Business Continuity Management Diploma
Business Continuity Management diploma designed for candidates want to develop a comprehensive understanding of how to manage business disruptions, emergencies or threats in an organization. Through the program, candidates gain the necessary competence on how to react in emergencies, and how to manage them successfully so that the operations and business continuity of the organization not distorted. The courses in this program prepare candidates in the areas of disaster recovery, business response, risk analysis, information management and other.
Apart from the theoretical aspect, the program also provides a practical explanation and understanding of business continuity management. Interconnection of theoretical and practical knowledge makes graduates capable to apply their expertise when treating serious situations in an organization. Candidates gain the necessary knowledge and skills to conduct advanced research into business continuity management issues, and to elaborate realistic recommendations for improving the business continuity of an organization.
Candidates develop their strategic thinking through the courses offered within the program, and become specialists able to respond to emergencies, mitigate or prevent threats, and recover from them. The program is suitable for candidates seeking managerial and executive roles in business management, in either public or private sector.
Programme Learning Outcomes:
• Learn how to estimate exposure to vulnerability, develop response actions and prospective reaction plans, business continuity plans, and disaster recovery frameworks.
• Prepare yourself with the necessary knowledge and skills to secure a leading role in business continuity management, with a general understanding of security and risk management as well.
• Gain extensive understanding of various business continuity aspects, and of reaction practices for treatment of serious situations.
• Learn how to propose plans and implement strategies for response to and recovery from emergencies
• Acquire the necessary skills to prevent potential risks that might emerge from serious situations, and be able to assign resources and appropriate response strategies for mitigating the effects of those situations.
• Develop fundamental understanding of emergency management processes and procedures.
Audience for this diploma:
• Project managers or consultants wanting to prepare and to support an organization in the implementation of a Business Continuity Management System (BCMS).
• Business continuity auditors who wish to fully understand the implementation of a Business Continuity Management System.
• Persons responsible for the business continuity conformity in an organization. • Members of a business continuity team.
• Expert advisors in business continuity.
• Members of an organization that want to prepare for a business continuity function or for a BCMS project management function.
• Managers or consultants involved in Supply Chain Security Management.
• Expert advisors seeking to master the implementation of a Supply Chain Security Management System.
• Executive seeking management roles in business management, either public or private sector.
I. Business Continuity Implementation This course enables participants to develop the necessary expertise to support an organization in implementing and managing a Business Continuity Management System (BCMS) based on ISO 22301:2010. Participants will also gain a thorough understanding of best practices used to implement business continuity processes from the ISO 22399.
This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems – Guidelines for Quality Management in Projects) and fully compatible with BS 25999 (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).
o This training based on both theory and practice: Sessions of lectures illustrated with examples based on real cases.
o Practical exercises based on a full case study including role playing and oral presentations.
o Review exercises to assist the exam preparation.
o Practice test similar to the certification exam.
o To understand the implementation of a Business Continuity Management System (BCMS) in accordance with ISO 22301, ISO 27031 or BS 25999.
o To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques
required for the effective management of a Business Continuity Management System.
o To understand the relationship between the components of a Business Continuity Management
o System and the compliance with the requirements of different stakeholders of the organization.
o To acquire the necessary expertise to support an organization in implementing, managing and maintaining a BCMS as specified in IS022301 or BS 25999.
o To acquire the necessary expertise to manage a team implementing IS022301 or BS 25999.
o To develop the knowledge and skills required to advise organizations on best practices in the management of business continuity.
o To improve the capacity for analysis and decision making in the context of business continuity management.
II. Business Continuity Audit
This intensive course enables participants to develop the necessary expertise to audit a Business Continuity Management System (BCMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according to 17021. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, and necessary to efficiently conduct an audit. This training is compatible with BS 25999 audit (Business continuity management specification) and ISO 27031 (Guidelines for information and communication technology readiness for business continuity).
This training based on both theory and practice:
o Sessions of lectures illustrated with examples based on real cases
o Practical exercises based on a full case study including role playing and oral presentations
o Review exercises to assist the exam preparation
o Practice test similar to the certification exam
o To acquire the expertise to perform an ISO 22301 or BS 25999 internal audit following ISO 19011 guidelines.
o To acquire the expertise to perform an ISO 22301 or BS 25999 certification audit following ISO 19011 guidelines and the specifications of ISO 17021.
o To acquire the expertise necessary to manage a BCMS audit team.
o Understanding the operation of the Business Continuity Management System in accordance with IS022301, ISO 27031 or BS 25999.
o To understand the relationship between a Business Continuity Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization.
o To improve the ability to analyze the internal and external environment of an organization, risk.
III. Disaster Recovery Management
Disaster Recovery Manager training enables you to acquire the necessary knowledge to support an organization in implementing, maintaining and managing an ongoing Disaster Recovery Plan. During this training course, you will also gain a thorough understanding of best practices in Disaster Recovery. After understanding all the necessary concepts of Disaster Recovery processes; you will be able to demonstrate that you have the practical
knowledge and professional capabilities to implement and manage Disaster Recovery processes in an organization. This training based on both theory and best practices used in the implementation and management of a DR plan:
o Lecture sessions are illustrated with examples based on case studies
o Practical exercises are based on a case study which includes role playing and discussions
o Practice tests are similar to the Certification Exam
o Acknowledge the correlation between Disaster Recovery and other standards, regulatory frameworks and IT areas.
o Understand the concepts, approaches, methods and techniques used for the implementation and effective management of a Disaster Recovery Plan.
o Learn how to interpret the ICT Disaster Recovery strategies in the specific context of an organization.
o Develop the expertise to support an organization to effectively plan, implement, manage, monitor and maintain Disaster Recovery services based on best practices.
IV. Incident Management:
An essential part of risk and incident analysis is to provide management with decisionmaking criteria for determining and subsequently establishing an organization’s range of acceptable, tolerable and unacceptable risk category levels for the effective management of all their significant health, safety and process risks.
In this course, delegates will advance their knowledge and skills by:
o Understanding the importance and role of risk and incident analysis
o Learning the principles of risk management and assessment process
o Being able to analyze risks and incidents and consider the underlying causes
o Learning how to select/implement pro-active incident prevention measures
o Understanding pre and post risk and incident management
o Gaining an appreciation of risk and incident analysis techniques
o Identification of potential plant, process and work task related risks
o Developing and implementing Risk Management programmes
o Understanding how to carry out comprehensive incident analysis using evaluation tools, including root cause analysis (RCA)
o Develop skills for analyzing new and existing risk control measures and improving incident analysis techniques of pre and post risk and incident management arrangements
Delegates will learn by active participation through inspiring presentation tools and interactive training course and role-playing activities, presented in a lively, enthusiastic and interesting style. Delegates will take part in topic exercises, case studies and the practical programme.
V. Risk Management
The course prepares learners to demonstrate knowledge and comprehension of the four elements of the Management of Risk framework: Principles, Approach, Processes, Embedding and Reviewing; and how these elements support corporate governance. The Management of Risk framework will provide learners with the opportunity to practice the practical application of the Management of Risk method and covers the twelve Management of Risk principles; Approach, Process and the basic techniques essential to managing risks using the Management of Risk guidance. The purpose of the Management of Risk qualification is to confirm that the learner has achieved sufficient understanding of how to apply and tailor Management of Risk in a scenario situation.
Management of Risk considers risk from different perspectives within an organization strategic, Program, Project and Operational. While it links to other Best Practices, it respects the roles, responsibilities and terminologies used outside the disciplines of program and project management.
At the end of the Course, participants will gain competencies in and be able to:
Describe the key characteristics of risk and the benefits of risk management
o List the eight Management of Risk Principles
o List and describe the use of the key Management of Risk Approach documents
o Create Probability and Impact scales
o Define and distinguish between risks and issues
o Create a Risk Register
o Create a Stakeholder map
o Identify the key roles in risk management
o Use the key techniques and describe specialisms in risk management
o Outline of Management of Risk approach documents (including policy, process guide and risk communications plan)
o Risk identification, assessment and control
o Embedding and reviewing Management of Risk
o Management of Risk organizational perspectives (strategic, program, project, operational)
o Management of Risk roles and responsibilities
o Management of Risk health check
o Management of Risk maturity model
o Risk specialisms (including business continuity management)
VI. Business Impact Analysis
This course provides an in-depth look into the Analysis stage of the Business Continuity Management Lifecycle. This course provides the business continuity and resilience professional with the opportunity to gain a deeper understanding of this key skill area. The course is broken down into modules, exploring the concept of Business Impact Analysis as well as the practical application using a number of different case studies. Delegates have the option of using their own organization as a case study. This course based on the current global thinking from ISO 22301, ISO 22313 and ISO/TS 22317.
o Understand the Business Impact Analysis (BIA) process.
o Understand how to structure the BIA process.
o Apply the methods available to conduct a BIA.
o Utilize the information from the BIA to design the most appropriate continuity recovery strategies
VII. Information Security Risk Management
Information Security Risk Management course based on ISO/IEC 27005 enables you to acquire the necessary skills and knowledge to initiate the implementation of an information security risk management process. Therefore, it proves that you are able to identify, assess, analyze, evaluate and treat various information security risks faced by organizations. Moreover, it enables you to support organizations prioritize risks and undertake appropriate actions to reduce and mitigate them. The training will help you align organizations Information Security Management system with Information Security Risk Management process. In addition, when obtaining ISO/IEC 27005 Credentials you will be able to help organizations continually improve an information security risk management process, which leads the organization towards achieving its objectives.
The training enables you to acquire the necessary expertise to support an organization in the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an Information Security Risk Management program. The training will also contain a thorough understanding of best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA.
o Master the concepts, approaches, methods and techniques that enable an effective risk management process based on ISO/IEC 27005
o Acknowledge the correlation between Information Security risk management and security controls
o Learn how to interpret the requirements of ISO/IEC 27001 in Information Security Risk Management
o Acquire the competence and skills to effectively advise organizations on Information Security Risk Management best practices
o Acquire the knowledge necessary for the implementation, management and maintenance of an ongoing risk management program
VIII. Supply Chain Security Implementation
Supply Chain Security Implementation based on ISO 28000 Lead Implementer training enables you to develop the necessary expertise to support an organization in establishing, implementing, managing and maintaining a Supply Chain Security Management System (SCSMS) based on ISO 28000. During this training course, you will also gain a thorough understanding of the best practices of Supply Chain Security Management Systems and be
able to improve efficiency in managing potential security risks and their impacts in an organization`s supply chain.
o Acknowledge the correlation between ISO 28000 and other standards and regulatory frameworks
o Master the concepts, approaches, methods and techniques used for the implementation and effective management of a SCSMS
o Learn how to interpret the ISO 28000 requirements in the specific context of an organization
o Learn how to support an organization to effectively plan, implement, manage, monitor and maintain a SCSMS
o Acquire the expertise to advise an organization in implementing Supply Chain Security Management System best practices