A major challenge facing business risk management today is protecting personal data, such as customer identification files or HR management files. The importance of this challenge has grown with the requirements of the EU General Data Protection Regulation (GDPR).

Information and security are vital for every organisation. Whether the information is stored electronically or printed on paper, implementing effective information protection against all threats and risks is easier said than done. ISO/IEC 27001 assists you in the implementation, management and maintenance of your data protection. This international standard was developed to provide organisations with a structured approach to identifying and addressing business processes and associated information risks. ISO 27001 is the most popular information security standard worldwide. It can be implemented in any organisation, in the private sector as well as in non-profit and government organisations, and in small or large companies.

CISM is one of the most important information security qualifications on the market. CISM defines the core competencies and international standards of performance that information security managers are expected to master. It provides executive management with the assurance that CISM holders have the experience and knowledge to offer effective security management and advice. This course provides an intense environment in which participants can acquire the skills and knowledge expected of a world-class information security manager.

The ISACA® Certified Information Systems Auditor (CISA) program has been the globally accepted standard of achievement among information systems (IS) audit, control and security professionals since 1978. The technical skills and practices that CISA promotes and evaluates are the building blocks of success in the field.

The COBIT 2019 Design and Implementation course is intended for more experienced users of the COBIT framework who are interested in more advanced use of the framework. These would include designing governance systems and running governance improvement programs. The just-released COBIT 2019 is the best COBIT yet. It features many changes, such as modified principles; new design factors; updated goals cascade; modified processes; updated performance management; new detailed governance and management objectives.

COBIT 2019 evolves from the previous version, COBIT 5. It continues to build on its solid foundation by adding the latest developments impacting Enterprise Governance of Information and Technology (EGIT). Also, COBIT 19 now offers more design and implementation services, practical guidance and insights. In this new and improved version, the elements you are already familiar with have been removed. Training for the Bridge exam means you only have to study these new elements.

IT auditors should know better than anyone the importance of sound IT governance and digital innovation.

ISACA’s COBIT has developed an effective framework for effective IT governance and management. This training is intended for all professionals who contribute to and value the creation, risk management and optimal use of resources in all areas of information systems.

COBIT (Control Objectives for Information and Related Technology) is developed by ISACA. A framework of good practices will allow a company to effectively vet an IT organisation. COBIT 2019 was designed with the intent to continuously address new and ever-changing technologies and challenges that businesses will encounter.

COBIT 2019 offers the latest insights into the field of IT control and decision-making on information technology. The latest version of the framework includes globally accepted principles, processes, practices and models. The management model integrates other major frameworks, including Information Infrastructure Library (ITIL), The Open Group Architecture Framework (TOGAF), as well as other related standards of the International Organisation for Standardisation (ISO).

The outsourcing of certain business processes has become unavoidable in today’s information-based society. Specialised IT companies will be better equipped to provide you with specific digital services. They can also help manage and secure both your business’s and customer data. Still, as a company, you remain accountable. It is important to understand and minimise the risks of outsourcing. You must be able to evaluate the quality of the service provided by the company. If you can do this, you can more accurately manage outsourced activities.

Digitisation has accelerated the automation of business processes. While this makes life easier in many ways, the new technology also poses risks. Companies that use this technology must be able to identify and tackle those risks.

We will help you master and maintain your cybersecurity system. This accredited training course only takes four days.

This bootcamp will teach you how to design and build a cybersecurity program based on the NIST Cybersecurity Framework and its control families (20 Critical Controls, ISO 27002, etc). This bootcamp is based on the NCSF-CFM Foundation and Practitioner certification training programs. The one-day NCSF-CFM Foundation program teaches the fundamentals of the NIST Cybersecurity Framework and the UMass Lowell Controls Factory Model. The three-day NCSF-CFM Practitioner Program teaches the advanced skills necessary to engineer, operate and manage the business risk of a NIST Cybersecurity Framework program.

Billions of dollars are spent worldwide on application systems developed by business users. “User-Developed Applications” (UDAs) are necessary in every business. Think of them as spreadsheets for calculating, organizing or comparing data. UDAs are so easy to develop that their use increases. However, these systems also come with risks. For example, in areas such as integrity, confidentiality and availability. Staff can adapt and change these systems without adhering to control measures.

You must conduct regular audits of these systems and integrate them into the internal audit plan of your organization. This way, you will be able to ensure that the UDAs used by staff are developed and operate correctly.

As an internal auditor, you want to become as efficient and reliable as you can when you develop audit evidence. We help you do this by mastering the tools and techniques best suited to each stage of your audit assignments.

The IPPF (International Professional Practices Framework) states that the standard on “Planning” is that “the chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization’s goals.” This one-day training delivered by QAA will help you find the best practices for building a “value-added audit plan.”

COSO has been a key reference in the internal control field for over 20 years. The COSO Internal Control Framework – an Integral Approach published in 1992 – defined the fundamental aspects of internal control. An updated version of the framework was published in May 2013 to reflect the evolving business and regulatory environment.

According to the Performance Standard of IIA’s International Standards for the Professional Practice of Internal Auditing, internal auditors “must establish a process to monitor and ensure that management and improvement actions have been effectively implemented or that senior management has accepted the risk of not taking action.” The objective of a follow-up audit is to assess how well managers have implemented the recommendations outlined in the completed internal audits engagements.

We use a workshop format in this highly interactive training. We use practical, everyday examples to show you how you can use agile auditing to your benefit.

Due to the format of the training, an experienced level is required, and the number of participants is limited to eight.

Internal auditors aim to make the process as easy as possible in the business environment. This process should be based on risk analysis and international best audit practices.

The outsourcing of certain business processes has become unavoidable in today’s information society. Specialised IT companies are often better equipped to provide you with specific digital services, as well as to manage and secure your data and that of your customers. Nevertheless, as a company, you remain accountable. So it is important to minimise the risks of outsourcing. You must be able to evaluate the quality of the service provided by the external party. Only in this way can you expertly manage outsourced activities.

A major challenge facing business risk management today is protecting personal data, such as customer identification files or HR management files. This is increasingly important, given the requirements of the new EU General Data Protection Regulation (GDPR).