|
 |
|
|
|
Entities processing personal data of European Union citizens must implement sufficient principles and measures to protect such data. This training aims at presenting GDPR requirements, both legal and technical, to guide the PII controllers and PII processors in managing compliance to the regulation in an effective and efficient way. Tools applicable for SMEs will be presented and exercised. Targeted audience: (1) everyone who wants to understand the content of the European Regulation within one day; (2) security officers; (3) DPOs and privacy managers. No prior knowledge about the GDPR is required. The training is available in Luxembourgish, French, English and German (support in French) at request. The licence for the use of the GDPR templates in one language provided by itrust consulting is included in the registration fee per company.
* General Data Protection Regulation (GDPR)
ISO/IEC 27001 is the recognised standard for Information Security Management in an organisation. The Lead Auditor ISO/IEC 27001 workshop trains external and internal auditors, as well as heads of audit teams that have to conduct ISMS* audits. The workshop consists of 4.5 days of training based on training material by Certi-Trust, and 0.5 days of a written knowledge test with a view toward obtaining the internationally recognized Lead Auditor ISO/IEC 27001 certification provided by Certi-Trust. The participant can also choose to take the presentation slides and the examination in French.
* Information Security Management System (ISMS)
This workshop aims at presenting an Information Security Management System (ISMS) that can be certified by a certification authority. The workshop aims at explaining the organisation of the international reference ISO on information security. Special attention is paid to the requirements of ISO/IEC 27001, the structure and content of the standards like ISO/IEC 27002 (Code of practice for information security management), ISO/IEC 27005 (Risk management in relation to information security) and ISO/IEC 27006 (Requirements for organisations performing audits and delivering certification of information security management systems). Other industry standards like ISO/IEC 27799 (Information security management in the health sector) or ISO/IEC 27010 (Information security management of cross-sectorial and inter-organisational communication) can be featured depending on the specific requirements of the participants. Targeted audience: (1) decision makers in charge of security aspects, including CEO, CIO and Asset Managers; (2) CISO and Risk Managers; (3) auditors and compliance officers.
This training presents the principles and best practices of risk management according to ISO/IEC 27005, as well as the procedure for the practical implementation of a sustainable risk analysis approach in a company following this methodology. Additional standards for DPIA are also covered. The general principles from ISO 31000, 31004 and 31010 and from ISO/IEC 29134 are introduced before concretizing them for the specific risks related to information. The set of processes and requirements of ISO/IEC 27005 are detailed and illustrated through presenting methodologies for analysis using concrete case studies. By using two different methods, TRICK Service and MONARC, the course provides an introductory training and tackles many practical aspects when applying risk management. This training includes 2.5 days of classroom lessons and 0.5 day for an optional exam.
* Data Protection Impact Assessment (DPIA)
Implement and control your ISMS.
The training is available in French or English, German at request.