a thorough understanding in best practices used to implement supply chain security controls from all areas of ISO 28001. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO 28004 (Guidelines for the Implementation of a SCSMS).

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Supply Chain Security Management System (SCSMS) concepts as required by ISO 28000; initiating a SCSMS

PREREQUISITES

• Introduction to management systems and the process approach • Presentation of the standards ISO 28000, ISO 28001, ISO 28004 and regulatory and legal framework related to supply chain security • Preliminary analysis and establishment of the maturity level of an existing SCSMS based upon ISO 21827 • Writing a business case and a project plan for the implementation of a SCSMS

DAY 2

Planning a SCSMS based on ISO 28000 • • • • •

Definition of the scope of a SCSMS Development of a SCSMS and supply chain security policies Selection of the approach and methodology for security risk assessment Security risk management (identification, analysis and treatment of risk) Development of a security plan

DAY 3

Implementing a SCSMS based on ISO 28000 • Implementation of a document management framework • Implementation of processes and controls • Development of a training & awareness program and communication about the supply chain security • Operations management of a SCSMS

DAY 4

Controlling, monitoring and measuring a SCSMS and the certification audit of a SCSMS • • • • •

Controlling and Monitoring the SCSMS controls Development of metrics, performance indicators and dashboards ISO 28000 internal Audit and management review of a SCSMS Implementation of a continual improvement program Preparing for an ISO 28000 certification audit

DAY 5

Certification Exam

96

• ISO 28000 Foundation Certification

or a basic knowledge of ISO 28000 and ISO 28001 is recommended

WHO SHOULD ATTEND? • Project managers or consultants wanting to prepare and to support an organization in the implementation of a SCSMS • ISO 28000 auditors who wish to fully understand the SCSMS implementation process • Persons responsible for the supply chain security or conformity in an organization • Expert advisors in physical security LEARNING OBJECTIVES • To understand the implementation of a Supply Chain Security Management System in accordance with ISO 28000 • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Supply Chain Security Management System • To acquire the necessary expertise to support an organization in implementing, managing and maintaining a SCSMS as specified in ISO28000 • To acquire the necessary expertise to manage a team implementing ISO28000 This is a PECB official training course


EXAM • The “Certified ISO 28000 Lead Implementer” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of supply chain security - Domain 2: Supply chain security Control Best Practice based on ISO 28001 - Domain 3: Planning a SCSMS based on ISO 28000 - Domain 4: Implementing a SCSMS based on ISO 28000 - Domain 5: Performance evaluation, monitoring and measurement of a SCSMS based on ISO 28000 - Domain 6: Continuous improvement of a SCSMS based on ISO 28000 - Domain 7: Preparing for a SCSMS certification audit • The “Certified ISO 28000 Lead Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 28000 Lead Implementer Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 28000 Provisional Implementer, Certified ISO 28000 Implementer or Certified ISO 28000 Lead Implementer, depending on their level of experience • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Credential

Exam

ISO 28000 ISO 28000 Lead Provisional Implementer Exam Implementer

Professional experience

SCSMS Audit experience

SCSMS project experience

None

None

None

Signing the PECB code of ethics

Other requirements

ISO 28000 Implementer

ISO 28000 Lead Two years One years of Supply Implementer Chain Security Exam work experience

None

Project activities totaling 200 hours

Signing the PECB code of ethics

ISO 28000 Lead Implementer

ISO 28000 Lead Implementer Exam

None

Project activities totaling 300 hours

Signing the PECB code of ethics

Five years Two years of Supply Chain Security work experience

• For more information about ISO 28000 certifications and PECB certification process, refer to PECB section on ISO 28000 Lead Implementer Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development ) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

97


CERTIFIED ISO 28000 LEAD AUDITOR MASTERING THE AUDIT OF A SUPPLY CHAIN SECURITY MANAGEMENT SYSTEM (SCSMS) BASED ON ISO 28000 SUMMARY

DAY 1

This five-day intensive course enables participants to develop the needed expertise to audit a Supply Chain Security Management System (SCSMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according ISO 17021.Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.

COURSE AGENDA

DURATION: 5 DAYS

Introduction to Supply Chain Security Management System (SCSMS) concepts as required by ISO 28000

PREREQUISITES

• Presentation of the standards ISO 28000, ISO 28001, ISO 28004 and regulatory and legal framework related to supply chain security • Fundamental principles of Supply chain security and physical security • ISO 28000 certification process • Supply Chain Security Management System (SCSMS) • Detailed presentation of the clauses 4 to 8 of ISO28000

DAY 2

Planning and Initiating an ISO 28000 audit • • • •

Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO 28000 certification audit SCSMS Documentation audit

• ISO 28000 Foundation Certification

or basic knowledge of ISO 28000 and ISO 28001 is recommended

WHO SHOULD ATTEND? • Internal auditors • Auditors wanting to perform and lead SCSMS certification audits • Project managers or consultants wanting to master the SCSMS audit process • Persons responsible for the supply chain security or conformity in an organization • Technical experts wanting to prepare for an supply chain security audit function LEARNING OBJECTIVES

DAY 3

Conducting an ISO 28000 audit • Communication during the audit • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation • Audit test plans • Formulation of audit findings and documenting nonconformities

DAY 4

Concluding and ensuring the follow-up of an ISO 28000 audit • • • •

Audit documentation Conducting a closing meeting and conclusion of an ISO 28000 audit Evaluation of corrective action plans ISO 28000 Surveillance and internal Audit management program

DAY 5

Certification Exam

98

• To acquire the expertise to perform an ISO 28000 internal audit following ISO 19011 guidelines • To acquire the expertise to perform an ISO 28000 certification audit following ISO 19011 guidelines and ISO 17021, ISO 28003 specifications • To acquire the expertise necessary to manage a SCSMS audit team • To understand the operation of an ISO28000 conformant SCSMS This is a PECB official training course


EXAM • The “Certified ISO 28000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of supply chain security - Domain 2: Supply Chain Security Management System (SCSMS) - Domain 3: Fundamental audit concepts and principles - Domain 4: Preparation of an ISO 28000 audit - Domain 5: Conducting of an ISO 28000 audit - Domain 6: Closing an ISO 28000 audit - Domain 7: Managing an ISO 28000 audit program • The “Certified ISO 28000 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 3 hours • For more information about exam, refer to PECB section on ISO 28000 Lead Auditor Exam

CERTIFICATION • After successfully completing the exam, participants can apply for the credentials of Certified ISO 28000 Provisional Auditor, Certified ISO 28000 Auditor or Certified ISO 28000 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors • A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential

Professional experience

SCSMS Audit experience

SCSMS project experience

None

None

None

Signing the PECB code of ethics

Audit activities totaling 200 hours

None

Signing the PECB code of ethics

Audit activities Five years Two years of Supply totaling Chain Security 300 hours work experience

None

Signing the PECB code of ethics

Credential

Exam

ISO 28000 Provisional Auditor

ISO 28000 Lead Auditor Exam

ISO 28000 Auditor

ISO 28000 Lead Auditor Exam

Two years One year of Supply Chain Security work experience

ISO 28000 Lead Auditor

ISO 28000 Lead Auditor Exam

Other requirements

• For more information about ISO 28000 certifications and PECB certification process, refer to PECB section on ISO 28000 Lead Auditor Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 450 pages of information and practical examples will be distributed to participants A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

99


CERTIFIED ISO 28000 FOUNDATION BECOME ACQUAINTED WITH THE BEST PRACTICES FOR IMPLEMENTING AND MANAGING A SUPPLY CHAIN SECURITY MANAGEMENT SYSTEM (SCSMS) BASED ON ISO 28000

SUMMARY

DAY 1

This course enables the participants to learn about the best practices for implementing and managing a Supply Chain Security Management System (SCSMS) as specified in ISO 28000:2007, as well as the best practices for implementing the supply chain security controls of all domains of the ISO 28001. This training is fully compatible with ISO 28004 (Guidelines for the Implementation of a SCSMS).

COURSE AGENDA

DURATION: 2 DAYS

Introduction to Supply Chain Security Management System (SCSMS) concepts as required by ISO 28000

PREREQUISITES

• Presentation of the standards ISO 28000, ISO 28001, ISO 28004 and regulatory and legal framework related to supply chain security • Introduction to management systems and the process approach • Fundamental principles of Supply chain security and physical security • General requirements: presentation of the clauses 4 to 8 of ISO 28000

DAY 2

Implementing controls in supply chain security according to ISO 28001 and Certification Exam • • • • •

Implementation phases of the ISO 28000 framework Documentation of a control environment Monitoring and reviewing the controls Examples of the implementation of controls Certification Exam

EXAM • The “Certified ISO 28000 Foundation” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: - Domain 1: Fundamental principles and concepts of supply chain security - Domain 2: Supply Chain Security Management System (SCSMS) • The “Certified ISO 28000 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form) • Duration: 1 hour • For more information about exam, refer to PECB section on ISO 28000 Foundation Exam

100

None

WHO SHOULD ATTEND? • Members of an supply chain security team • Physical security professionals wanting to gain a comprehensive knowledge of the main processes of a Supply Chain Security Management System (SCSMS) • Auditors, consultants LEARNING OBJECTIVES • To understand the implementation of a Supply Chain Security Management System in accordance with ISO28000 • To understand the relationship between a Supply Chain Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization • To know the concepts, approaches, standards, methods and techniques allowing to effectively manage a Supply Chain Security Management System This is a PECB official training course


CERTIFICATION • A certificate of Certified ISO 28000 Foundation will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential

Credential

Exam

ISO 28000 Foundation

ISO 28000 Foundation exam

Professional experience

SCSMS Audit experience

None

None

Other SCSMS project experience requirements None

Signing the PECB code of ethics

• For more information about ISO 28000 certifications and PECB certification process, refer to PECB section on ISO 28000 Foundation Certification

GENERAL INFORMATION • • • •

Certification fees are included in the exam price A student manual containing over 200 pages of information and practical examples will be distributed to participants A participation certificate of 14 CPD (Continuing Professional Development ) credits will be issued to participants In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

101


INTRODUCTION TO ISO 28000 INTRODUCTION TO THE IMPLEMENTATION OF A SUPPLY CHAIN SECURITY MANAGEMENT SYSTEM (SCSMS) BASED ON ISO 28000 SUMMARY This one-day training enables the participants to be familiar with the basic concepts of the implementation and management of a Supply Chain Security Management System (SCSMS) as specified in ISO 28000:2007. The participant will learn the different components of a SCSMS, including the SCSMS policy, risk management, measuring performance, management’s commitment, internal audit, management review and continuous improvement.

COURSE AGENDA • • • • • •

Introduction to the ISO 28000 family of standards Introduction to management systems and the process approach General requirements: presentation of the clauses 4 to 8 of ISO 28000 Implementation phases of ISO 28000 framework Continuous improvement of supply chain security ISO 28000 certification audit phases

EXAM AND CERTIFICATION None

GENERAL INFORMATION • A student manual containing over 100 pages of information and practical examples will be distributed to participants • A participation certificate of 7 CPD (Continuing Professional Development ) credits will be issued to participants

DURATION: 1 DAY PREREQUISITES None

WHO SHOULD ATTEND? • Members of an supply chain security team • Physical security professionals wanting to gain a comprehensive knowledge of the main processes of a Supply Chain Security Management System (SCSMS) • Auditors LEARNING OBJECTIVES • To understand the fundamentals of supply chain security • To know the interrelationships between ISO 28000 and the other supply chain security standards • To know the key components of a Supply Chain Security Management System (SCSMS) in accordance with ISO 28000 • To introduce the concepts, approaches, standards, methods and techniques allowing to effectively manage a SCSMS • To understand the stages of the ISO28000 certification process This is a PECB official training course

102


"Whenever one of my employees has training needs, I make sure they go to PECB courses. Their courses are great and the benefits are immediate. They acquire proven systematic methods that improve their productivity. I strongly recommend PECB." Martin F. Vice-President of Operations, Telecommunication Company


ifi

sional s e f Ev o r P

rt

a

a n nd o i t a Ce u l

cation Bo a r d

PECB – Professional Evaluation and Certification Board 7275 Sherbrooke East, Suite 32

80 Broad Street, 5th Floor

CP 49060, Montreal, QC H1N 1H0, CANADA

New York City, NY 10004, USA

Email: General inquiries: Certification: Examination: Training: Technical support: 104

info@pecb.org certification@pecb.org examination@pecb.org training@pecb.org support@pecb.org

Tel: 1-514-562-5464 Fax: (202) 618-6264


PECB Training Catalogue