The document provides guidance on performing environmental management system audits by outlining steps for gathering objective evidence such as reviewing documents, observing practices, and interviewing employees, as well as describing different audit approaches including aspect-based, process-based, and system-based. It also discusses preparing checklists, evaluating key areas of the EMS, following up on audit trails, and generating a final audit report.
Understanding and implementing iso 14001Ankit Goswami
- Introduction
- What is EMS?
- Aim of EMS
- PDCA cycle
- Overview of various clauses
- Scope of ISO 14001:2015
- Few Important definitions from ISO 14001:2015
- All Clauses in Detail( Clause 4- Clause 10)
An Integrated Management System StandardRalph Reid
Many customers now require third party certification and/or compliance with a number of standards, e.g. ISO 9001, ISO 14001. Others such as Corporate Responsibility are on the horizon. To date, suppliers have had to determine how to address these requirements in their management systems. As you might expect, there have been various approaches. The ISO organization has promoted the idea of an integrated management system standard for a long time. They will likely be unsuccessful without sector support, e.g. automotive, aerospace. Our initial discussions with suppliers indicate a high level of interest and support for a common automotive approach working through AIAG.
Understanding and implementing iso 14001Ankit Goswami
- Introduction
- What is EMS?
- Aim of EMS
- PDCA cycle
- Overview of various clauses
- Scope of ISO 14001:2015
- Few Important definitions from ISO 14001:2015
- All Clauses in Detail( Clause 4- Clause 10)
An Integrated Management System StandardRalph Reid
Many customers now require third party certification and/or compliance with a number of standards, e.g. ISO 9001, ISO 14001. Others such as Corporate Responsibility are on the horizon. To date, suppliers have had to determine how to address these requirements in their management systems. As you might expect, there have been various approaches. The ISO organization has promoted the idea of an integrated management system standard for a long time. They will likely be unsuccessful without sector support, e.g. automotive, aerospace. Our initial discussions with suppliers indicate a high level of interest and support for a common automotive approach working through AIAG.
Latter-day growing regulatory environment has emerged organizations to deal with managing of several compliance
frameworks simultaneously. The fulfilment of legal obligations is only one factor that shove the organizations to
robust their management systems. A management system is the framework of processes and procedures used to
ensure that an organization can fulfill all tasks required to achieve its objectives.
ISO 14001:2015 Integrity in Implementation and Auditing the New EMS StandardPECB
The webinar covers:
• How ISO 14001:2015 has created new opportunities for consultants and auditors alike.
• How ISO 14001:2015 has improved into a practical EMS with clear scope and expectations;
• What are the principles of auditing?
Presenter:
This webinar was hosted by Mr. Cecil Corloncito, Managing Consultant of Aquagem Environment, and who is also PECB Certified Trainer.
Link of the recorded session published on YouTube: https://youtu.be/VrdTQhimLDQ
Management systems integration, definition and generic methods. Brief case review. Topic belongs to quality management studies. The presentation can be useful to create a basic impression for how to manage integration process of several management systems
The Checklist contains explanations and recommendations that:
- Facilitate the audit;
- May serve as a guide in the transition to the new version of ISO 9001: 2015 using 'fill the gap' methodology;
- Allow for QMS self-assessment for compliance with ISO 9001: 2015;
- Facilitate learning and understanding of the new version of ISO 9001:2015 requirements
- User-friendly format and professional layout - reviewed and approved by experienced ISO 9001 quality auditors.
- 72 pages
Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled
This webinar is a combination of an informative presentation and a Q&A session, with emphasis on preparing for a successful transition. Topics include: status, process and benefits, key concepts and changes, current challenges and opportunities, impact on certification and next steps.
Practical approach to implement and comply to ISO 45001:2016 Occupational Health & Safety Standard.
This presentation will help organisations to effectively implement and keep the compliance to ISO 45001:2016 OHSA Standard
ISO 45001 will be the new standard concerning Occupational Health and Safety. As its publication date is approaching, the main aim of this webinar will be to provide insights on some of the key implementation steps. Additionally, the webinar explores some possible ways of transitioning from OHSAS 18001 to ISO 45001.
Main points covered:
• Understanding the organizations objectives
• Identification of requirements for ISO 45001 implementation
• The role of top management in ISO 45001implementation
• The establishment of a positive and an effective safety culture within your organization
• Actions to be undertaken in case of hazard identification
Presenter:
Eldeen Pozniak is the Director of Pozniak Safety Associates Inc. and an International Management Consultant specializing in Occupational Health and Safety. She has provided a variety of ground to executive – level multi-project management and oversight and direction of the safety management systems, program elements and organizational culture from strategic and action plans to on-site implementation. Moreover, she has a unique blend of high level strategic, business, and safety management system understanding, and specific technical safety knowledge.
Link of the recorded session published on YouTube: https://youtu.be/xF5ejJFdUdw
Great ISO 14001 Compliance Obligations and Legal RequirementsNimonik
How to build a great legal register for ISO 14001:2004 or ISO 14001:2015 for meeting elements 4.3.2 or 6.1.3 respectively. Lessons learned from looking at over 1500 legal registers and helping organizations build aspect lists, impacts, hazard analysis and applicability text for their organization.
Here is an easy to use checklist for ISO 14001:2015
if you require any advise please call CAW Consultancy Business Solutions on 01772 932058 or our 24 hour hotline 07427535662
Content Audit Webinar with Everett & URL ProfilerGoInflow
This deck was presented in a webinar by Everett Sizemore of Inflow with Q&A participation from Gareth Brown and Patrick Hathaway from URL Profiler. Learn more about content audits here: http://www.goinflow.com/digital-content-audits-seo-inbound-marketing/
Latter-day growing regulatory environment has emerged organizations to deal with managing of several compliance
frameworks simultaneously. The fulfilment of legal obligations is only one factor that shove the organizations to
robust their management systems. A management system is the framework of processes and procedures used to
ensure that an organization can fulfill all tasks required to achieve its objectives.
ISO 14001:2015 Integrity in Implementation and Auditing the New EMS StandardPECB
The webinar covers:
• How ISO 14001:2015 has created new opportunities for consultants and auditors alike.
• How ISO 14001:2015 has improved into a practical EMS with clear scope and expectations;
• What are the principles of auditing?
Presenter:
This webinar was hosted by Mr. Cecil Corloncito, Managing Consultant of Aquagem Environment, and who is also PECB Certified Trainer.
Link of the recorded session published on YouTube: https://youtu.be/VrdTQhimLDQ
Management systems integration, definition and generic methods. Brief case review. Topic belongs to quality management studies. The presentation can be useful to create a basic impression for how to manage integration process of several management systems
The Checklist contains explanations and recommendations that:
- Facilitate the audit;
- May serve as a guide in the transition to the new version of ISO 9001: 2015 using 'fill the gap' methodology;
- Allow for QMS self-assessment for compliance with ISO 9001: 2015;
- Facilitate learning and understanding of the new version of ISO 9001:2015 requirements
- User-friendly format and professional layout - reviewed and approved by experienced ISO 9001 quality auditors.
- 72 pages
Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled
This webinar is a combination of an informative presentation and a Q&A session, with emphasis on preparing for a successful transition. Topics include: status, process and benefits, key concepts and changes, current challenges and opportunities, impact on certification and next steps.
Practical approach to implement and comply to ISO 45001:2016 Occupational Health & Safety Standard.
This presentation will help organisations to effectively implement and keep the compliance to ISO 45001:2016 OHSA Standard
ISO 45001 will be the new standard concerning Occupational Health and Safety. As its publication date is approaching, the main aim of this webinar will be to provide insights on some of the key implementation steps. Additionally, the webinar explores some possible ways of transitioning from OHSAS 18001 to ISO 45001.
Main points covered:
• Understanding the organizations objectives
• Identification of requirements for ISO 45001 implementation
• The role of top management in ISO 45001implementation
• The establishment of a positive and an effective safety culture within your organization
• Actions to be undertaken in case of hazard identification
Presenter:
Eldeen Pozniak is the Director of Pozniak Safety Associates Inc. and an International Management Consultant specializing in Occupational Health and Safety. She has provided a variety of ground to executive – level multi-project management and oversight and direction of the safety management systems, program elements and organizational culture from strategic and action plans to on-site implementation. Moreover, she has a unique blend of high level strategic, business, and safety management system understanding, and specific technical safety knowledge.
Link of the recorded session published on YouTube: https://youtu.be/xF5ejJFdUdw
Great ISO 14001 Compliance Obligations and Legal RequirementsNimonik
How to build a great legal register for ISO 14001:2004 or ISO 14001:2015 for meeting elements 4.3.2 or 6.1.3 respectively. Lessons learned from looking at over 1500 legal registers and helping organizations build aspect lists, impacts, hazard analysis and applicability text for their organization.
Here is an easy to use checklist for ISO 14001:2015
if you require any advise please call CAW Consultancy Business Solutions on 01772 932058 or our 24 hour hotline 07427535662
Content Audit Webinar with Everett & URL ProfilerGoInflow
This deck was presented in a webinar by Everett Sizemore of Inflow with Q&A participation from Gareth Brown and Patrick Hathaway from URL Profiler. Learn more about content audits here: http://www.goinflow.com/digital-content-audits-seo-inbound-marketing/
Discussing the primary reasons organizations are doing audits today. We take a look at what's involved in the audit process, what type of reports you can expect to receive, and possible next steps.Presented January 2016 at the Open source compliance seminar hosted Brooks Kushman and Rogue Wave Software.
This presentation was given by Maarten Simons at the GCES Conference on Governing Education in a Complex World during the second Workshop C on the Flemish Case Study (Dutch Language) in Brussels on 17 October 2016.
This presentation was given by Melanie Ehren from the London Institute of Education at the GCES Conference on Governing Education in a Complex World during the second Workshop B on the role of shared responsibility in developing accountability mechanisms that work in Brussels on 17 October 2016.
A presentation given by Karen Hill, Head of SIGMA (Support for Improvement in Governance and Management) at a workshop on efficiency and effectiveness in public administration amongst the Balkan countries, held in Ankara 24 and 25 April. Participants from the Prime Ministries of five countries Turkey, Albania, the former Yugoslav Republic of Macedonia, Kosovo and Bosnia and Herzegovina shared their experience and debated issues such as how to reduce administrative burdens on citizens and business.
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...Nimonik
Nimonik has 7 step process to ensure thorough and comprehensive regulatory compliance for environmental, occupational health and safety and quality requirements for your organization. By following these steps, you will reduce your operational risk and optimize your processes to become a proactive compliance company. This presentation also covers compliance risks such as accidents and penalties, challenges that organizations face along with a case study of Lac Megantic Oil Train Car disaster in July 2013 that killed 47 people and spilled 6 million litres of oil.
Compliance and Ethics Program Assessment. Why should you want to assess your program and practical assessment strategies for benchmarking and assessment.
EIAM unit 6(EIA notification by Ministry of Environment and Forest (Govt. of ...GantaKalyan1
EIA notification by Ministry of Environment and Forest (Govt. of India): Provisions in the EIA
notification- procedure for environmental clearance- procedure for conducting environmental impact
assessment report- evaluation of EIA report- Environmental legislation -objectives- evaluation of
Audit data and preparation of Audit report- Post Audit activities- Concept of ISO and ISO 14000-
Case studies and preparation of Environmental Impact assessment statements for various Industries.
Introduction types, Objectives, Management of audit, Responsibilities, Planni...Kunal10679
Audit and regulatory Compliance M.pharmacy Quality Assurance department Sem. 2 Introduction types, Objectives, Management of audit, Responsibilities, Planning Process, Information Gathering, Classifications of Deficiencies of auditing
Voluntarily Disclosing Environmental Violations and Responding to Violation N...Dave Scriven-Young
Keep abreast of recent developments to provide the public broad and easy access to company-specific environmental inspection and compliance data. Know the information you must report and information that you may voluntarily report. Consider the benefits of voluntarily disclosing violations using EPA’s audit policy. Learn the steps to take if you receive a violation notice from EPA.
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
The global implications of DORA and NIS 2 Directive are significant, extending beyond the European Union.
Amongst others, the webinar covers:
• DORA and its Implications
• Nis 2 Directive and its Implications
• How to leverage directive and regulation as a marketing tool and competitive advantage
• How to use new compliance framework to request additional budget
Presenters:
Christophe Mazzola - Senior Cyber Governance Consultant
Armed with endless Excel files, a meme catalog worthy of the best X'os (formerly twittos), and a risk register to make your favorite risk manager jealous, I swapped my computer scientist cape a few years ago for that of a (cyber) threat hunter with the honorary title of CISO.
Ah, and I am also a quadruple senior certified ISO27001/2/5, Pas mal non ? C'est francais.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Date: April 25, 2024
Tags: Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: Digital Operational Resilience Act (DORA) - EN | PECB
NIS 2 Directive - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
In an era where digital transformation is inevitable, the landscape of cybersecurity is constantly evolving.
Amongst others, the webinar covers:
• DORA and its Implications
• ISO/IEC 27005: Risk Management in Information Security
• Leveraging Artificial Intelligence for Enhanced Cybersecurity
Presenters:
Geoffrey L. Taylor - Director of Cybersecurity
Geoffrey Taylor brings a wealth of experience from multiple roles within various industries throughout his career. As a Certified ISO 27001 Implementer and Auditor, as well as certified ISO 27005, CISM and CRISC, he brings a unique perspective on cybersecurity strategy, risk management and the implementation of an Information Security Management System, having helped multiple organizations in aligning their strategy based on their threat landscape.
Martin Tully - Senior Cyber Governance Consultant
Martin is a Senior Consultant at CRMG with over twenty years of experience, and has previously been employed at two of the ‘Big Four’ professional services firms. Martin has worked across most industry sectors in the development of the best practice guidance and risk analysis methodologies. Martin is also accomplished at: leading the implementation of an ISMS; delivering a number of information risk assessments; reviewing information security policies; assessing security requirements across the supply chain; and updating a complete framework of supporting standards. Prior to the ISF, Martin’s roles have included delivering operational risk reporting, running research projects and benchmarking information security investments for major clients. Martin holds a Bachelors degree from Royal Holloway University of London.
Date: March 27, 2024
Tags: ISO, ISO/IEC 27005, ISO/IEC 42001, Artificial Intelligence, Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27005 Information Security Risk Management - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/ffX-Xbw7XUk
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 42001 and their key components
• Latest trends in AI Governance
• Ethical AI practices
• Benefits of Certification
Presenters:
Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001
Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001).
Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001
Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations.
Date: February 28, 2024
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/DujXaxBhhRk
The importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27002 and ISO/IEC 27032 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• CMMC Frameworks
Presenters:
Dr. Oz Erdem
Governance, Risk and Compliance (GRC) consultant, trainer, auditor, and speaker
Dr. Erdem has over 25 years of experience in information security, trade compliance, data privacy, and risk management. He took leadership roles in governance and compliance at various Fortune 100-500 companies and SMBs, including Siemens Corporation, Siemens Industry, Linqs, Texas Instruments, Rtrust, ICEsoft Technologies, NATO C3A, and BILGEM. In addition, successfully managed software development (i.e., embedded, cloud, and SaaS) and digital product projects involving information security, mobile networks, and IoT networks. Further, Dr. Erdem led several non-profit organizations, such as National Association of District Export Councils (NADEC), Government Contractors Council (GovConCouncil), and Central-North Florida District Export Council as the Chairman of the Board.
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
George Usi - CEO of Omnistruct
An internet pioneer and award-winning leader in internet governance with over 25 years of experience, George Usi knows that getting hacked is not a matter of ‘if’ but, ‘when’ and the fiscal and reputational effects that has on a business, the executives, and the board. George is the Co-Founder of Omnistruct, a cyber risk company. Omnistruct protects and expands revenue creation, reputation, and customer retention through cyber risk transference, governance, and compliance. We ensure that security and privacy programs work.
Date: January 24, 2024
YouTube Video: https://youtu.be/9i5p5WFExT4
Website: https://bit.ly/3SjovIP
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
As we approach the new year, the importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 27035 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• Best practices for building a resilient cybersecurity strategy in 2024
Presenters:
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Loris Mansiamina
A Senior GRC Professional consultant for Small, Medium and large companies. Over 10 years, Loris has been assisting clients in both public and private sectors about various matters relating to Gouvernance, Risk Management and Compliance (GRC), Digital transformation, cyber security program management, ISO 27k & ISO 20k implementation, COBIT & ITIL implementation, etc.
Date: December 19, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27035, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27035 Information Security Incident Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/yT8gxRZD_4c
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27005 and ISO/IEC 27001 and their key components
• The standard’s alignment
• Identifying AI risks and vulnerabilities
• Implementing effective risk management strategies
Presenters:
Sabrina Feddal
With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams.
Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation.
Her values: excellence, discretion, professionalism.
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Date: November 22, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27005 Information Security Risk Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/TtnY1vzHzns
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
In today's digital age, cybersecurity is more critical than ever. Hence, it is crucial to stay informed and prepared.
Amongst others, the webinar covers:
• ISO/IEC 27032:2023 and ISO/IEC 27701 and their key components
• The standard’s alignment
• Emerging Cybersecurity Threats
• What is new to the ISO/IEC 27032:2023
Presenters:
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Jeffrey Crump
Mr. Jeffrey Crump is the Principal Consultant at Arizona-based Cyber Security Training and Consulting LLC and a graduate of the Certified NIS 2 Directive Lead Implementer course. He is a Certified CMMC Assessor, Certified CMMC Professional, and Instructor. Mr. Crump is also the author of Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. His book has been expanded into a triad of certification courses on cyber crisis planning, exercises, and leadership.
Date: October 25, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/a21uasr8aLs
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
Cybersecurity is an ongoing journey. The regular update and improvement of security measures is essential to stay ahead of evolving threats.
Amongst others, the webinar covers:
• Benefits of Compliance
• Digital Transformation: Why
• ISO/IEC 27001 and ISO/IEC 27032
• ISO/IEC 27001: Information Security Management System (ISMS)
• ISO/IEC 27032: Cybersecurity Framework
Presenters:
Douglas Brush
Douglas Brush is a federally court-appointed Special Master, and Court Appointed Neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery.
He is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues.
He is the founder and host of Cyber Security Interviews, a popular information security podcast.
Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, diversity, equity, and inclusion, in the information security industry.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Carole Njoya
Founder in 2018 of Alcees, a Paris-based management consulting fabric specialized in cybersecurity, data privacy governance and digital trust, Carole Njoya provides independent, tailored and expert advisory to companies doing business in European markets and serving both B2B and B2C customers. With more than 100 cybersecurity projects delivered, she assists entities in preparing, implementing and maintaining the right best practices under the ISO 27001 compliance framework and GDPR article 25 obligation (Privacy by design) for their vendors. Carole Njoya featured in the « Women Know Cybersecurity » 2019 Twitter list edited by Cybercrime Magazine. Carole Njoya is committed in science and engineering since pre-teen period.
Date: September 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
YouTube video: https://youtu.be/U7tyzUrh8aI
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
The management of AI systems is a shared responsibility. By implementing the ISO 31000 Framework and complying with emerging regulations like the EU ACT, we can jointly create a more reliable, secure, and trustworthy AI ecosystem.
Amongst others, the webinar covers:
• Understanding AI and the regulatory landscape
• AI and the threat landscape
• A risk driven approach to AI assurance - based on ISO 31000 principles
• Stress testing to evaluate risk exposure
Presenters:
Chris Jefferson
Chris is the Co-Founder and CTO at Advai. As the Co-Founder of Advai, Chris is working on the application of defensive techniques to help protect AI and Machine Learning applications from being exploited. This involves work in DevOps and MLOps to create robust and consistent products that support multiple platforms, such as cloud, local, and edge.
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG. Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant. In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense that prioritized key risks to the organisation and helped minimize disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicist in the Oil and Gas Industry.
Date: August 24, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/MXnHC6AvjXc
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
Generative AI offers great opportunities for innovation in various industries. Hence, by adopting ISO/IEC 27032, you can enhance your cybersecurity resilience and efficiently address the risks associated with generative AI.
Amongst others, the webinar covers:
• AI & Privacy
• Generative AI, Models & Cybersecurity
• AI & ISO/IEC 27032
Presenters:
Christian Grafenauer
Anonymization expert, privacy engineer, data protection officer, LegalTech researcher (GDPR, Blockchain, AI) Christian Grafenauer is an accomplished privacy engineer, anonymization expert, and computer science specialist, currently serving as the project lead for anonymity assessments at techgdpr. With an extensive background as a senior architect in Blockchain for IBM and years of research in the field since 2013, Christian co-founded privacy by Blockchain design to explore the potential of Blockchain technology in revolutionizing privacy and internet infrastructure. As a dedicated advocate for integrating legal and computer science disciplines, Christian’s expertise in anonymization and GDPR compliance enables innovative AI applications, ensuring a seamless fusion of technology and governance, particularly in the realm of smart contracts. In his role at techgdpr, he supports technical compliance, Blockchain, and AI initiatives, along with anonymity assessments. Christian also represents consumer interests as a member of the national Blockchain and DTL standardization committee at din (German standardization institute) in ISO/TC 307.
Akin Johnson
Akin J. Johnson is a renowned Cybersecurity Expert, known for his expertise in protecting digital systems from potential threats. With over a decade of experience in the field, Akin has developed a deep understanding of the ever-evolving cyber landscape.
Akin is an advocate for cybersecurity awareness and frequently shares his knowledge through speaking engagements, workshops, and publications. He firmly believes in the importance of educating individuals and organizations on the best practices for safeguarding their digital assets.
Lucas Falivene
Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards.
Date: July 26, 2023
YouTube Link: https://youtu.be/QPDcROniUcc
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
The EU has implemented a range of regulations aimed at strengthening its cybersecurity posture. In this context, the ISO/IEC 27001 standard offers a comprehensive framework for managing and safeguarding sensitive information, such as personal data.
Amongst others, the webinar covers:
• Quick recap on the ISO/IEC 27001:2013 & 2022
• ISO/IEC 27001 vs legislation
• The EU Cyber Legislation landscape
• Some considerations and consequences
• How to stay on top of the ever changing context
Presenters:
Peter Geelen
Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Jean-Luc Peters
Jean-Luc Peters brings 25 years of IT technology, information and cybersecurity expertise to boards, executives, and employees. Since the younger age he has held management positions in the private and government sector. He is currently the Head of the Cyber Emergency Response team for the National Cybersecurity Authority in Belgium. In addition to this, he is also a trainer, coach and trusted advisor focusing on enhancing cyber resilience.
Jean-Luc has helped in the technical implementation of the NIS 1 (Network and Information Security) Directive transposition in Belgium, defining the Baseline Security Guidelines governmental ISMS framework and many other projects. He holds several certifications, including ISO/IEC 27001 Lead Implementer, ISO/IEC 27005 Auditor, CISSP, GISP, Prince 2 Practitioner, ITIL etc.
Date: May 31, 2023
Tags: ISO, ISO/IEC 27001, Information Security, Cybersecurity
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/rsjwwF5zlK8
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
Integrating ISO/IEC 27001 and ISO 31000 can help organizations align their information security and risk management efforts with their overall business objectives, leading to more effective risk management and better decision-making.
Amongst others, the webinar covers:
• Aligning the ISMS process with ISO/IEC 27001
• Using ISO 31000 within the ISMS
• Aligning the RM process with ISO 31000
• How/where does ISO/IEC 27001 fit?
Presenters:
Nick Riemsdijk
As a highly experienced and multi-skilled leader in Information and Physical Security, Nick is known as a collaborative, focused, driven and highly analytical individual with a broad portfolio of successes in client engagements. His expertise spans devising, implementing, managing and delivering information security, physical security, organizational resilience and facilities management solutions for organizations. He is certified as a Certified Information Security Manager (CISM), Certified Protection Professional (CPP), in Project Management (Prince2), ISO 22301 (Business Continuity), ISO 27001 (Information Security), and ISO 31000 (Risk Management).
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Date: March 23, 2023
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-31000
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/Xj0U2mbpZUs
IT Governance and Information Security – How do they map?PECB
Effective IT Governance requires proper Information Security practices to ensure that the organization's data is secure. On the other hand, Information Security policies and procedures must be aligned with the organization's overall IT Governance framework to ensure that security measures do not negatively impact business operations.
Amongst others, the webinar covers:
▪ Bring Governance and InfoSec Together
▪ Answering WIIFM
▪ Business Terms
Presenters:
Dr. Edward Marchewka
Dr. Edward Marchewka is a seasoned executive that has come up through the ranks in the IT vertical, expanding into information security, quality management, and strategic planning.
Edward founded and serves as the Principal for 3LC Solutions, enabling YOU to Tell a Better Story in business, with our vCIO, vCISO, quality, and strategy consulting services, through metrics and relating risk to the business with our CHICAGO Metrics® SaaS solution.
He has also held several roles leading information technology, most recently with Gift of Hope Organ and Tissue Donor Network, leading the Information and Technology Services department as the Director of IT, Data, and Security Services. Prior to Gift of Hope, he ran information security for Chicago Public Schools.
Edward has earned a Doctorate of Business Administration from California Southern University and Masters’ degrees in Business Administration and Mathematics from Northern Illinois University. He earned Bachelors’ degrees in Liberal Studies and Nuclear Engineering Technologies from Thomas Edison State College, N.J. Edward maintains several active IT, security, and professional certifications from (ISC)2, ASQ, ITIL, PCI, PMI, ISACA, Microsoft, and CompTIA. He has held legacy IT certifications from Cisco and HP, and a designation from the National Security Agency.
Date: February 22, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-38500
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/2bSbAdL5Idg
Student Information Session University Digital Encode.pptxPECB
oin us as our Director for Business Mustafe Bislimi teams up with Dr. Obadare Peter Adewale, our academic partner Digital Encode Limited, to provide valuable information about our programs, admissions process and specialization and elective courses.
Discover the opportunities available to you as a student at PECB University and get a firsthand look at what makes us a top choice for education.
Whether you're a prospective student or simply curious about PECB University, don't miss this informative session! Subscribe to our channel and stay tuned for more videos.
For inquiries regarding admission process contact us: university.studentaffairs@pecb.com
-EMBA in Cybersecurity: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHJQUUpjMmY2NmcyeURhTzE5VlRSNjg2Y1hwd3xBQ3Jtc0tuLTZqdmZyWkc2VVNQV21YRTlKZUQ2SEtUenNXbzYyb1ZianV5cldDYTViWjZ1eVhCNWtxWHI3VTNwRS1BOE4wTERkZ3BtcndwM0sxdVoydWZYSXBkV2hYd2lwU0NLSTk5WERWMlhtVk1Ud2tuWTRjTQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fcybersecurity&v=3YJbbr708pk
-EMBA in Business Continuity Management: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3JQTGVhd1VfeG1weWNzUzRrMmg2bk0tc3kxUXxBQ3Jtc0tsOVF5VG82TkhRU3R5TVRWWmdhMzBrSTU2eW9wby1OYWN4VTg5bkJBY0lhTmNsOFhETzB5cVp0WU8zbTQwTlZkdk9Dby1fSXdhWmRpZFFPUmk3NS1QOGpMOVBlaDFhVVpwa2JZMkxKNGRnTnppMm93SQ&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fbusiness-continuity-management&v=3YJbbr708pk
-EMBA in Governance, Risk, and Compliance: https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUplMGtjOFRWbzdGWERmdTR2QjdSbTBuQUxCd3xBQ3Jtc0tsNVdOU1p6UERWM3ZySE55V2FlWlJ1aFlzUU85VEt0aVRoR0hyTjNHbUNVYVMyb0lzTkZycUtJRzNxazlDWGRqTHZQMWJPZEYwbG1xWjVJN1JNOW1QUjJBZDY3NkU5LVl0b2xxOFpkZW1ZX2F3QmF5cw&q=https%3A%2F%2Fpecb.university%2Fprograms%2Fmba-programs%2Fgovernance-risk-compliance&v=3YJbbr708pk
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
2. 2
Performing Audit
GO-
EMS
• Reviewing documents
• Looking at records
• Interviewing people at all
levels
• Observing practices and
physical environment
How do auditor find evidence ?
NOTE: Can/should the auditor cover all people,
documents and records during the audit?
3. 3
Performing Audit
GO-
EMS
Checklist Format
Leave space for notes
Allow space for time control
and recording
Reference the requirements of
audit criteria
Reference the control
documents
Reference verifying
documents (records)
Inquiries Evidence and
Results
Facilities Area (4.3.3, 4.4.6)
Interview HVAC technician
about energy reduction
program. Plan, results.
Observe equipment and
settings
Employee interviews (4.2,
4.3.2, 4.4.7)
Are you aware of the
environmental policy?
How does the policy relate
to what you do?
What type of training have
you hade on EM?
What do you do if there is
an emergency?
4. 4
Performing Audit
GO-
EMS
Checklists should:
Be specific for a given EMS.
Be prepared using EMS
documentation.
Be clear about evaluation
criteria.
Note documents to review.
Identify records to sample (and
sample size).
Identify key people to interview.
Include some key questions for
interviews.
Note physical evidence you
expect to see.
Checklists should NOT:
• Narrow the vision or limit
evaluation.
• Obstruct communication.
• Be too strict or constraining.
• Be a script of exact questions.
• Restrict auditor’s inquiry.
• Be yes/no lists.
• Be completely generic.
5. 5
Performing Audit
GO-
EMS
What documents should be reviewed for
Document review?
Environmental
manual
Procedures
Work instructions
Other documents
Records
Should all documents be reviewed ?
6. 6
Performing Audit
GO-
EMS
Observations
Keep observing the physical evidence:
• aspects
• equipment, instruments
• conditions, operational control
Posted Procedures
Actual Operations
Emissions Points
Operating Logs
Instruments with Process
Measurements
Alarms
Cleanliness & Organization
Communications Postings
Awareness Reminders
Calibration Tags
Warning Signs
Observation – What to Look for
7. 7
Performing Audit
GO-
EMS
production line, or wherever
environmental aspects are
generated;
waste management;
wastewater system, including
treatment and discharge;
air pollution: check the controls,
not necessarily climbing
smokestacks;
fences and borders - can you hear
the organizations noise there?;
Observation. Auditor Proverb: “Seeing is believing”
Visit the field! See the 'real world'!!!
talk to people on the field - if you
can hear them!;
wear proper clothes and safety
equipments - be prepared to get
dirty sometimes!
Look for environmental aspects,
operational controls, potential
emergencies, spills, monitoring
equipments…
Ask what the dials and meters
are indicating about operational
control and measures.
8. 8
Performing Audit
GO-
EMS
Spell out 3 types of approach for Auditing
Aspect based approach
Process based approach
System based approach
What will be the different steps for each of these
approach ?
9. 9
Performing Audit
GO-
EMS
Auditing via an Aspect Based Approach
Pick an Aspect and Follow it through the EMS
Identify inputs
Identify intended output
Identify controlled emissions and wastes
Identify uncontrolled emissions and wastes
What are the controls?
How is it monitored?
10. 10
Performing Audit
GO-
EMS
Auditing via a Process Based Approach
Follow the process through
Select pertinent records
Were all activities performed?
Were all significant aspects
controlled?
Was monitoring carried out?
Were the controls effective?
12. 12
Performing Audit
GO-
EMS
Auditing via a System Based Approach
Map the system to identify:
• Operations
• Inputs & outputs
• Aspects & Impacts
• Controls
• Sequence
• Interactions
Prepare plan
13. 13
Performing Audit
GO-
EMS
Some key audit points to evaluate:
Do assigned personnel have sufficient resources
and authority to establish, maintain and improve the
EMS?
Where and how are the roles, responsibilities and
authorities documented? (check EMS Description
and associated procedures)
Have all the necessary roles been assigned?
Do people understand their roles, responsibilities
and authorities?
How has the management representative fulfilled
the three defined roles?
Resources, Roles,
Responsibility and Authority
14. 14
Performing Audit
GO-
EMS
Evaluating Competence:
• Whose work or tasks can
cause a significant
environmental impact?
• Employees, suppliers,
contractors, temporary
workers?
• How does the organization
ensure competence both
initially and ongoing?
• Can people explain how they
manage the actual or potential
significant impacts?
Evaluating Training:
• How are training needs
determined?
• Which training is required by
legal requirements or related to
impacts?
• Has training been conducted?
• What records exist?
• Do people understand their
training?
Auditing Competence,Training
15. 15
Performing Audit
GO-
EMS
Evaluating Awareness:
• What procedure is in place to
make people aware?
• Does the procedure address all
“persons working for the
organization or on behalf of it”?
• Are all the content requirements
related to awareness covered?
• Are persons aware of policy,
procedures, A/I related to their
work, responsibilities, env.
benefits and consequences?
Where to look:
Sample people from each
department
Sample each type of “person”
(employee, contractor, etc)
Check training needs-analysis
Check awareness procedure
Auditing 4.4.2
Competence,Training
16. 16
Performing Audit
GO-
EMS Auditing External
Communication
Typical considerations:
What procedure is used to receive, document and respond to
external communications?
What external communications have been received? How
were they handled? Let’s review the records.
How are communications with regulators handled?
What decision was taken on external communication of
significant aspects?
Where is the decision recorded?
How is top management made aware of communications from
interested parties?
What communications have been made to external parties?
17. 17
Performing Audit
GO-
EMS Auditing Documentation
Key Points to consider for EMS Documentation:
Are all documents REQUIRED by ISO14001 documented?
(e.g. policy, EMS scope, objectives & targets, description of
elements)
Does the description of the main elements of the EMS tell HOW
each clause of ISO14001 (numbered sections) is satisfied?
Does the description address the interaction of EMS elements?
Does the description reference related documentation?
What additional documentation has the organization
determined necessary?
Note 1: Repeating the requirements of the standard as the
description is NOT acceptable.
Note 2: High level EMS Documentation is a common place to
start any audit.
18. 18
Performing Audit
GO-
EMS Auditing Document Control
Key Test: Are current documents in the work place
when and where they are needed?
(Right document at right place at right time)
How does the document control system work?
What documents do you use?
Where are the documents kept?
Can you show me the documents you use?
How do you know you are using the current version?
Are EMS Documents and work instructions controlled the
same way?
How are externally generated documents managed?
19. 19
Performing Audit
GO-
EMS Auditing Records
Some considerations:
What records are kept to verify
conformance?
What procedure is used to manage records?
How are records purged when they pass
their retention period?
How are legal requirements incorporated?
Who is responsible for various types of
records? How are records managed?
How are retention times set?
Where are the training records?
Note: Sample several records in
several places.
20. 20
Performing Audit
GO-
EMS Auditing Operational Control
Typical areas with operational
controls:
• Storage
• Material movement
• Production
• Treatment
• Distribution
• Waste control
• Emissions points
Typical Questions:
Let’s visit some activities
(processes) that are related
to significant aspects (and
regulations).
How is start up and
shutdown controlled?
What maintenance activities
are conducted related to
significant aspects?
What operational controls are
related to products or
services?
What permits or licenses
specify operational criteria?
21. 21
Performing Audit
GO-
EMS Auditing O/Cs cont’d
More typical questions:
How are these activities controlled?
What are the control limits?
Which instruments are used to monitor
the process?
What do you do if the process goes off
the control point?
What do you do if the process goes out
of control?
22. 22
Performing Audit
GO-
EMS
Auditing Ocs Cont’d
Suppliers and Contractors
What effects can suppliers and
contractors have on your significant
environmental aspects?
How do you communicate your
expectations to suppliers and
contractors?
How do you manage suppliers’
effects?
How do you manage contractors’
effects?
What contractors are on-site? What
are they doing? Let’s visit them.
23. 23
Performing Audit
GO-
EMS
Auditing
Emergency Preparedness and
Response
Have all likely emergencies situations
been identified and evaluated?
Are plans updated and in place to deal
with emergencies? Legal req’d plans?
Is there an emergency team? How are
they trained and maintain competency?
What emergency supplies are needed?
Where located? Alarm system?
What do employees need to know?
When was the last drill? Results?
Improvements? External responders?
24. 24
Performing Audit
GO-
EMS
Follow Audit Trails
As you audit you will find
interesting opportunities for
follow-up (audit trails).
Pick promising audit trails:
Follow it through
Interact with team
25. 25
Performing Audit
GO-
EMS Interview Top Management
Obtain evidence of leadership and commitment
Observe attendance and interest in opening, closing and
feedback meetings
Review documents:
Environmental policy
Objectives
Management reviews records
Interview members of top management:
Do they know “their” system?
Do they monitor, analyse data, draw conclusions, define actions?
Interview personnel at other levels:
Do they understand what top management is trying to communicate?
26. 26
Performing Audit
GO-
EMS
What are the Typical Contents of Final Audit
Report?
Audit scope & objectives
Audit plan, identification of auditors & auditees
Audit criteria
Audit team judgement of EMS compliance with audit criteria
Nonconformances
System ability to achieve defined objectives
Distribution list
Attachments: Completed Notes & Checklists,
Nonconformance Reports, Matrix Analysis
Note: See ISO19011:2000 section
6.6
28. 28
Performing Audit
GO-
EMS
Time management
Time is always short
Plan well
Do not allow your audit to get
side-tracked
Do not dig too much (beware
false audit trails)
Do not focus on trivia
Remember an audit is a
sampling
Editor's Notes
Finding evidence.
Documents, records, people, observation.
Audits are limited in time. Auditors must choose wisely to determine a “representative” or reasonable sample.
Discuss the concept of sampling with delegates. Ask them to determine a reasonable sample for a couple of examples. (Perhaps: 130 Haz waste manifests, employee understanding of policy )
Finding evidence.
Documents, records, people, observation.
Audits are limited in time. Auditors must choose wisely to determine a “representative” or reasonable sample.
Discuss the concept of sampling with delegates. Ask them to determine a reasonable sample for a couple of examples. (Perhaps: 130 Haz waste manifests, employee understanding of policy )
Document review. Ask delegates to comment on constraints and sampling of documentation. Cover below.
All documents should not be reviewed:
No time to check everything
Select representative sample
No set percentage
Representation of actions
Cover relevant period
Look at control
Slide 7 and 8 - Go to the field!
Audit approaches. Audits typically do not progress clause-by-clause in a sequential manner of PDCA. Our themes and linkages exercise (Ch 3 thru 7) illustrated other valid approaches to auditing. Three methods of auditing are noted here: The aspects audit traces an aspect through the “aspect theme”; The process audit follows a manufacturing process or business process and audits applicable clauses; The system audit first identifies how the system works and then verifies it really is.
Have the delegates identify specifics about each of the three audit methods and write them on the paper board. Answers could include:
Aspect based approach
Pick an Aspect and Follow it through the EMS
Identify inputs, Identify intended output, Identify controlled emissions and wastes, Identify uncontrolled emissions and wastes, What are the controls?, How is it monitored?
Process based approach
Follow the process through, Select pertinent records , Were all activities performed?, Were all significant aspects controlled?, Was monitoring carried out?, Were the controls effective?
System based approach
Map the system to identify:
Operations, Inputs & outputs, Aspects & Impacts, Controls, Sequence, Interactions, Prepare plan
Hand to the delegates the corresponding handout on audit approach
This is a good place for tutor to give examples and ask students for examples of both adequate and inadequate resources.
Audit Trails. Beware: some audit trails may consume considerable time and not yield useful information. For example: Tracking down a lost waste manifest may be interesting; however, it probably will not tell you much about the EMS. YOU MUST DECIDE WISELY.
Auditing Top Management can bring very good idea of their involvement.
ISO19011 specifies content of audit reports. What do the delegates think is required? And WHY?
Taking Notes. Your notes are your record of the audit, both conformance and nonconformance. Could somebody else find what you found using your notes? Of course, everybody has their own style of note taking. Could YOU find the same things again using your notes?
Time Management. Always be aware of time. Key question: When do you stop auditing a clause or area? When you have validated conformance.
Keep in mind the requirements you are trying to evaluate (refer to your checklist).
When/if you find nonconformance, validate the evidence and check with the auditee for confirmation. Then move on. Do not investigate WHY the nonconformance occurred. The auditee does that.
Just do the best you can with the resources provided!