Information Security Consultant, ISO 27001, GDPR, Data Privacy, ISO 9001, ISO 20000, IRCA Lead Auditor, expert with Document Management, Policy & Procedure writing and editing expert.
CV of Jagroop Jagpal for recruiters and/or companies looking for an experienced qualified consultant in information security, data privacy, audit, quality management, business improvement, policy writing/review
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
The webinar covers:
• The relation between ISO 27001 and ISO 20000
• How much does project management fit in with both of them
• Integration of information security and IT Services
Presenter:
Adnan Hafiz is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 10 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/0se77tjLL4c
IT Performance Measurement using IT Governance MetricPECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
This webinar covers the following:
• An Overview of IT Governance
• Why and What to measure – Benefits and Objectives
• How and When to measure – Approach and Schedule
Presenter:
Oladapo Ogundeji's professional career extends over 18 years of experience focused on enhancing the strategic value of ICT in organizations through process re-engineering, strategic planning and project management for corporate objective & strategy that address business opportunities and issues.
Link of the recorded session published on YouTube: https://youtu.be/TOG3RPp1g0c
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
This topic covered an overview of ISO 22301:2012 requirements regarding Business Impact Analysis, the importance of BIA, and how to avoid most common mistakes.
Main points covered:
• Overview of ISO 22301:2012 requirements regarding Business Impact Analysis
• How to avoid most common mistakes and obtain reliable data from the BIA?
• The significance of the BIA
Presenter:
Renata Davidson works in the Business Continuity Management area since 1998. She was the first professional in Central and Eastern Europe to be certified by Disaster Recovery Institute International. During the course of her career, she's lead tens of projects for "Blue Chip companies in Poland, in all sectors of the economy. She is the founder and CEO of Davidson Consulting &Partners LLC, a partnership of experts specializing in business continuity, operational risk management and process management.
Link of the recorded session published on YouTube: https://youtu.be/3rVhrGQk8cE
The document discusses ISO 27001 internal audit requirements and challenges with conducting internal audits. It proposes two approaches for outsourcing ISO 27001 audits to an external firm: 1) co-sourcing where the firm provides audit resources under the organization's direction, or 2) a managed assurance service where the firm develops and runs the entire audit program. The benefits cited include overcoming resourcing challenges, ensuring objectivity, and focusing internal resources on high risk areas.
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
This document provides implementation tips and potential metrics for ISO/IEC 27001 and 27002. It covers tips and metrics for each control objective in ISO/IEC 27002 sections 4 through 15. The tips are meant to help others implementing the ISO information security standards in their organization. The document is collaboratively created and copyrighted but licensed for sharing and derivative works.
ISO 27001 is an international standard for information security management systems (ISMS). It provides requirements for establishing, implementing, maintaining and continually improving an ISMS. Key benefits of ISO 27001 include reducing information security risks, increasing transparency of security risks, and demonstrating assurance to customers through independent third-party certification. While growing in adoption globally, ISO 27001 certification is still only held by around 3.5% of organizations. It is commonly pursued by service providers and sectors involving data privacy like cloud providers and healthcare. The process of obtaining ISO 27001 involves designing and implementing an ISMS, undergoing two stage external audits, and maintaining conformity over the three year certification period.
CV of Jagroop Jagpal for recruiters and/or companies looking for an experienced qualified consultant in information security, data privacy, audit, quality management, business improvement, policy writing/review
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
The webinar covers:
• The relation between ISO 27001 and ISO 20000
• How much does project management fit in with both of them
• Integration of information security and IT Services
Presenter:
Adnan Hafiz is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 10 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/0se77tjLL4c
IT Performance Measurement using IT Governance MetricPECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
This webinar covers the following:
• An Overview of IT Governance
• Why and What to measure – Benefits and Objectives
• How and When to measure – Approach and Schedule
Presenter:
Oladapo Ogundeji's professional career extends over 18 years of experience focused on enhancing the strategic value of ICT in organizations through process re-engineering, strategic planning and project management for corporate objective & strategy that address business opportunities and issues.
Link of the recorded session published on YouTube: https://youtu.be/TOG3RPp1g0c
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
This topic covered an overview of ISO 22301:2012 requirements regarding Business Impact Analysis, the importance of BIA, and how to avoid most common mistakes.
Main points covered:
• Overview of ISO 22301:2012 requirements regarding Business Impact Analysis
• How to avoid most common mistakes and obtain reliable data from the BIA?
• The significance of the BIA
Presenter:
Renata Davidson works in the Business Continuity Management area since 1998. She was the first professional in Central and Eastern Europe to be certified by Disaster Recovery Institute International. During the course of her career, she's lead tens of projects for "Blue Chip companies in Poland, in all sectors of the economy. She is the founder and CEO of Davidson Consulting &Partners LLC, a partnership of experts specializing in business continuity, operational risk management and process management.
Link of the recorded session published on YouTube: https://youtu.be/3rVhrGQk8cE
The document discusses ISO 27001 internal audit requirements and challenges with conducting internal audits. It proposes two approaches for outsourcing ISO 27001 audits to an external firm: 1) co-sourcing where the firm provides audit resources under the organization's direction, or 2) a managed assurance service where the firm develops and runs the entire audit program. The benefits cited include overcoming resourcing challenges, ensuring objectivity, and focusing internal resources on high risk areas.
Due to the dramatic increase of threats worldwide, there is a need for the companies to find ways how to increase the information security. Therefore, one solution is to implement the ISO/IEC 27001 in order to protect information both internally and externally.
Main points that will be covered are:
• The scope of ISO 27001 & associated other standards references
• Information Security and ISIM Terminologies
• ISIM auditing principles
• Managing audit program & audit activities
Presenter:
Eng. Kefah El-Ghobbas is a specialist in ‘Business Process Excellence' through ‘Business Process Re-engineering' with over 20 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/rTxA8PVULUs
This document provides implementation tips and potential metrics for ISO/IEC 27001 and 27002. It covers tips and metrics for each control objective in ISO/IEC 27002 sections 4 through 15. The tips are meant to help others implementing the ISO information security standards in their organization. The document is collaboratively created and copyrighted but licensed for sharing and derivative works.
ISO 27001 is an international standard for information security management systems (ISMS). It provides requirements for establishing, implementing, maintaining and continually improving an ISMS. Key benefits of ISO 27001 include reducing information security risks, increasing transparency of security risks, and demonstrating assurance to customers through independent third-party certification. While growing in adoption globally, ISO 27001 certification is still only held by around 3.5% of organizations. It is commonly pursued by service providers and sectors involving data privacy like cloud providers and healthcare. The process of obtaining ISO 27001 involves designing and implementing an ISMS, undergoing two stage external audits, and maintaining conformity over the three year certification period.
ISO 27001:2013 Implementation procedureUppala Anand
This document outlines 35 steps to implement an ISO 27001:2013 information security management system (ISMS) from scratch. The steps are divided into four phases: plan, do, check, and act. The planning phase involves obtaining management approval, understanding the organization and its needs, defining the ISMS scope and objectives. The doing phase includes performing risk assessments, selecting controls, and implementing risk treatment plans. The checking phase consists of monitoring performance, auditing, and collecting feedback. The acting phase is for reviewing performance, deciding on improvements, and planning corrective actions.
This document outlines a project plan for implementing an Information Security Management System (ISMS) compliant with ISO 27001 in an organization. The plan defines the project goals as obtaining ISO 27001 certification by a target date, identifies key results and risks, and provides a schedule and roles. It also describes tools and documents that will be used, such as a shared folder for all project materials and regular reporting from the project manager.
The webinar covers:
1- Build a business case to implement ISO27001
- Who are stakeholders?
- Who is project executive sponsor?
- Incentives to implement? Is BOD in support? Industry /market pressures?
- History (previous attempts/audits/issues/implications if failed)
- Consultant selection
- Cost and budgetary constraints.
- Resources constraints
2- Costs of not implementing ISO 27001
3- Wrap-up
Presenter:
The webinar was presented from PECB Partner and Trainer Mr. Mohamad Khachab who has 30 years of professional experience in management consultancy, project management, teaching/training, IT Procurement, preparing proposals, information risk management, research, developing bidding documents, and business development activities.
Link of the recorded session published on YouTube: https://youtu.be/6kBp3SxKDP8
When your company displays the ISO 27001, your customers will know that you have policies in place to protect their information from today’s big threats.
The 27000 series of certifications cover a variety of information security. You can optimize your time and energy by focusing on just ISO 27001, arguably the best-known and top preparation standard designed to protect your network through an information security management system (ISMS).
Here is a complete guide to ISO 27001. In this guide we will run you through the standard, stages of planning for ISO 27001, the sections for the standard, the certification process and more.
Find out more about ISO 27001 or get a quote for certification here - https://www.nqa.com/en-gb/certification/standards/iso-27001
Project plan for ISO 9001 Implementationtechnakama
This document outlines the plan for a project to implement ISO 9001 quality management standards in an organization. It includes defining goals to apply ISO 9001 requirements, meet regulations, and achieve certification by a target date. Key results will be quality management system implementation and certification. The project schedule is divided into milestones, and roles of the project sponsor and manager are defined. Risks like delayed phases are identified, and measures like monitoring activities are planned to reduce risks. Shared documents and regular reports by the project manager will be used for documentation and reporting.
Legal Register / Compliance Obligations ISO 14001Nimonik
https://nimonik.com
An overview of why your organization should equip itself with a robust and integrated Legal Register (Compliance Obligations). Reviews of the purpose, intent and benefits of a Legal Register.
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
The document is a presentation summarizing an internship at an IT company working on three projects: 1) Creating a roadmap for transitioning to ISO 27001:2013 which involved gap analysis and updating controls. 2) Mapping the internal auditing process which involves scheduling, preparing, conducting, and reporting on audits. 3) Analyzing a specific business continuity scenario which included identifying critical processes, calculating response times, and planning infrastructure and response to incidents. The internship provided learning around differences in standards, assessing controls, conducting audits, and creating business continuity plans.
The document discusses ISO 27001, ISO 27701, and information security management systems (ISMS). It provides an introduction and overview of the standards, including what is covered in ISO 27001. ISO 27701 is described as a privacy extension for ISO 27001. The certification process with ControlCase and KUMA is summarized in 3 steps: readiness assessment, ISO Stage 1 audit, and ISO Stage 2 audit. Common challenges around ISO 27001/27701 certification are listed. Benefits of partnering with ControlCase/Kuma are presented, including their expertise and delivering value beyond compliance.
In the event of an emergency, many businesses and organizations must have the ability to mitigate damage and continue operating. ISO 22301 is the international standard for Business Continuity Management (BCM). Published by the International Organization for Standardization, ISO 22301 is designed to help organizations prevent, prepare for, respond to and recover from unexpected and disruptive incidents.
Use this ISO 22301 checklist to help when implementing a business continuity management system.
ISO 27001 certification specifies requirements for an information security management system (ISMS). An ISMS uses policies and procedures to manage information risk, including technical and organizational measures. Key elements include leadership commitment, risk assessment, controls like access management, and monitoring/improvement. Mandatory documents include the risk assessment and treatment plan, security policies, and records of training/audits. Non-mandatory examples are classification, backup and change management policies. Benefits are compliance, competitive advantage, cost savings, and organizational efficiency.
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)ISACA Riyadh
This document summarizes a presentation comparing COBIT 5.0 and ISO/IEC 38500. It provides an overview of COBIT 5.0's evaluate, direct, monitor framework and its application to business processes, corporate governance of IT, ICT projects, operations, and business pressures and needs. It also summarizes ISO/IEC 38500's six principles of responsibility, strategy, acquisition, performance, conformance, and human behavior. The document concludes with a discussion of certification options for ISO/IEC 38500 from PECB and ISC Global.
Subrata Guha, UL DQS Inc. IT Services Director, with more than 20 years of professional experience in the fields of IT Service Management, Software Engineering and Audit/Assessment of Quality Management Systems hosts a webinar that focuses on the transition to ISO IEC 27001:2013. This webinar includes:
- Highlights of the changes in ISO IEC 27001:2013
- Transition Strategy
- Q&A session
7 Key Problems to Avoid in ISO 27001 ImplementationPECB
What are 7 key problems that we should avoid when implementing ISO 27001? What are the most common causes for these problems? How can we reduce or avoid these problems without reducing the quality of the implementation?
Main points covered:
• Learn what the most common causes of the ISO 27001 project failures are
• See what the steps to overcome these problems are
• Learn how to speed up your implementation without reducing the quality of the implementation
Our presenter for this webinar was Mr. Dejan Kosutic who is the main ISO 27001 expert Advisera. He has extensive working experience both as a tutor and as a consultant – he is an Approved Tutor for ISMS Lead Auditor courses and delivers various ISO 27001 in-person courses throughout Europe as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium-sized business including IT companies.
Link of the recorded session published on YouTube: https://youtu.be/QD6kWvD76p4
This document provides an overview of ISMS audits using ISO 27001:2013. It discusses ISO and the ISO 27000 series of standards. It then covers the process-based ISMS approach and outlines the mandatory and discretionary controls in ISO 27001. The document defines an audit and outlines key audit principles. It describes the different types of audits and details the audit process, including developing audit checklists and the stages of an on-site audit.
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
Many organizations have adopted the ISO 22301 standard for their business continuity management systems. Recently, ISO has released the new ISO 22317 Standard for Business Impact Analysis. In this webinar, learn about several different strategies to build an effective BIA that will help you advance your business continuity strategies.
Presenter:
This webinar was presented by Bryan Strawser, Principal Consultant & CEO at Bryghtpath LLC, who has more than 21 years of experience.
Link of the recorded webinar published on YouTube: https://youtu.be/19r2u3zJp1o
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
We will cover:
• Importance of Business Impact Analysis (BIA)
• What does new standard ISO 22317 cover?
• Elaborating ISO 22317
Presenter:
This session will be hosted by our partner Dr. Wolfgang H. Mahr, M.Sc., MBCI, the Managing Director of governance & continuity gmbh with more than 20 years of experience.
Many aspects of GDPR compliance can be achieved through leveraging established data security and compliance management best practices. Four key focus areas to focus on include Risk Assessment, Breach Response, Data Governance, and Compliance Program Management. This paper explore each of these areas.
Use of the COBIT Security Baseline as a framework for an information
security program at a large state agency. Presented at the 2005 MN Govt IT
Symposium.
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
IT Governance & Leadership 17 - 20 November 2014 Dubai, UAE360 BSI
Information and related technology have become increasingly crucial in the sustainability, growth and management of value and risk in most enterprises. As a result, IT has moved from a support role to a central position within enterprises.
The enhanced role of IT for enterprise value creation and risk management has been accompanied by an increased emphasis on the Governance and Management of Enterprise IT (GEIT).
Enterprise stakeholders and the governing board wish to ensure that IT fulfills the goals of the enterprise. GEIT is an integral part of overall corporate governance.
GEIT addresses the definition and implementation of processes, structures and relational mechanisms within the enterprise that enable business and IT staff to
execute their responsibilities in support of creating or sustaining business value.
In this course you will learn and understand how to assess and evaluate an organization’s GEIT and make sure that IT is properly aligned with the business objectives.
COBIT 5 can help enterprises create optimal value from IT by maintaining a balance between realizing benefits, optimizing risk management and leveraging resources. The COBIT 5.0 addresses both business and IT functional areas and provides a governance, management and operational framework for enterprises of all sizes, whether commercial, not-for-profit or public sector.
Contact Kris at kris@360bsi.com to register.
Mahalakshmi has over 9 years of experience as an IT and Information Security Audit Manager. She has a Bachelor's degree in Information Technology and holds certifications including CISA, CISSP, Six Sigma Green Belt, and ALMI. Currently she works as an Audit Manager at Westpac Group, where her responsibilities include performing independent reviews and evaluations to assist management in developing and maintaining effective control frameworks. Previously she worked as a Senior IT Auditor at Allianz Australia and held various roles such as Information Security Manager and Audit and Compliance Manager at Tata Consultancy Services.
ISO 27001:2013 Implementation procedureUppala Anand
This document outlines 35 steps to implement an ISO 27001:2013 information security management system (ISMS) from scratch. The steps are divided into four phases: plan, do, check, and act. The planning phase involves obtaining management approval, understanding the organization and its needs, defining the ISMS scope and objectives. The doing phase includes performing risk assessments, selecting controls, and implementing risk treatment plans. The checking phase consists of monitoring performance, auditing, and collecting feedback. The acting phase is for reviewing performance, deciding on improvements, and planning corrective actions.
This document outlines a project plan for implementing an Information Security Management System (ISMS) compliant with ISO 27001 in an organization. The plan defines the project goals as obtaining ISO 27001 certification by a target date, identifies key results and risks, and provides a schedule and roles. It also describes tools and documents that will be used, such as a shared folder for all project materials and regular reporting from the project manager.
The webinar covers:
1- Build a business case to implement ISO27001
- Who are stakeholders?
- Who is project executive sponsor?
- Incentives to implement? Is BOD in support? Industry /market pressures?
- History (previous attempts/audits/issues/implications if failed)
- Consultant selection
- Cost and budgetary constraints.
- Resources constraints
2- Costs of not implementing ISO 27001
3- Wrap-up
Presenter:
The webinar was presented from PECB Partner and Trainer Mr. Mohamad Khachab who has 30 years of professional experience in management consultancy, project management, teaching/training, IT Procurement, preparing proposals, information risk management, research, developing bidding documents, and business development activities.
Link of the recorded session published on YouTube: https://youtu.be/6kBp3SxKDP8
When your company displays the ISO 27001, your customers will know that you have policies in place to protect their information from today’s big threats.
The 27000 series of certifications cover a variety of information security. You can optimize your time and energy by focusing on just ISO 27001, arguably the best-known and top preparation standard designed to protect your network through an information security management system (ISMS).
Here is a complete guide to ISO 27001. In this guide we will run you through the standard, stages of planning for ISO 27001, the sections for the standard, the certification process and more.
Find out more about ISO 27001 or get a quote for certification here - https://www.nqa.com/en-gb/certification/standards/iso-27001
Project plan for ISO 9001 Implementationtechnakama
This document outlines the plan for a project to implement ISO 9001 quality management standards in an organization. It includes defining goals to apply ISO 9001 requirements, meet regulations, and achieve certification by a target date. Key results will be quality management system implementation and certification. The project schedule is divided into milestones, and roles of the project sponsor and manager are defined. Risks like delayed phases are identified, and measures like monitoring activities are planned to reduce risks. Shared documents and regular reports by the project manager will be used for documentation and reporting.
Legal Register / Compliance Obligations ISO 14001Nimonik
https://nimonik.com
An overview of why your organization should equip itself with a robust and integrated Legal Register (Compliance Obligations). Reviews of the purpose, intent and benefits of a Legal Register.
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
The document is a presentation summarizing an internship at an IT company working on three projects: 1) Creating a roadmap for transitioning to ISO 27001:2013 which involved gap analysis and updating controls. 2) Mapping the internal auditing process which involves scheduling, preparing, conducting, and reporting on audits. 3) Analyzing a specific business continuity scenario which included identifying critical processes, calculating response times, and planning infrastructure and response to incidents. The internship provided learning around differences in standards, assessing controls, conducting audits, and creating business continuity plans.
The document discusses ISO 27001, ISO 27701, and information security management systems (ISMS). It provides an introduction and overview of the standards, including what is covered in ISO 27001. ISO 27701 is described as a privacy extension for ISO 27001. The certification process with ControlCase and KUMA is summarized in 3 steps: readiness assessment, ISO Stage 1 audit, and ISO Stage 2 audit. Common challenges around ISO 27001/27701 certification are listed. Benefits of partnering with ControlCase/Kuma are presented, including their expertise and delivering value beyond compliance.
In the event of an emergency, many businesses and organizations must have the ability to mitigate damage and continue operating. ISO 22301 is the international standard for Business Continuity Management (BCM). Published by the International Organization for Standardization, ISO 22301 is designed to help organizations prevent, prepare for, respond to and recover from unexpected and disruptive incidents.
Use this ISO 22301 checklist to help when implementing a business continuity management system.
ISO 27001 certification specifies requirements for an information security management system (ISMS). An ISMS uses policies and procedures to manage information risk, including technical and organizational measures. Key elements include leadership commitment, risk assessment, controls like access management, and monitoring/improvement. Mandatory documents include the risk assessment and treatment plan, security policies, and records of training/audits. Non-mandatory examples are classification, backup and change management policies. Benefits are compliance, competitive advantage, cost savings, and organizational efficiency.
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)ISACA Riyadh
This document summarizes a presentation comparing COBIT 5.0 and ISO/IEC 38500. It provides an overview of COBIT 5.0's evaluate, direct, monitor framework and its application to business processes, corporate governance of IT, ICT projects, operations, and business pressures and needs. It also summarizes ISO/IEC 38500's six principles of responsibility, strategy, acquisition, performance, conformance, and human behavior. The document concludes with a discussion of certification options for ISO/IEC 38500 from PECB and ISC Global.
Subrata Guha, UL DQS Inc. IT Services Director, with more than 20 years of professional experience in the fields of IT Service Management, Software Engineering and Audit/Assessment of Quality Management Systems hosts a webinar that focuses on the transition to ISO IEC 27001:2013. This webinar includes:
- Highlights of the changes in ISO IEC 27001:2013
- Transition Strategy
- Q&A session
7 Key Problems to Avoid in ISO 27001 ImplementationPECB
What are 7 key problems that we should avoid when implementing ISO 27001? What are the most common causes for these problems? How can we reduce or avoid these problems without reducing the quality of the implementation?
Main points covered:
• Learn what the most common causes of the ISO 27001 project failures are
• See what the steps to overcome these problems are
• Learn how to speed up your implementation without reducing the quality of the implementation
Our presenter for this webinar was Mr. Dejan Kosutic who is the main ISO 27001 expert Advisera. He has extensive working experience both as a tutor and as a consultant – he is an Approved Tutor for ISMS Lead Auditor courses and delivers various ISO 27001 in-person courses throughout Europe as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium-sized business including IT companies.
Link of the recorded session published on YouTube: https://youtu.be/QD6kWvD76p4
This document provides an overview of ISMS audits using ISO 27001:2013. It discusses ISO and the ISO 27000 series of standards. It then covers the process-based ISMS approach and outlines the mandatory and discretionary controls in ISO 27001. The document defines an audit and outlines key audit principles. It describes the different types of audits and details the audit process, including developing audit checklists and the stages of an on-site audit.
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
Many organizations have adopted the ISO 22301 standard for their business continuity management systems. Recently, ISO has released the new ISO 22317 Standard for Business Impact Analysis. In this webinar, learn about several different strategies to build an effective BIA that will help you advance your business continuity strategies.
Presenter:
This webinar was presented by Bryan Strawser, Principal Consultant & CEO at Bryghtpath LLC, who has more than 21 years of experience.
Link of the recorded webinar published on YouTube: https://youtu.be/19r2u3zJp1o
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
We will cover:
• Importance of Business Impact Analysis (BIA)
• What does new standard ISO 22317 cover?
• Elaborating ISO 22317
Presenter:
This session will be hosted by our partner Dr. Wolfgang H. Mahr, M.Sc., MBCI, the Managing Director of governance & continuity gmbh with more than 20 years of experience.
Many aspects of GDPR compliance can be achieved through leveraging established data security and compliance management best practices. Four key focus areas to focus on include Risk Assessment, Breach Response, Data Governance, and Compliance Program Management. This paper explore each of these areas.
Use of the COBIT Security Baseline as a framework for an information
security program at a large state agency. Presented at the 2005 MN Govt IT
Symposium.
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
IT Governance & Leadership 17 - 20 November 2014 Dubai, UAE360 BSI
Information and related technology have become increasingly crucial in the sustainability, growth and management of value and risk in most enterprises. As a result, IT has moved from a support role to a central position within enterprises.
The enhanced role of IT for enterprise value creation and risk management has been accompanied by an increased emphasis on the Governance and Management of Enterprise IT (GEIT).
Enterprise stakeholders and the governing board wish to ensure that IT fulfills the goals of the enterprise. GEIT is an integral part of overall corporate governance.
GEIT addresses the definition and implementation of processes, structures and relational mechanisms within the enterprise that enable business and IT staff to
execute their responsibilities in support of creating or sustaining business value.
In this course you will learn and understand how to assess and evaluate an organization’s GEIT and make sure that IT is properly aligned with the business objectives.
COBIT 5 can help enterprises create optimal value from IT by maintaining a balance between realizing benefits, optimizing risk management and leveraging resources. The COBIT 5.0 addresses both business and IT functional areas and provides a governance, management and operational framework for enterprises of all sizes, whether commercial, not-for-profit or public sector.
Contact Kris at kris@360bsi.com to register.
Mahalakshmi has over 9 years of experience as an IT and Information Security Audit Manager. She has a Bachelor's degree in Information Technology and holds certifications including CISA, CISSP, Six Sigma Green Belt, and ALMI. Currently she works as an Audit Manager at Westpac Group, where her responsibilities include performing independent reviews and evaluations to assist management in developing and maintaining effective control frameworks. Previously she worked as a Senior IT Auditor at Allianz Australia and held various roles such as Information Security Manager and Audit and Compliance Manager at Tata Consultancy Services.
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
Maclear specializes in enterprise governance, risk and compliance (eGRC) solutions. The IT GRC Solution integrates various business functions such as IT governance, policy management, risk management, compliance management, audit management, and incident management. Enables an automated and workflow driven approach to managing, communicating and implementing IT policies and procedures across the enterprise
Read More at: http://www.maclear-grc.com/
David Fisher is a highly experienced project and programme manager with over 15 years of experience in finance, business, and IT change. He has a proven track record of delivering complex, global programmes and solutions. He is skilled in project management, business analysis, stakeholder engagement, and change management. Currently, he works as the finance director and business development manager for his own company, SeeFisher Ltd, where he helps grow two businesses.
Mark Leslie provides a 3 page resume summarizing his experience as an Information and Business Systems Manager, Business Systems and Process Manager, and various other roles. He has over 15 years of experience managing IT departments and implementing business systems. He currently manages the IT department and systems for Tui Products Limited, ensuring strategies and operations are aligned.
Kishore Sundararaman has over 15 years of experience as a lead auditor for quality management systems. He currently manages a team of 15+ auditors at HCL Technologies, conducting audits covering infrastructure controls, ITIL best practices, and regulatory compliance for over 70 clients globally. Prior to this, he led process audits for Capgemini and conducted third-party certification audits as an asset team member for DQS GmbH. Kishore believes his diverse audit experience across different industries, standards, and roles would allow him to be a contributing member of any organization.
This document provides contact information and a detailed summary of the qualifications and work experience for Neil Barnacle. According to his resume, Neil has over 25 years of experience in information security management, leading projects across both public and private sectors in Europe and the USA. He has expertise in areas such as ISO27001 implementation, identity management, disaster recovery planning, and security strategy development at the board level.
Gail Gillis has over 27 years of experience in technology disciplines including project management, strategic planning, risk management, and compliance. She is currently the Technology Risk Management and Disaster Recovery Planning leader at Canada Mortgage and Housing Corporation, where she is responsible for assessing technology risks and ensuring legislative compliance. Previously she held roles in project management, portfolio management, and was acting manager for the IT Strategy team. She has proven experience managing complex projects with large budgets and teams.
Info-Tech Research Group & Boardroom Events Value Prop PresentationHilary Carney Badoian
As a participant of Midmarket CIO Forum, you are given the opportunity to benefit from the Info-Tech offering (membership, advisory services, diagnostics & benchmarking, tools, templates including policies and job descriptions, vendor contract review and negotiations, and alignment tools) while having the overlay of the peer to peer vetting and communications. See the overview here and set up a call to speak in detail: https://calendly.com/MeetHilary/IT
Louis Murphy has over 20 years of experience as an IT executive manager and principal consultant. He specializes in IT service delivery, project management, and operations. Throughout his career, he has held roles at major banks and consulting firms, delivering strategic initiatives and transforming IT organizations. His expertise lies in injecting discipline, rigor, and best practices to optimize operations and deliver business value.
This document discusses key considerations for IT internal audits related to information security and business continuity management. It outlines several audits that an IT internal audit function can perform to evaluate an organization's information security strategy and program, including assessments of the information security program, the threat and vulnerability management program, and performing vulnerability assessments. It also discusses how business continuity has increased in importance given disruptions from events like natural disasters and infrastructure failures, and the need for organizations to have effective business continuity management. The document provides context around risks to information from both internal and external threats and how IT internal audit can help evaluate controls.
Amit Kumar Verma is an experienced Information Security and Business Continuity professional with over 12 years of experience managing security programs in global companies. He is currently the Global Information Security Manager at ISG Novasoft Technology in Bangalore. Previously he has held security leadership roles at other companies like Theorem India, Concentrix, Paladion Networks, and Capgemini. He has expertise in designing and implementing security programs aligned with standards like ISO 27001, PCI DSS, and implementing governance, risk and compliance programs.
Highly experienced and skilled BUSINESS ARCHITECT/ANALYST of 14 years with a proven track record for delivery in major financial and legal institutions, healthcare regulation, and contact centre environments. Extensive full project lifecycle experience, including waterfall and Agile methods.
Experienced in managing, training, and mentoring Business Analysts of all levels in the latest industry-leading techniques. Hugely passionate about raising the profile of business analysis, increasing competency of practitioners and demonstrating how it enables faster and higher quality project outcomes to the customer.
This whitepaper provides some meaningful examples on metrics along with purposes of metrics (targets).
The whitepaper focuses on metrics in relation to the status of the ISMS and its output. These are also the outputs, which feeds into the management reporting.
This resume summarizes the professional experience of an Information Security professional with over 13 years of experience implementing security standards like ISO27001, PCI-DSS, and SSAE 16. The candidate's current role involves automating security controls, managing audits, and leading a team as the IT-GRC Domain Area Lead Manager. Prior experience includes security roles at Bharti Airtel, Capco Technologies, and other companies managing security operations, audits, risk assessments, and projects.
Amit Yadav is an Information Security and Business Continuity Systems Consultant and Auditor with over 7.5 years of experience. He currently works as an Info-Sec Consultant for Recon Business Advisory Pvt. Ltd., where he focuses on developing, implementing, and auditing systems such as ISO 27001, ISO 22301, and ISO 9001 for clients. Previously, he worked for Spectrum Services Management Consultants as a Junior Consultant for ISO systems. He has experience managing projects, conducting risk assessments, developing frameworks, and ensuring compliance. He holds certifications in ISO 9001 and ISO 27001/22301 auditing and implementation.
S. Rod Simpson is an experienced IT security professional with over 25 years of experience managing information security risk, IT general controls, IT audit, and compliance at Caterpillar, Inc. He has held roles such as Enterprise Risk Acceptance Manager, IT General Controls Manager, Manager of Key Process Indicators, and Six Sigma Blackbelt. Simpson is skilled in all aspects of information security from policy to protection to audit. He is certified in CRISC, CISA, CISM, ITIL, and Six Sigma methodology.
The document discusses implementing an integrated IT service management system (SMS) and information security management system (ISMS) based on ISO/IEC 20000-1 and ISO/IEC 27000 standards. It describes how ISO/IEC 27001 fits into the information security requirements of ISO/IEC 20000. There are key benefits to an integrated system, including providing credible and secure services, lower implementation costs, reduced timelines by developing common processes together, and eliminating duplication between the standards. An integrated system also promotes understanding between service and security personnel.
William T Haase has over 20 years of experience in security, privacy, integration, and compliance. He has a proven track record of generating over $20 million in new revenue annually. He is an expert in areas such as identity and access management, governance and compliance, and developing security solutions that meet various regulatory standards. He has extensive experience consulting with clients in industries such as healthcare, finance, and insurance.
The document discusses governance and the evolution of COBIT from versions 4.1 to 5.0, noting key changes like new principles, a focus on enablers, a new process reference model, and new/modified processes. It provides an overview of COBIT 5.0's framework for linking business goals to IT goals and processes. The presentation is by Dr. Santipat Arunthari, Chief Technology Officer of PTT ICT Solutions Company Limited.
Explore the key differences between silicone sponge rubber and foam rubber in this comprehensive presentation. Learn about their unique properties, manufacturing processes, and applications across various industries. Discover how each material performs in terms of temperature resistance, chemical resistance, and cost-effectiveness. Gain insights from real-world case studies and make informed decisions for your projects.
Complete Self-write Restaurant Business Plan Guide for Entrepreneurs
CV jagroop jagpal
1. Page 1 of 4
Jagroop Singh Jagpal (Jag) 02085816262 / 07902296888| jagroop@smup.london | LinkedIn
Certified GDPR Practitioner; Lead Auditor Information Security Management (ISO 27001:2013
Certificate Number: 01195562); Lead Auditor in Quality Management (ISO 9001:2015 Certificate
Number: 01195562); IT Service Management (ISO 20000); Design, Implementation; Maintenance;
Auditing; Risk Management; Business Improvement; Business Continuity; Business Change and
Efficiency
Summary
A result driven, Information Security, Quality Management and Data Protection leader equipped with
international recognition as a certified auditor in Information Security Management ISO 27001 and
Quality Management ISO 9001as well as being a certified GDPR practitioner. I have leveraged analytical
and problem-solving strengths at senior management level, thriving in dynamic, high-pressure
environments. At the forefront of my skillset lies the ability to analyse and streamline systems, operations
and business processes to increase productivity, quality and efficiency.
I am now open to consulting opportunities with large and small organisations across industries and
sectors. In these contexts, I would be a multi-faceted asset, adept at ensuring regulatory compliance,
streamlining operations without losing customer focus, integrating management systems to decrease
costs and formalising internal policies and standards.
Profile
• Certified GDPR Practitioner, project management, implementation, DPIA, Record of Processing –
HR/Marketing, Subject Access Request, policy writing/amendment, advice and training
• Information Security expert, consultant and auditor with multiple implementation experience
• Quality Manager with a strong background in, and thorough understanding of, the project management
process along with IS0 9001:2015
• Risk Management consulting advice and development
• Organised, enthusiastic professional; willing to hear new ideas and go the extra mile to improve
performance
• Possess strong interpersonal skills; able to work effectively with individuals at all levels
• Demonstrated ability to develop and maintain sound employee relations
• Strong problem resolution skills; able to prioritise a broad range of responsibilities efficiently and
effectively
• Worked on international projects in Dubai, France and Ireland
• Catalyst for change, transformation and performance improvement
• Achieved reputation as a resource person, problem solver, trouble-shooter and creative turnaround
manager
Project/Achievements
• Obtaining external certification for ISO 27001, ISO 9001, ISO 20000
• GDPR Transition and Implementation Project x2
• Information Security Implementation
• Development of Audit Management on RSA Archer and ServiceNow
• Development of Risk Management on RSA Archer and ServiceNow
• Relationship Manager for two major six sigma projects involving credit and customer relations
department with a projected first year saving of £2m
• QA Lead on the project management planning of key multi-million-pound contracts across the business:
A5 Project in Ireland – £100m & Cooling the tube - £30m
• Lead for design & roll out of £3m company-wide document management system
• Lead for customer feedback and audit reporting tool
• Information Security Management certification achieved and maintained
• Successfully obtained and renewed ISO certification in ISO 9001, ISO 27001 and ISO 20000
• Established Central Document Management Systems bringing the organisations consistency, clarity
and control in all company documentation
Professional Experience
May 2018 – Current Smup Ltd
Director/Consultant
Self-employed, company director offering services in:
• Design, implementation and maintenance of Information Security, Quality and Service
Management Systems
2. Page 2 of 4
• Advice on implementing an Integrated Management System
• Advice on business requirements and impact of GDPR
• Internal auditing
• Readiness for external certification audits
• Assistance at client audits
• Supplier audits
• Contract audits
• Project status audits
• Risk management
• Analysis of business processes to recommend business improvement and development
• Design, implementation and maintenance of Document Management System
• Advice on increasing efficiency and reducing cost
May 2019 – Current Harneys LLP (Contract)
Information Risk & Security Consultant
ISO 27001 policy re-write and preparation for external certification audits across international
locations including GDPR implementation including conducting extensive internal audits in order
to uncover potential issues prior to the external audit and the planning for remediation of the audit
findings.
Tailoring the Information Security Management System to fit The Firm to ensure processes are fit-
for-purpose and specific to The Firm and not generic. Creating suitable training and embedding of
the ISMS and GDPR into everyday working life of the employees to ensure that information security
is practiced throughout The Firm reducing information leakage that would adversely effect The
Firm.
Working with department heads and senior managers from Global Partners, Chief Operations
Officer, Chief Technical Officer to the Chief Information Officer, in order to create an understanding
of the ISMS as well as GDPR and other business leading best practices for seamless working and
efficiency to reduce costs and increase assurance in the security of information and reduction of
risk threats while mitigating vulnerabilities.
Developed and transferred, audit management, risk management, legal and regulatory lists,
document library, supplier management and business impact assessment from excel to
ServiceNow.
Since late June I have been fulfilling the role of acting CISO which has increased the strategic
element of the role as well as dealing with incident and event tickets, client questionnaires, setting
the internal audit program, running Senior Management Review meetings, setting ISMS objectives
to ensure the ISMS is running to the needs of The Firm. Managing direct reports who were mostly
technical architects, setting up the structure of the document management system, advising on
Business Continuity Management as well as physical security.
Oct 2018 – Dec 2018 Diktamen (Contract)
ISO 27001 Implementation Consultant
ISO 27001 Implementation from scratch, initially starting with a gap analysis, interviews with Leadership,
following on to creation of documentation, training, auditing planning with preparation for external audit.
Oct 2018 – Oct 2018 telent Technology Services (Contract)
Auditor
ISO 20000 Internal Audit: Preparation of audit checklists in order to allow the internal audit process to
carry out a specific structure achieving better value from the audit. Carrying out internal audit in order to
provide status of the management system offering improvement in order to provide efficiencies in order
to reduce cost. Trained staff during the audit process in how to interact with the external auditor as well
as offered training and guidance to the telent internal auditors.
May 2018 – Oct 2018 Six Degrees Group (Contract)
GDPR Implementation Project Manager/Consultant
Overall Accountability for the GDPR implementation project
Policy Creation: Subject Access Request, DPIA, Legitimate Interests, Privacy Notice, International
Transfer of Personal Data, Security Incident Response
3. Page 3 of 4
Record of Processing advice and guidance: Organised and hosted workshops with all departments
identifying records containing personal information, advised and coached on how to determine the
correct lawful basis of processing information in order to comply with GDPR requirements
DPIA implementation and advice: Created the documentation, trained on how to complete a DPIA and
completed a mock DPIA
GDPR risk assessment development: Identified and scored risks related to information security
Training development and delivery: Produced and delivered training for staff awareness
Interpreted GDPR jargon into simple language: Used examples relevant to Six Degrees Group
Subject Access Request: Created the documentation, trained on implementation and ran a mock
Subject Access Request exercise to ensure all affected employees knew what to do
Project Management reporting and updates: Created project reporting documentation and chaired the
project review meetings to provide project status
GDPR integration: Integrated GDPR requirements into existing processes e.g. for ISO 27001 to ensure
a streamlined set of documentation and processes were kept simple for the business
GDPR process mapping: Created process maps in order to simplify the understanding of some GDPR
requirements such as the Subject Access Request process making the obligations easier to follow
Document classification: Advised on the correct document classification and labels to apply to
information and how to handle documents with a higher sensitive classification.
Dec 2010 – May 2018 T-Systems Limited
Country Quality Manager
Responsible for maintaining certification for established Integrated Management System:
Integral member of the GDPR Implementation project covering all aspects of GDPR starting with the
Record of Processing to final awareness training. Streamlined the business auditing regime by creating
and maintain audit schedules based on a risk-based approach, conducting audits touching on financial
performance, business processes, data protection, compliance, ISO standards and suppliers. Reduced
cost of auditing via a simple initiative of remote audits through use of conferencing technology as well
as implementing a risk and audit platform to reduce administration ensuring value of risk and audit
findings.
Initiated continual improvement exercises with the purpose of cost savings and waste reductions, with
key successes in new starter induction, buildings estate waste reduction through better use of space.
Implementation of a group-wide document management framework, including document classification
which ensured clarity and continuity of documentation as well as ensuring documents were easily
identifiable and retrievable which reduced time wasted looking for required documents.
Aug 2010 – Nov 2010 EDF Energy
Quality Assurance Lead
Responsible for implementation of Quality Management System for a Nuclear framework, internal &
supplier auditing for established Nuclear Licensing requirements. Internal Training of understanding to
the Quality and Document Management System
Mar 2010 – Jun 2010 British Gas Business (Contract)
Quality Manager
Responsible for developing and delivering an appropriate BGB QMS framework in accordance with ISO
9001:2008 to ensure costs are reduced and efficiency is increased to supply a better performance to
clients while increasing profits. Mitigation of organisational risks through leading the deployment of
corporate risk management. Improved end-to-end processes and general running of complaints
department to reduce escalation of complaints to ombudsmen level saving costs to a significant level.
Designed the framework of a new Document Management System to have a central place for
documents to avoid obsolete and consistency of document style and correct document classification
Communication link between Top-Management and the business
Dec 2006 – Feb 2010 Mouchel Group Plc
Senior Group Quality Advisor
Maintain and fulfil an internal audit programme across all UK offices via undertaking full system audits
to ensure ISO 9001:2008 registration was maintained due to this being a requirement to bid for work
and maintain existing contracts. Designed and implemented a new non-conformity and audit
management module for use across the business to ensure timely closure of audit actions in a consistent
manner to reduce audit findings going overdue and leading to potential major non-conformities.
4. Page 4 of 4
Designed and implemented an online document management system to ensure the easier retrieval and
identification key documentation in order to reduce administration time.
Accreditation/Professional Courses
QA
GDPR Foundation & Certified Practitioner Course
Lloyd’s Register Quality Assurance
Introduction to GDPR
ISO 9001:2015 Lead Auditor Transition
Quality Manager Training Course
ISO 27001:2013 Update and Appreciation Course
ISO 27001 Lead Auditor Conversion Course
ISO 20000 Interpretation & Appreciation Course
ISO 9001:2008 Update and Transfer Course
ISO 9001:2000 Lead Auditor Training Course
IS0 9001:2000 Appreciation Course
ISO 9001:2000 Internal Auditor Training Course
Education
The College of Law – Legal Practice Course
Kingston University - LLB (Hons) – Law
Lampton School – A Levels and GCSEs
Volunteer Work
Working with SGSS Hounslow (local Sikh Temple) as Chair of the Events Committee to plan,
innovate and evolve events including an annual procession through Hounslow which has up to
20,000 people.
Project management of events includes liaisons and influencing of the Executive Committee,
Metropolitan Police, London Fire Brigade, Transport for London, St John’s Ambulance, London
Ambulance Service and London Borough of Hounslow. Chairing the Gold Partners Meetings as
well as training and organising all volunteers.
Part of the SGSS Southall annual procession which is the largest of its kind in Europe with over
100,000 people.