1

TRAINING CATALOGUEProfessional Evaluat ion and Cert i f icat ion Board

PECBINFORMATIONSECURITY

QUALITY MANAGEMENT

SOCIAL RESPONSIBILITY

ENVIRONMENTAL MANAGEMENT

SUPPLY CHAIN SECURITY

RISK MANAGEMENT

SERVICE MANAGEMENT

OCCUPATIONAL HEALTH & SAFETY

FOOD SAFETY

BUSINESS CONTINUITY

2

Profe

ssio

na l

Eva

luat ion and Certificati o

n B

oard

TRAINING CATALOGUEProfessional Evaluation and Certification Board

6

PECB is a personnel certification body for various standards, including ISO 9001, ISO 14001, ISO/IEC 20000, ISO 22301, ISO/IEC 27001 and ISO/IEC 27005.Our mission is to provide our clients comprehensive personnel examination and certification services. Certification represents the intersection of protection of the public, fairness to candidates, and often, various interests of the profession. Although these may appear to be competing interests, a well-designed certification program will be most effective in meeting these interests when its resources are deployed to enhance validity and reliability. The guidance that follows in our Quality Manual is intended to ensure that PECB develops, maintains and improves a high quality recognized certification program.

The purpose of PECB, as stated in its Bylaws, is to develop and promote professional standards for certification and to administer certification programs for individuals who practice in disciplines involving the audit and the implemen-tation of a compliance management system. This principal purpose includes:

1 Establishing the minimum requirements necessary to qualify certified professional

2 Reviewing and verifying the qualifications of applicants

3 Developing and maintaining reliable, valid, and current certification examinations

4 Granting certificates to qualified candidates, maintaining certificant records, and publishing a directory of the holders of valid certificates

5 Establishing requirements for the periodic renewal of certification and determining compliance with those requirements

6 Ascertaining that certificants meet ethical standards in their professional practice

7 Representing its members, where appropriate, in matters of common interest

8 Promoting the benefits of certification to employers, public officials, practitioners in related fields, and the public

Our accreditatiOn and certificatiOnsPECB is in the process of accreditation by ANSI to the ISO/IEC 17024 standard (General requirements for bodies operating certification schemes for persons)

PECB is certified to the ISO 9001:2008 standard. The scope of this certification covers all of PECB personnel certification processes, including the development and maintenance of certification schemes, examiners records management and protection, requirements for employees and certification process. This standard demonstrates PECB’s commitment to quality management and customer service.

PECB is also certified to the ISO/IEC 27001:2005 standard, the international standard for information security. The scope of this certification covers all processes, systems and technologies that support the entire certification to ensure that best security practices are consistently applied to ensure the confidentiality of all PECB applicants’ and certified individuals’ financial and personal information. PECB is the only personal certification body that is certified to both ISO 9001:2008 and ISO/IEC 27001:2005.

AbOUT

pECb

7

Adherence of professionals to PECB code of ethics is a voluntary engagement. However, if a member does not follow this code by engaging in gross misconduct, PECB membership may be terminated and certifications revoked. Not only is it important for PECB certified professionals to adhere to the principles expressed in this Code, each member should encourage and support adherence by other members.

pECB professionals will:

1 Conduct themselves professionally, with honesty, accuracy, fairness, responsibility and independence.

2 Act at all times solely in the best interest of their employer, their clients, the public, and the profession by acting in accordance with the professional standards and applicable techniques while performing professional services.

3 Maintain their competency in their respective fields and strive to constantly improve their professional skills.

4 Offer only professional services for which they are qualified to perform, and adequately inform clients and con-sumers about the nature of proposed services, including any relevant concerns or risks.

5 Inform each employer or client of any business interests or affiliations which might influence their judgment or impair their fairness.

6 Treat in a confidential and private manner information acquired during professional and business dealings of any present or former employer or client without its proper consent.

7 Comply with all laws and regulations of the jurisdictions where professional activities are conducted.

8 Respect the intellectual property and contributions of others.

9 Not intentionally communicate false or falsified information that may compromise the integrity of the evaluation process of a candidate for a professional designation.

Not act in any manner that could compromise the reputation of PECB or its certification programs for persons and will fully cooperate on the inquiry following a claimed infringement of this Code of Ethics.

pECbCOdE Of EThICs

10

8

2. prepare for the examAll certification candidates are responsible for their own study and preparation for the examination. No specific set of courses or curriculum of study is required as part of the certification process. Likewise, the completion of a recognized PECB course or program of study will significantly enhance your chance of passing a PECB certification examination. You can verify the list of recognized organizations that offer PECB official training sessions.

3. Apply and schedule the examCandidates must complete the easy and secure online application. PECB’ online application is available at www.PECB.org. Candidates will register for a password-protected account where they can then create, manage, update, and submit their application. Applicants can pay the application fees online and upload all required supporting documents to PECB. Applicants will also have the option of mailing the payment (checks) but this will result in delays of the application process.Applicants will then be able to select a date and location for their certification exam. Dates and location can be found at www.PECB.org. You must register at least fifteen (15) days before the exam date.

4. Take the examCandidates will be required to arrive at least 30 minutes before the beginning of the certification exam. Candidates arriving late will not be given additional time to compensate for the late arrival and may be denied entry to the examination room. All candidates will need to present a valid identity card such as a driver’s license to the proctor and the exam confirmation letter. The duration of the exam varies according to the type of examination taken (see description of the different exams for more details at www.PECB.org).

5. Receive your exam resultsIt takes 4 to 8 weeks for participants to receive their exam results. All results are sent via email. The examination results will not include the exact grade that you had, only a mention of pass or fail. In the case of a failure, the results will be accompanied with the list of domains in which you had a mark lower than the passing grade to provide guidance to prepare yourself to retake the exam.

6. Apply for certificationAll participants who successfully pass their certification exam (or an equivalent accepted by PECB) are entitled to apply for the PECB credentials they were examined for. Specific educational and professional requirements may be needed for you to be PECB certified. Candidates will need to fill out the online certification application form (that can be accessed via their PECB online profile), including contact details of references who will be contacted to validate the candidate’s professional experience.Once PECB will have validated that, you fulfill all certification requirements, you will be informed by e-mail of our decision and you will receive your certificate by e-mail in electronic format.

7. Maintain your certificationEvery year, PECB certified professionals would need to provide PECB with the number of hours of auditing and/or implementation related tasks they have performed with the contact details of individuals who can validate these tasks, as well as paying their yearly certification maintenance fees. In addition, PECB certified professionals need to abide to PECB’s code of ethics.

For more information, please visit the FAQ section at www.PECB.org

1. Decide which certification is right for youEach PECB certification has specific education and experience requirements. To determine which certification is right for you, verify all eligibility requirements for the different certifications and your professional needs.

PECB CErTiFiCATiON PrOCESS

infOrMatiOn securitY traininGISO/IEC 27001 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

T R A I N I N G C A T A L O G U E

12

Mastering the audit of an inforMation security ManageMent systeM(isMs) based on iso 27001

suMMary

This five-day intensive course enables participants to develop the expertise needed to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with the certification process of the ISO/IEC 27001:2005 standard. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently.

CERTIFIEd ISO 27001LEAd AUdITOR

Certification Exam

• 3 hours

Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001

• Normative, regulatory and legal framework related to information security• Fundamental principles of information security • The ISO 27001 certification process• Detailed presentation of the clauses 4 to 8 of ISO27001

Planning and Initiating an ISO 27001 audit

• Fundamental audit concepts and principles • Audit approach based on evidence and on risk• Preparation of an ISO 27001 certification audit• Documenting of an ISMS audit

Conducting an ISO 27001 audit

• Communication during the audit• Audit procedures: observation, document review, interview, sampling techniques, tech-

nical verification, corroboration and evaluation• Drafting test plans• Formulation of audit findings, drafting of nonconformity reports

Concluding and ensuring the follow-up of an ISO 27001 audit

• Audit documentation• Conducting a closing meeting and conclusion of an ISO 27001 audit• Evaluation of corrective action plans• ISO 27001 Surveillance audit and Audit management program

dURATION: 5 dAYS

pREREQUISITES

• ISO 27001 Foundation Certification or basic knowledge of ISO 27001 is recommended

whO ShOULd ATTENd?

• Internal auditors• Auditors wanting to perform

and lead ISMS certification audits

• Members of an information security team

• Technical experts wanting to prepare for an Information security audit function

This is a PECB official training course

da

y 1

da

y 2

da

y 3

da

y 4

da

y 5

course agenda

LEARNING OBjECTIVES

• To acquire expertise to perform an ISO 27001 internal audit following ISO 19011 guidelines

• To acquire expertise to perform an ISO 27001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006

• To acquire necessary expertise to manage an ISMS audit team

• To understand the operation of an ISO 27001

13

eXaM

• The “Certified ISO/IEC 27001 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certifi-cation Program (ECP). The exam covers the following competence domains:

- Domain 1: Fundamental principles and concepts of information security

- Domain 2: Information Security Management System (ISMS)

- Domain 3: Fundamental audit concepts and principles

- Domain 4: Preparation of an ISO 27001 audit

- Domain 5: Conducting an ISO 27001 audit

- Domain 6: Closing an ISO 27001 audit

- Domain 7: Managing an ISO 27001 audit program

• The “Certified ISO/IEC 27001 Lead Auditor” exam is available in different languages (the complete list of languages can be found in the examination application form)

• Duration: 3 hours

• For more information about the exam, refer to PECB section on ISO 27001 Lead Auditor Exam

certification

• After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC 27001 Provi-sional Auditor, Certified ISO/IEC 27001 Auditor or Certified ISO/IEC 27001 Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors

• A certificate will be issued to participants who successfully pass the exam and comply with all the other require-ments related to the selected credential

general inforMation

• Certification fees are included in the exam price

• A student manual containing over 450 pages of information and practical examples will be distributed to participants

• A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants

CREDENTIAL EXAMPROFES-SIONAL

EXPERIENCE

None None

Audit activities totaling

200 hours

Audit activities totaling

300 hours

NoneISO 27001Provisional

Auditor

ISO 27001Auditor

ISO 27001 Lead

Auditor

Signing the PECB

code of ethics

Signing the PECB

code of ethics

Signing the PECB

code of ethics

ISO 27001 Lead

AuditorExam

ISO 27001 Lead

AuditorExam

Two yearsOne year ofinformation

security workexperience

None

NoneFive years

Two years of information

security work experience

ISO 27001 Lead

AuditorExam

ISMS AUDITEXPERIENCE

OTHERREQUIRE-

MENTS

ISMS PROJECT

EXPERIENCE