INTRODUCTION

Information is pervasive across all organisations, technology and processes. Information, technology and data is all around us, both tangible, intangible, active and passive. The need to drive more value from IT investments and manage an increasing array of IT-related commercial risks has never been greater. Increasing regulation is also driving heightened awareness amongst directors and IT management of the importance of a well-controlled IT environment and the need to comply with legal, regulatory and contractual obligations. Effective enterprise governance of IT will result in improved performance, risk reduction and compliance with external requirements.
Information Management Compliance is a complex and detailed area. Personnel involved or which have responsibility for the organisation’s information needs and compliance, will invariably involve all areas of the business. Therefore, IT Management and multidisciplinary teams involved in information management compliance, need a firm understanding of corporate governance and regulatory considerations to fulfil their duties effectively and responsibly. They also need to keep abreast of practical and theoretical developments in the direction of their organisation and that of Information Management. This calls for adequate and specialized training and professional development.

WHO SHOULD ATTEND?

This training session has been designed for IT Management and personnel responsible for IT operations, network maintenance and data integrity/compliance and related projectsIt is also of key benefit to executives, senior managers, lawyers, investors, regulators, auditors and personnel responsible for compliance and technology within an organisation
 

PROGRAMME OBJECTIVES

• Review the current state and direction of best practices in corporate governance
• Appreciate implementing and embedding best practices within your organisation/institution
• Understand how to structure board committees, institutional policies and procedures to conform to international requirements and expectations
• Appreciate the role of audit within the compliance and corporate governance models
• Learn successful techniques in communicating governance procedures with outside stakeholders, including shareholders, governments and communities
• Review best practice guidance for implementation of governance directives within the management of the organisation
• Review the governance of other institutions, avoiding common pitfalls and implementing best practice
• Analyse the cost and how to identify and maximise the financial benefit from improved corporate governance and procedures
• Understand in detail ISO27002 – Code of Practice for Information Management, and appropriate controls for technology

TRAINING METHODOLOGY

• Participants will gain detailed knowledge by active participation in seminars, group discussions and real life case studies.
• Delivery will be by presentation, group syndicate investigations, training DVD and interactive seminars
• ORGANISATIONAL IMPACT
• Organisations will be better educated in relation to risks and benefits that corporate governance can bring. Successful delegates will understand the requirements, obligations, key regulations and codes of practice which are pervasive in corporate governance and Information Management today. This in turn will allow shareholders and executives to place good reliance on controls and governance models which safeguard information and business processes. Being able to adapt the current best practice will ensure that the organisation can benefit from leading solutions relevant for the organisational ethos, culture and regulatory infrastructure.
• PERSONAL IMPACT
• This leading seminar will provide delegates with an understanding of corporate governance and relevant stakeholder perspectives and responsibilities. With a review of relevant models, regulations and codes of practices for Information Management, this will ensure successful delegates can avoid common pitfalls and utilise best practice to ensure compliance when implementing corporate governance, information management and technical controls.

COMPETENCIES EMPHASIZED

• Directors Roles and Responsibilities
• Accountability and Audit
• Effective Management and Control
• Regulation and Codes of Practice
• Information Management
• ISO 27002 Code of Practice for Information Security Management
• Technical and Management Controls for Information Management
• Corporate Governance Models and Best Practice
• Compliance, Audit and Successful Steps to implementation

PROGRAMME OUTLINE

DAY 1

• Corporate Governance

• Corporate Governance
• An introduction and Development
• Strategic, Tactical and Operational Considerations
• Governance Model Considerations
• IT Governance Framework
• Strategic Alignment
• Value Delivery
• Risk Management
• Resource Management
• Performance Measurement
• Success factors in choosing the correct Governance Model

DAY 2

• Governance Models, Legislation and Codes of Practice

• Defining a Code of Best Practice
• Codes and Laws Compared
• Use of Codes to Establish Confidence
• Adapting and Implementing International Standards
• Case Study

DAY 3

• Information Management

• Code of Practice for Information Security Management – ISO 17799 / ISO27002
• Best Practice and Implementing Guidance and Controls For ISO27002
• Information Security Management Overview
• Risk Assessment and Controls
• Security Policy Documentation
• Organising Information Security Management
• IT Asset Management
• Personnel and Human Resources

DAY 4

• Information Management ISO27002

• Best Practice and Implementing Guidance and Controls For ISO27002
• Physical and Environmental Security
• Operations Management and Communications
• Access Control
• Information Systems (Design, Development, Maintenance)
• Incident Management
• Business Continuity
• Regulatory Compliance
• Best Practice and Implementation Guidance to BS ISO/IEC 38500:2008 – IT Management
• Case Study

DAY 5

• Audit and Compliance

• Successful steps for IT Security Management
• Audit and Compliance for IT Resources
• Business Process Engineering
• Case Study