PECB Change Log Form

Transcription

1 GENERAL INFORMATION Owner / Department* Approver / Department * Training Development Department Quality Assurance Department Date of Approval* Course name: Language: New Version: Previous Version: Course details* ISO Lead Implementer English Summary of the Change: The training course has been updated based on the latest version of ISO 31000:2018 and ISO 19011:2018. Section 4 Fundamental principles of business continuity in Day 1 has been completely Section 7 Analyze the existing system in Day 1 has been completely The entire section of the PECB Certification Process in Day 4 has been General design improvements have been made on the training course. Day 1: Slide Number Current version Previous version No.1 No.1 Day 1 Slide Description: Modifications: been Some titles of the sections have been modified Comments

2 Schedule for the Week No.2 No.2 Schedule of the Training No.3 No.3 **Slide Notes Extension** No.4 No.4 **Normative References** No.5 No.5 **List of Acronyms and Abbreviations Schedule of the Training Some titles of the sections have been modified. Some titles of the sections have been modified. **Normative References Used in this Training** **Normative References** The publishing years of the standards have been The notes section has been Some accronyms have been deleted, while others have been added.

3 Slide: Smoking area has been replaced with interactive & engaging session. No.8 No.8 General Information No.10 No.10 Financial Costs of Business Disruptions Notes: The following sentence has been added in the notes section: All training course sessions are designed in a way that lets every candidate participate and take the most out of the course in practice and theory. Minor changes have been made in the notes section. Minor changes have been made in the notes section. Training Objectives No.11 No Learning Objectives Learning Objectives Slides 11 and 12 have been merged to slide 11. No.12 N/A Learning Objectives New slide has been added. No.13 No.13 Educational Approach No.16 No.16 Certificate Minor changes have been made in the notes section. Minor changes have been made in the notes section. No.18 N/A Certification Bodies for Persons New slide has been added.

4 N/A No.18 Why Become a PECB Certified Implementer? Slide has been deleted. No.20 No.20 ISO Lead Implementer Training No.21 No.21 ISO Structure No.22 No.22 Management System Standards No.23 No.23 Integrated Management System Content in the notes section has been deleted. Minor changes have been made in the slide and notes section. The following standards have been added in the slide section: ISO 9001 Quality and ISO Occupational Health and Safety The following standard has been deleted from the slide section: ISO Business continuity The last column of the table on the slide has been deleted. The title of this slide was changed History of the ISO Standard No.27 No.27 Development of the ISO Standard Development of the ISO Standard The following cited content has been deleted: ISO 22300, clause Societal security The slides have switched places. No No Business Continuity and Exercise 1 Slide 31 in the previous version of the training course is now slide 30. Furthermore, slide 30 in the previous version of the training course is now slide 31.

5 The title of this slide was changed ISO Lead Implementer Training No.33 No.33 Certified ISO Lead Implementer Training Certified ISO Lead Implementer Training No.34 No.34 What is Business Continuity? The section s activities were The following clause has been deleted from the notes section: N/A No.36 Key Components of a BCMS Slide was deleted. No.43 No.43 Objectives and Plans to Achieve Them 3.4 Business continuity management. Repeated notes information was deleted. N/A No.46 **Slide Notes Extension** Slide has been deleted. No.53 No.55 Certified ISO Lead Implementer Training The title of the slide was changed ISO Lead Implementer Training Certified ISO Lead Implementer Training The section s activities were No.54 N/A Main Definitions New slide was added. No.55 N/A Business Continuity New slide was added. No.56 N/A Business Continuity Management New slide was added. No.57 N/A Business Continuity Management System New slide was added. No.58 N/A Disaster Recovery New slide was added. This slide s content has information on the terms and definitions related to Business Continuity, cited from ISO The slide s content has information on the business-driven process and its effect on an organization. This page s content provides information on Disaster Recovery: its definition.

6 This slide was moved to page 59. No.59 No.57 Business Continuity and Disaster Recovery No N/A Business Continuity Planning Process & **Slide Notes Extension** Also, the content of Data Recovery, in 1st paragraph, in the Notes section was removed. New slides were added. No.62 N/A Recovery Objectives New slide was added. No.63 N/A RPO and RTO New slide was added. No.64 N/A Maximum Acceptable Outage (MAO) New slide was added. No.65 N/A Minimum Business Continuity Objective (MBCO) New slide was added. These two slides contain information on the Business Continuity Planning process with the four following steps being the crux of these slides: Business Impact Analysis Recovery Strategies Plan Development and Testing and Exercises This slide provides definitions taken from ISO on the terms such as: Recovery Point Objective, Recovery Time Objective, Maximum Acceptable Outage, and Minimum Business Continuity Objective. This slide provides more information regarding the Recovery Point Objective and Recovery Time Objective. This slide provides more information on the Maximum Acceptable Outage. This slide provides more information on the Minimum Business Continuity Objective.

7 The title of the slide was changed Involve all Elements of the Organization No.66 No.58 Involving all Elements of the Organization N/A No.68 No.56, 59, 60, 61, 62, 63, 64, 65, 66 No.68 No.69 No.69 Requirements No.75 No.76 No.76 No.75 Certified ISO Lead Implementer Training Integrated Implementation Methodology for Management Systems and Standards (IMS2) Selection of a Methodological Framework to Manage the BCMS Implementation Project Involving all Elements of the Organization This slide was moved to page 66. Minor changes were made in the Notes section. All these slides were deleted. The title of the slide was changed ISO Lead Implementer Training Certified ISO Lead Implementer Training This slide was moved to page 75. This slide was moved to page 76. The logos were updated in the slide. No.77 No.77 Approach and Methodology Minor changes were made in the notes section. N/A No Alignment with the Best Practices This slide was deleted. No.80 No.81 Section 6 Understanding the organization Activities in the slide section have been

8 Analysis of the External Environment No.86 No Analysis of the External and Internal Environment Analysis of the External and Internal Environment. Analysis of the Internal Environment No.87 No.88 Analysis of the External and Internal Environment Analysis of the External and Internal Environment. No.92 No.111 No.93 No Analysis of Interdependence and Interested Parties Analyze the existing system Slide section has been The following sentence has been deleted from the notes section: Interdependence is considered to be the glue that binds teams and builds success. Name of the section has been changed Analysis of the existing management system No.113 No.118 Gap Analysis Analyze the existing system. This slide was moved to page 113.The content of the slide and notes section was

9 The title of the slide was changed 1.3. Analysis of the Existing Management System 1.3. Analyze the Existing System No.114 No Analyze the Existing System The content of the slide was modified: in the previous version is substituted with Conduct the gap analysis. The previous version had three activities, the current one has 2. The notes section was No.115 N/A Conduct the Gap Analysis This slide was added. No.116 N/A Determine the Current State This slide was added. No.117 No.115 Information Gathering The title of the slide was changed Information Gathering Information Gathering This slide was moved to page 117. No.123 N/A Gap Analysis - Example This slide was added. N/A No.125 No.118, 120,123 No.125 BCMS scope These slides were deleted. Name of the section has been changed Scope of the BCMS BCMS scope. This slide provides more information on the questions that are asked during the Conduct the Gap Analysis process. Examples of gap analysis, taken from the standard.

10 1.4. Scope of the BCMS No.130 No BCMS scope No.132 No.133 No.132 No Defining the Organizational Boundaries of the Scope Defining the Business Lines Boundaries of the Scope No.137 No.137 Scope Statement 1.4. BCMS scope Slide section has been Notes section has been The content on the slide has been The notes section s content was deleted. Day 2: Slide Number Current version Previous version No.1 No.1 Day 2 No.2 No.5 No.2 No.5 Slide Description: Section 9 Leadership and planning 1.5. Leadership and Planning No.13 No.13 Determine the Objectives No. 16 No. 16 Content of the BCMS Project Plan Modifications: been Activities in the slide section have been Slide section s activities have been The following content was deleted on the slide section: Ensure compliance of Business Continuity for a project, delivery of a service or product, etc. The PMBOK section numbers in the notes section have been updated based on the latest edition of the PMBOK. Comments

11 No. 18 No. 18 No.24 No Communication Plan for the BCMS Project Section 10 Business continuity policy PECB Change Log Form The ISO 22301, clause 7.4 reference has been deleted from the slide section. The following activity has been deleted from the slide section: Creating policy models. No.26 No.26 Requirements Notes section has been No.28 No Defining the Policy Drafting Process No.32 No Training, Communication and Awareness Minor changes have been made in the notes section. Notes section has been No.33 No Control, Evaluation and Review Notes section has been No.35 No.35 ISO Lead Implementer Training Slide section - minor modification in the list of activities. No.37 No.37 Requirements Slide section has been No.39 No Organizational Structure Slide section has been No. 41 No. 41 Involved Parties No.42 No.45 No.42 No.45 No.50 No.50 Requirements No.51 No.51 Requirements Assign a Business Continuity Coordinator Create the Necessary Business Continuity Teams No.57 No Creation of Templates The following acronym has been deleted from the notes section: CERT: Computer Emergency Response Team. Slide and notes sections have been Minor changes have been made in the notes section. been slightly modified. The reference of the standard has been added in the notes section: ISO 22301, clause Control of documented information (cont d). been deleted.

12 No.61 No.62 No.63 No.61 No.62 No Implementation of a Document Management System Drafting the BCMS Required Documented Information Documented Information that may be Required No. 64 No. 64 Creation of a Master List of Documents No.74 No.74 Competence and Training No.77 No.78 No.77 No Defining a Competence Development Programme Assessment of the Required Competences No.81 No.81 Principal Training Methods No.82 No.82 **Slide Notes Extension** No.83 No.83 **Slide Notes Extension** No.86 No Evaluation & Continual Improvement of the Competency Development Programme PECB Change Log Form The content in the slide section has been slightly modified. been been deleted. The content in the slide section has been slightly modified. The reference of the standard has been added in the notes section: ISO 10015, clause Involvement of personnel. been deleted. been been been been The reference of ISO 10015, clause 4.5 has been added in the slide section. New information has been added in the notes section. No.93 No Business Impact Analysis Slide section has been No. 95 No. 95 I. Understanding the Impact Criticality The title of the slide changed Understanding the Impact Criticality I. Understanding the Impact Criticality.

13 No. 96 No.96 II. Determining the Approach and Data Collection Method The title of the slide changed I. Determination of the Approach and Method to Data Collection II. Determining the Approach and Data Collection Method. The title of the slide changed II: Identifying the Activities that Support Key Products and Services No.97 No.97 III. Identifying the Critical Activities (that Support the Organization s Key Products and Services) III. Identifying the Critical Activities (that Support the Organization s Key Products and Services). No. 99 No. 99 IV. Selection of the Impacts to be Analyzed No. 101 No. 101 V. Preparation of the BIA Tools No. 104 No Collecting the Data The content in the slide section has been slightly modified. The title of the slide changed III. Selection of the Impacts to be Analyzed IV. Selection of the Impacts to be Analyzed. The title of the slide changed IV. Preparation of the BIA Tools V. Preparation of the BIA Tools. The title of the slide changed Collecting the Data Collecting the Data.

14 No.112 No.113 No.112 No.113 Identification of the Business Continuity Objectives Identification of the Business Continuity Objectives No.117 No.117 Analysis of the Data No. 121 No. 121 No. 122 No Data Validation No.130 No.129 Requirements Presentation of the BIA Report PECB Change Log Form The title of the slide changed RPO and RTO Identification of the Business Continuity Objectives. The title of the slide changed RTO Identification of the Business Continuity Objectives. The reference of the standard has been added in the notes section: ISO 22301, clause The title of the slide changed Data Validation Data Validation. The title of the slide changed Presentation of BIA Report Presentation of the BIA Report. been No.131 N/A Risk Management Principles New slide has been added. This page provides more information on risk management principles based on ISO

15 Risk Management Process (ISO 31000) No.132 No.130 Relationship Between the RM Principles, Framework and Process Relationship Between the RM Principles, Framework and Process No.133 N/A Risk Management Process According to ISO No.136 No Risk Identification No.146 No Risk Analysis No.154 No Risk Evaluation New slide was added. updated based on the last version of ISO 31000:2018. Notes section has been updated based on the last version of ISO 31000:2018. The reference of ISO 31000, clause has been deleted from the slide section. Furthermore, the content in the slide section has been slightly modified. been updated based on the last version of ISO 31000:2018. No.155 No.152 Decisions Resulting from Risk Evaluation Notes section has been No.157 No.154 Evaluation of Risk Notes section has been updated based on the last version of ISO 31000:2018. This slide illustrates the risk management process, whereas the notes section provides additional information about this process.

16 Day 3: Slide Number Current Version Previous version No.1 No.1 Day 3 Slide Description: No.6 No Business Continuity Strategy No. 9 No. 9 Analysis of BC Strategy Options No.10 No.11 No.12 No.10 No.11 No Selection of the Strategy for Protecting Prioritized Activities Selection of the Strategy for Stabilizing, Continuing, Resuming and Recovering Prioritized Activities Selection of the Strategy for Mitigating, Responding to and Managing Impacts No.15 No.15 II. Rebuild and Restoration Modifications: been The list of activities in the slide section has been The reference of ISO 22313, clause has been added in the slide section. The reference of the standard has been added: Determination and selection. The reference of ISO 22313, clause has been added in the slide section. The reference of the standard in the notes section has been slightly modified. The reference of the standard has been added: Determination and selection. The reference of the standard has been added in the notes section: ISO 22313, clause 8.3 Business continuity strategy Determination and selection Mitigating, responding to and managing impacts Insurance: Comments

17 No.18 No.18 V. Reciprocal Agreement No.23 No Evaluation of the Business Continuity Capabilities of Suppliers PECB Change Log Form The following sources have been added in the notes section: Radvanovsky, Robert & Brodsky, Jacob, Handbook of SCADA/Control Systems Security (2013) Marianne M. Swanson, Pauline Bowen, Amy W. Phillips, Dean Gallup, and David Lynes, Contingency Planning Guide for Federal Information Systems (2010) Notes section has been Part of the content on the notes section has been deleted. No.25 No.26 Exercise 8 Exercise has been No.30 No Protection & Mitigation Measures Slide section has been No.31 No.31 No. 32 No. 32 Implementation of Protection & Mitigation Measures Implementation of Protection & Mitigation Measures No.56 No.56 Description of Activities in a Procedure No.63 No.63 Incident Response Plan The following content has been deleted from the notes section: Synonym: control, counter-measure. The figure in the slide section has been The following information in the notes section has been changed Describe the process and controls from responses to the "6W questions: Describe the process and controls from responses to the 5 W s and 1 H questions. Minor changes have been made in the slide section.

18 No.65 No.65 I. Establish an Incident Management Structure No.69 No.69 II. Monitor the Events that can Result in Incidents No.71 No.71 III. Detect the Incidents No.72 No.72 IV. Assess and Evaluate Incidents No.73 No.73 V. Declare an Incident Response I. Incident Management Structure I. Establish an Incident Management Structure. II. Monitoring of Events II. Monitor the Events that can Result in Incidents III. Detection of Incidents III. Detect the Incidents IV. Assessment and Evaluation of Incidents IV. Assess and Evaluate Incidents V. Invocation of an Incident Response V. Declare an Incident Response.

19 VI. Incident Response Communication No.74 No.74 VI. Communicate on the Incident Response VI. Communicate on the Incident Response The sentence in the notes section has been slightly modified. IX. Post-incident Review» No.79 No.79 IX. Conduct a Post-Incident Review No.82 No.82 Requirements No.83 No.83 **Slide Notes Extension** No.84 No.84 What is an Emergency? No.95 No.95 VII. Awareness, Drill and Training To : IX. Conduct a Post-Incident Review. been deleted. Notes section has been Part of the content in the notes section has been deleted. The reference of the standard has been added: ISO 22313, clause Safety and welfare procedures (cont d) The reference of the standard in the slide has been changed ISO 22399, clause 3.6 ISO 22300, clause 3.77 Notes section has been New information has been added in the notes section. Notes section has been Part of the content in the notes section has been deleted.

20 No.96 No.97 Exercise 11 The exercise has been No.99 No.99 Requirements No.100 No.100 Crisis Characteristics Notes section has been The reference of ISO 22300, clause 3.59 has been added in the notes section. Minor changes have been made in the notes section. No.102 No.102 A Crisis Management Team Notes information has been deleted. No.104 No.104 Crisis Management Deals with Dilemmas Slide s content has been The information in the notes section has been deleted. No.110 No.110 IT Recovery Plan Slide s content has been No.112 No.112 II. Transfer to the Recovery Site and Logistics Notes section has been No.114 No.114 IV. Financial and Administrative Procedures Day 4: IV. Accounting and Administration To : IV. Financial and Administrative Procedures Slide Number Current Version Previous version No.1 No.1 Day 4 Slide Description: No.4-5 No.4 **Slide Notes Extension** Modifications: been The content in the notes section from slide 4 of the previous version of the training course has been divided into slides 4 & 5 of the current version of the training course. No.8 No.7 Why Evaluate Business Continuity Plans? Notes section has been Comments

21 No.9 No Exercising and Testing Slide section has been No.13 No.12 Creation of an Exercise & Test Plan No No.13 No No.19 No. 26 No. 23 No No No.34 No.30 Creation of an Exercise & Test Plan Conducting an Exercise/Test Activity ISO Lead Implementer Training Section 25 Requirements 3.1. Monitoring, Measurement, Analysis and Evaluation of the BCMS No.36 No Objects of Monitoring and Measurement No.41 No.37 I. Operational Dashboard No.46 No.42 Section 26 Internal audit No.50 No.46 What is an Audit? No. 52 No. 48 Differences between Internal and External Audits Minor changes have been made in the notes section. The content of slide 13 of the previous version of the training course has been shifted to slides 14 and 15 of the current version of the training course. The content of slide 19 of the previous version of the training course has been shifted to slides 21 and 22 of the current version of the training course. The content in the slide section has been slightly modified. Slides 25 to 27 of the previous version of the training course have been shifted to slides 28 to 31 of the current version of the training course. In addition, standard references have been corrected. Slide section has been Minor modifications have been made in the slide section. The notes section has been Activities in the slide section have been Slide section has been updated based on the last version of ISO 19011:2018. Minor modifications have been made in the slide section.

22 Main Services and Activities of the Internal Audit No No.49 Main Internal Audit Activities Main Internal Audit Activities No.55 No.50 The ISO Standard Slide 49 of the previous version of the training course has been shifted to slides 53 and 54 of the current version of the training course. updated based on the last version of ISO 19011:2018. No.56 No Internal Audit Slide section has been No.57 No Create an Internal Audit Program No.58 No Designate a Responsible Person updated based on the last version of ISO 19011:2018. Notes section has been updated based on the last version of ISO 19011:2018. Generic Knowledge and Competencies No No.54 Generic Knowledge and Competencies of Auditors Generic Knowledge and Competencies of Auditors updated based on the last version of ISO 19011:2018. Slide 54 of the previous version of the training course has been shifted to slide 59 and 60 of the current version of the training course. N/A No Create Audit Procedures Slide has been deleted.

23 No.64 No Perform Audit Activities PECB Change Log Form The title of the slide has changed Perform Audit Activities Perform Audit Activities. updated based on the last version of ISO 19011:2018. No.65 No.60 Nonconformities Notes section has been No.66 No Follow-up on Nonconformities No.79 No.74 ISO Lead Implementer Training - Section 28 Nonconformities & corrective action Minor changes have been made in the slide section. The title of the slide section has been changed Treatment of problems and nonconformities Nonconformities & corrective action No.83 No Nonconformities & Corrective Action The activities in the slide section have been 4.1. Treatment of Problems and Nonconformities 4.1. Nonconformities & Corrective Action No No Define a Process to Resolve Problems and Nonconformities Slide section has been updated Slide 79 of the previous version of the training course has been shifted to slides 84 and 85 of the current version of the training course. been

24 No.89 No Preventive Action Procedure Slide section has been No.92 No.87 Exercise 15 Exercise has been No.94 No.88 Section 29 Continual improvement Minor changes have been made in the slide section. No.98 No Continual Improvement No.100 No.101 No.104 No.94 No.95 No Maintenance and Improvement of the BCMS Continual Update of Documented Information Section 30 Preparing for the certification audit No.107 No.101 Certification Process Minor changes have been made in the slide section. Title of the slide has been changed Continual Update of the Documentation and Records Continual Update of Documented Information Activities in the slide section have been No.108 No.102 Before the Certification Audit Minor changes were made on the slide. No.109 No Selecting the Certification Body No.113 No Stage 2 Audit Minor changes were made on the slide and notes section. The reference of the standard has been added in the notes section: ISO/IEC , clause 9.3 Initial certification Initial certification audit Stage 2 audit The title of the slide was changed 5. Conducting a Follow-Up Audit No.115 No Follow-Up Audit No.116 No Certification Decision 5. Follow-Up Audit The ISO reference on the slide was removed. Minor changes were made on the notes section.

25 No.117 No.111 Elements to Consider During a Surveillance Audit No.118 No.112 Recertification Audit PECB Change Log Form The title of the slide was changed Elements to Audit During a Surveillance Audit Elements to Consider During a Surveillance Audit No.119 N/A **Slide Notes Extension** New slide has been added. No.120 No.113 Use of ISO Trademarks Use of Certification Bodies and ISO Trademarks No.122 No.115 ISO Lead Implementer Training - Section 31 Competences and evaluation of a Lead Implementer No.125 No.118 PECB ISO Certification Scheme No.126 No.119 PECB Certification Process No.127 No Attendance Record Use of ISO Trademarks Activities in the slide section have been The title of the slide changed 2. Attendance Record 1. Attendance Record No. 128 No Sit for the PECB Exam been The title of the slide changed 1. Sit for the PECB Exam 2. Sit for the PECB Exam

26 No.130 No Certification Application 4. Applying for Certification 4. Certification Application No.131 No.124 Certification Application No.132 No Evaluation of your Application Notes section has been 4. Applying for Certification Certification Application No.133 No Certification Notes section has been No.134 No Maintaining Certification No.136 No.129 ISO Lead Implementer Training - Section 32 Closing the training Activities in the slide section have been Other ISO Trainings and Certifications No.138 No.131 Other Trainings and Certifications Other Trainings and Certifications Other Materials Task Description Comments Completed Case study should be aligned with the Case Study Update the case study new version of the course Exercises should be aligned with the Exercises Update the exercises new version of the course Correction keys should be aligned with Correction Keys Update the correction keys the new version of the course

27 Exam 01 Exam 02 Exam Preparation Guide (EPG) Candidate Handbook (CH) Course Description Other Supporting Materials (Ex. Videos, Samples) Update the exam Update the exam Update the EPG Update CH Update Course Description on the web Update other supporting materials of the course The exam should be aligned with the new version of the course The exam should be aligned with the new version of the course The EPG should be aligned with the new version of the course The CH should be aligned with the new version of the course The CD should be aligned with the new version of the course Other supporting materials should be aligned with the new version of the course N/A Comments:...