Education

Standards Day is an action-packed day that provides implementation and certification guidance on three related standards from ISO and/or ANSI/ASIS. Each of the three sessions will cover the selected requirements, implementation, best practices, and how the standard can meet compliance requirements and make an organization more competitive. Each standard is presented by a subject matter expert.  Open discussion on which standard is right for each organization will be encouraged.

Standards will be selected from the following list:

ISO 27001 Information Security	ASIS Business Continuity Guideline
ISO 20000 Service Management	ASIS SPC.1 Organizational Resilience
ISO 9001 Quality Management	ASIS WVP1.1 Workplace Violence
ISO 22301 Business Continuity	ISO 18788 Private Security

1. Identify the focus of each standard and why an organization would implement one over another.
2. Understand where requirements for each standard are common and where they stand alone.
3. Evaluate the organization’s compliance requirements to determine which standard may be most
   applicable.

CPE = 6 credits

This 3-hour workshop breaks down the ISO management system for Information Security and the Appendix A set of information security controls for this risk-based standard. The session will cover ISO

requirements, review each of the 11 domains and 114 controls in the Annex A, provide implementation best practices, and discuss how the standard can meet ongoing compliance and make an organization more competitive.

1. Evaluate the current information security program against the ISO 27001 standard.
2. Understand general implementation and certification requirements of an ISMS.
3. Identify critical relationships between risks and controls.

CPE = 3 credits

Quality is a goal of every organization. We want quality people to support our customers, quality processes to ensure we fulfill our customer requirements, and quality products and services to justify why we are in business. The ability to meet quality objectives requires structure at all levels of the product or service delivery cycles. More now than ever, customers are requesting or requiring organizations to ensure a quality management system (QMS) exists. The best way to ensure the effort to create a sustainable QMS is to certify to ISO 9001. This standard helps organizations be more efficient and improve customer satisfaction.

1. Evaluate existing processes against the standard to identify areas of improvement.
2. Understand the value of meeting Quality Objectives through alignment of process performance.
3. Analyze current internal and external factors that impact the organization and its ability to meet
   client obligations.

CPE = 3 credits

All organizations deliver some level of service, whether to the internal organization and/or to the customer. Supporting those services in a structured, repeatable fashion can enhance the end-user experience. Implementation of a service management system (SMS) should be considered a strategic initiative to oversee the support and delivery of defined services as well as capitalize on the use of technologies to manage the end-to- end lifecycle of a service and its related components. While the standard contains the word “IT”, many additional non-technical services can and should be included within the catalog of services. This seminar will identify the key components of an SMS under ISO 20000 and utilize relevant examples to work through the requirements of the SMS.

1. Apply structured service management requirements to enhance customer requests.
2. Understand the benefits of proper tracking of configuration items and assets through the service
   management lifecycle.
3. Evaluate reliance of existing tools to support the full execution of the service management process.

CPE = 3 credits

Business Continuity (BC), Disaster Recovery, Organizational Resilience, Private Sector Preparedness, and Supply Chain Continuity are concepts that have become increasingly important during a period of increasing weather events, geo-political upheaval, and supply chain disruptions. This seminar will explore how to implement a Business Continuity Standard or Guideline. References to ISO 22301 Business Continuity, ASIS SPC.1 Organizational Resilience and ASIS Business Continuity Guideline will guide this session on key BC requirements and recommendations. Discussion of the differences and similarities between these standards will be discussed.

1. Have a firm understanding of the various BC Standards and Guidelines.
2. Create an outline for a cost effective and “fit for purpose” implementation strategy.
3. Identify critical components to a successful BC program.

CPE = 3 credits

Audit of an organization’s management system is both critical to success and required of the standard(s) for which the organization is certified. External audits are provided by a 3^rd party registrar. Internal audits may be outsourced to an experienced internal auditor or provided by the organization’s internal resources. There is a standard for auditing – ISO 19011. Radian provides a training course based on ISO 19011 and best practices. This is a 2-day course with learning and auditing exercises.

If this course is selected for a client onsite, we will tailor wherever possible the organization’s own security policies, practices and management system for audit focus and guidance. The class activities will include actual audits of selected organizational processes.

If this course is provided as a public session, exercises will incorporate a variety of common audit elements for multiple standards to meet a variety of students’ needs.

1. Apply basic auditing skills to participate in an ISO internal audit.
2. Create proper audit collateral to validate the audit process.
3. Analyze audit evidence to identify conformance or nonconformance to the requirements of the
   standard or that of the documented information.
4. Understand the requirements for proper auditing protocol.

CPE = 12 credits

Private Security Service Providers including Private Security Companies (PSCs) play an ever-expanding role in protecting both state and commercial entities while operating in high risk international environments. Supported by the DoD, a Quality Assurance Management System (QAMS) standard was developed. The goal of the standard is to assure high quality security services while protecting human rights and fundamental freedoms in circumstances where the rule of law has been weakened due to human or natural events, while allowing for the PSC to achieve its objectives and those of its clients. This ANSI Standard (ASIS PSC.1) was then used as the basis for the development of ISO 18788 Private Security Operations Management.

The course is presented by Lisa DuBrock, CPP, one of the core authors of this standard who also has expertise in multiple ISO management system implementations. Lisa will review the requirements of these standards and share her insight as a member of the ISO U.S.-TAG committee supporting the ongoing continual improvement of ISO 18788.

1. Have a familiarity for the requirements and value of the standards.
2. Evaluate the benefit for implementing a risk management framework which supports security

and human rights requirements.

3. Understand how to implement a human rights impact analysis.

CPE = 3 credits

This course focuses on prevention, response and recovery from incidents of Workplace Violence. Discussions on an organization’s past history and current potential threats will be evolving and include recent events. The ASIS WVP1.1 standard for workplace violence prevention and intervention as well as current regulatory requirements, such as those from OSHA, will be used as reference for creating and managing a sound program that can be sustainable and effective.

1. Learn the variety of risks of workplace violence issues.
2. Train participants in recognizing, assessing, and responding to threats from individuals against personnel and assets.
3. Understand crisis response strategies.

CPE = 3 credits

All organizations must face the reality of a potential act of violence involving staff. With our virtual work environment, the danger is not limited to our physical work space. This training will provide all employees the necessary tools to identify danger signs in people we know (at work or otherwise) and what to do personally if they are involved in an unfortunate event. It is aligned with the newly released Annex to the ASIS WVP.1  - Workplace Violence Prevention and Intervention Standard.

1. Understand litigation exposures from acts of violence.
2. Learn active assailant survival strategies.
3. Learn mass communication necessity and processes.

CPE = 3 credits