Artificial Intelligence Risk Management (AIRM) according to ISO/IEC 23894
Description:
- Ability to understand the process approach in Artificial Intelligence Management (ISRM)
- Ability to understand the basic principles and process of the AIRM according to the ISO 23894 guidelines
- Ability to establish and maintain Artificial Intelligence Risk criteria and methods
- Ability to identify the AI requirements of interested parties, threads and vulnerabilities
- Ability to perform the AI Risk Assessment and Treatment according to the ISO 42001 requirements
- Ability to verify the effectiveness of the implemented measures
Previous skills/knowledge:
- Demonstrable knowledge of ISO/IEC 42001 requirements
- Demonstrable knowledge of ISO/IEC 27005 or ISO 31000
- Professional experience, including in information security management systems (recommended).
Authorized Partners:
Teaching requirements: Trainer to be qualified ISO 42001 – Information technology – Artificial intelligence - Management Systems or qualified ISO/IEC 27005, ISO 31000 Risk Management and ISO/IEC 23894
Objectives to achieve: The participant will identify how to integrate risk management into their activities and functions related to Artificial Intelligence. Additionally, they will describe the processes for the effective implementation and integration of the AI risk management system.
ISO/IEC 42001 Lead Auditor
Description:
- To participate in the selection of the audit team
- To prepare the audit plan
- To represent the audit team before the customer
- To give instructions to the audit team
- To inform any relevant obstacle identified during the audit process
- To be responsible of the all the audits steps
- To present the audit report
- To follow up and close the audit process
Previous skills/knowledge:
- Demonstrable knowledge of ISO/IEC 42001 requirements
- Demonstrable evidence of participation in ISO/IEC 42001 audits (>1 audit recommended)
- Professional experience, including in quality management systems, and information security management systems (recommended).
Authorized Partners:
Teaching requirements: Trainer to be qualified ISO 42001 – Information technology – Artificial intelligence - Management Systems or to be a qualified ISO/IEC 27001 Lead Auditor and Risk Management.
Objectives to achieve: The participant will learn and apply the main terms, principles, and techniques used during the activities of the audit process, according to the responsibilities assigned to the lead auditor for the review of an Artificial Intelligence Management System (IAMS) ISO/IEC 42001:2023 and based on the guidelines of the ISO 19011:2018 standard for auditing Management Systems.
ISO/IEC 42001 Internal Auditor
Description:
- Follow the instructions of the lead auditor and support them
- Collect and analyse sufficient evidence (for example, through interviews, observation, and documentation sampling) to determine audit findings and define audit conclusions.
- To Document the audit results.
- Collaborate in drafting the audit report.
- Exchange information with other team members and the audited personnel.
Previous skills/knowledge:
- Demonstrable knowledge of ISO/IEC 42001 requirements
- Professional experience in security information, cybersecurity and management systems
Authorized Partners:
Teaching requirements: Trainer to be qualified ISO 42001 – Information technology – Artificial intelligence - Management Systems or Trainer to be a qualified ISO/IEC 27001 Lead Auditor and Risk Management.
Objectives to achieve: The participant will learn and apply the main terms, principles, and techniques used during the activities of the audit process, according to the responsibilities assigned to the internal auditor for the review of an Artificial Intelligence Management System (IAMS) ISO/IEC 42001:2023 and based on the guidelines of the ISO 19011:2018 standard for auditing Management Systems.
Data Protection Officer
Description: Competences include:
- Perform the work of an authorized Data protection Officer in accordance with the law regulating personal data and the General Data Protection Regulation
- Knew Country and EU regulations on the protection of personal data
- Understood the concept and types of processing of personal data
- Knew the basic principles and basics of inspection law
- Knew the basic principles and basic of administrative law
- Knew the basic principles of compensation law for interference with personal rights and the right to privacy and the protection of personal data
- Able to assess the effects of processing personal data on privacy
- Capable of representing the processor or manager of personal data collections in the inspection procedures of the control body.
Previous skills/knowledge:
- Demonstrable knowledge of the General Data Protection Regulation (GDPR)
- Professional experience from information security
Authorized Partners:
Teaching requirements: Minimum two teachers; to be qualified for revision of information security (e.g., with auditor/trainer qualification); knowledge of local and EU regulations on the protection of personal data and practice in organizations.
Objectives to achieve: To get the necessary knowledge and skills to:
- Explain the concept of the protection of personal data
- Explain the difference between the protection of personal data and the protection of personal data collections
- Identify the risk in individual types of processing of personal data
- Explain the concept of contractual processing and write a contract of contractual processing with the personal data protection measures included, also knows the rules of the contractual relationship of sub-production
- Explain the concept of cloud services and understand the risk associated with these services
- Explain the concept to build-in privacy and use the concept in various ways of processing personal data
- Take into account the basic principles for handling personal data, transfer them into practice and hand over to internal co-workers
- Keep a record of the processing of personal data processing and identify different risk in the particular types/ processing modes
- Identify processing cases that require an assessment of privacy impacts and create an impact assessment on privacy
- To conduct procedures and to decide on the rights of individuals
- To carry out procedures of internal control of the compliance of the processing of personal data with the law governing the protection of personal data and the General Data Protection Regulation.
Information Security Risks Management (ISRM) according to ISO/IEC 27001:2022 and ISO/IEC 27002:2022
Description:
- Ability to understand the process approach in Information Security Risk Management (ISRM)
- Ability to understand the basic principles and process of the ISRM according to the ISO 27001 requirements, ISO 27002 and ISO 27005 guidelines
- Ability to establish and maintain Information Security Risk criteria and methods
- Ability to identify the IS requirements of interested parties, threads and vulnerabilities
- Ability to perform the IS Risk Assessment and Treatment according to the ISO 27001 requirements
- Ability to verify the effectiveness of the implemented measures
Previous skills/knowledge: Basic knowledge of management systems.
Authorized Partners:
Teaching requirements: Trainer to be a qualified ISO9001/QMS and/or other MS with knowledge in ISMS, Risk Management and/or ISO 27001 Lead Auditor (Recommended)
Objectives to achieve: To get the necessary knowledge and skills to:
- Be able to understand the process approach in Information Security Risk Management
- Be able to understand the ISO 27001 standard requirements regarding ISRM
- Be able to perform the IS Risk Assessment and Treatment
- Be able to formulate Risk Treatment Plan and effectively manage Information Security Risks
Fundamentals of Information Privacy Management System according to ISO/IEC 27701:2019
Description: At the end, the student will be able to
- Understand the definitions and fundamentals of the Information Privacy Management System.
- It manages to apply the specific requirements of the IPMS related to the ISO/IEC 27001:2013
- It manages to apply the specific guidelines of the IPMS related to the ISO/IEC 27002:2022
Previous skills/knowledge:
- Demonstrable knowledge of ISO/IEC 27001:2013 and information privacy management
- Professional experience, including in security management systems.
Authorized Partners:
Teaching requirements: Trainer must have as a teacher experience of Information security management system of minimum two year.
Objectives to achieve: To get the necessary knowledge and skills to:
- Understand the Information Privacy Management System (IPMS) within the framework of the ISO/IEC 27701: 2019 standard through a tour of its sections.
ISO 27001 Information Security Management Systems Professional
Description:
- Ability to understand the basic principles of an Information Security Management System
- Abiltiy to understand the standards ISO 27001 and ISO 27002
- Ability to identify the ISMS components
- Ability to conduct a risk evaluation according to the ISO 27001 requirements.
Previous skills/knowledge: Basic knowledge of management systems
Authorized Partners:
Teaching requirements: Trainer to be a qualified ISO 9001/QMS and/or other MS with knowledge in ISMS and/or ISO 27001 Lead Auditor (recom-mended)
Objectives to achieve: To get the necessary knowledge and skills to:
- Be able to understand the ISO 27001basic standard requirements
- Be able to implement an Information Security Management System (ISMS)
ISO 27001 Lead Auditor
Description:
Competencies detailed in ISO 27001 Internal Auditor MTS 007, plus
- To participate in the selection of the audit team
- To prepare the audit plan
- To represent the audit team before the customer
- To give instructions to the audit team
- To inform any relevant obstacle identified during the audit process
- To be responsible of all the audit steps
- To present the audit repot
- To follow up and close the audit process.
Previous skills/knowledge:
- Demonstrable knowledge of ISO 27001 requirements
- Demonstrable evidence of participation in ISO 27001/ISMS audits (>1 audit recommended)
- Professional experience, including in quality management systems/Information Security management systems – QMS/ISMS (recommended).
Authorized Partners:
Teaching requirements: Trainer to be a qualified ISO 27001/ISMS Lead Auditor
Objectives to achieve:
Objectives detailed in ISO 27001 Internal Auditor MTS 007, plus to get the necessary knowledge and skills to:
- Apply the proper interpretation of the standard in actual audit situations
- Plan the audit
- Carry out information security management system audits
- Define the responsibilities of the audit team´s members
- Know the functions and attitudes that an auditor must follow
- To effectively coordinate meetings with the audit team members and/or with auditee personnel
- Identify and write non-conformities and other deviations and suggest ways in which the effectiveness of corrective action might be verified.
ISO 27001 Internal Auditor
Description:
- To follow the instructions of the lead auditor and support him
- To collect and analyze enough evidences (e.g. through interview, observation and sampling of documentation) to determine the audit findings and define the audit conclusions
- To document the audit findings
- To collaborate in drafting the audit report
- To interchange information with the rest of the members of the audit team and with the auditee personnel.
Previous skills/knowledge:
- Demonstrable knowledge of ISO 27001 requirements
- Professional experience, including in quality management systems/information security management systems – QMS/ISMS (recommended).
Authorized Partners:
Teaching requirements: Trainer to be a qualified ISO 27001/ISMS Lead Auditor
Objectives to achieve: To get the necessary knowledge and skills to:
- Be qualifiable as ISO 27001/ISMS internal auditor (additional requirements from qualifying entity may apply)
- Understand the principles of internal audit
- Be able to assume responsibilities in any activity of the internal auditing process
- Understand the functions and competencies that any auditor must have to carry out first, second party, and certification audits
- Be able to apply auditing guidelines to ISO 27001/ISMS internal audits.