Practical Compliance Management for GRC Professionals, Practical Compliance Management for GRC Professionals.
Course Description
This course is for people who need to develop and gain the relevant practical hands-on experiences to apply for a role in GRC. For example compliance management.
The course is divided into two sections as follows:
SECTION 1-Fundamentals
- Understand the principles of governance, risk management, and compliance (GRC).
- Identify and assess risks to an organization’s compliance with regulations and standards.
- Develop and implement a compliance management program.
- Monitor and evaluate the effectiveness of the compliance management program.
Course Outline
- Module 1: Introduction to GRC
- What is GRC?
- The importance of GRC
- The benefits of GRC
- The challenges of GRC
- Module 2: Risk Management
- What is risk management?
- The risk management process
- Identifying risks
- Assessing risks
- Treating risks
- Module 3: Compliance Management
- What is compliance management?
- The compliance management process
- Identifying regulations and standards
- Assessing compliance risks
- Developing and implementing a compliance program
- Module 4: Monitoring and Evaluation
- Monitoring compliance
- Evaluating the effectiveness of the compliance program
- Continuous improvement
- SECTION 2-PRACTICAL HANDS-ON ACTIVITIES
Student will be introduced to a real-live platform environment that will allow them to practice all of the below GRC activities to develop their practical experience. This consists of approximately 10 hours of lab guided exercises.
1. –Compliance Management- Learn how to certify and manage a ISO 27001, PCI-DSS, NIST, SOC2, etc. program
2. –Risk Management-Learn how to implement Asset, Third Party and Business Risk Management
3. –Data Protection Program-Learn how to implement ad operate a data protection program
4. –Internal Controls & Audits– Record your internal controls and their audit records
5. –Policy Management- record your policies, procedures, standards etc., and manage their reviews
6. –Incident Management– Record and manage security incidents lifecycle in one place
7. –Asset Management– Define and review assets primarily used in Risks and Data Protection programs
8. –Project Management– Manage proactive and reactive improvements to your GRC program
9. –Exception Management– Record and manage risks, compliance and policy exceptions lifecycle
10. –Business Continuity Plans
