Why choose the IT Governance Network?

Global leaders in the design and implementation of IT governance frameworks and mechanisms.

More than 10 years experience in the protection of personal information (POPIA).

Consulting services, software solutions and wide range of training available.

POPIA Compliance Framework and Monitoring System

POPI Compliance FrameworkThe Protection of Personal Information Act is technical and complex, it requires a wide range of technical and organisational measures to be implemented to protect the rights of natural and juristic persons to privacy.  To ensure compliance, the Information Regulator requires all organisations to develop and implement a compliance framework so that they can effectively monitor the protection afforded natural and juristic persons. 

A functionally rich POPIA Compliance Framework and Monitoring System supports small and large organisations effectively and efficiently achieve POPIA compliance. It enables organisations to jump start their POPIA programme by implementing an international standards-based POPIA compliance framework.   

More about the POPIA Compliace Framework and Monitoring System ...

Training

Description of the Corporate Governance of ICT course

The Corporate Governance of ICT Policy Framework is based on principles found in the King III Code, ISO/IEC 38500 and COBIT 5. It stipulates certain governance practices for a government entity's Executive Authority, the Head of Department, the Risk and Audit Committee, and the Executive Management. The policy framework also outlines the implementation approach to be used, and sets out the high-level activities in a three phased approach.

This seminar provides delegates with a clear understanding of the overall policy framework and the relevant sections of the King III Code, ISO/IEC 38500 and COBIT 5.

After attending this seminar delegates will understand the implementation approach to be used and the high-level activities of the three phased approach.

SEMINAR OBJECTIVES

The purpose of this seminar is to assist participants understand how to implement the Corporate Governance of ICT Policy Framework and specifically address the requirements of the three phases.

On completion of this seminar, participants will be able to:

  • Demonstrate an understanding of Corporate Governance of ICT policy framework
  • Articulate how King III, ISO/IEC 38500 and COBIT 5 fulfill the requirements for the Corporate Governance of ICT
  • Assist the Executive Authority and HoD fulfil their governance responsibilities and Executive Management fulfil their responsibilities to implement and manage ICT
  • Develop an ICT Governance framework
  • Design and implement a management system for IT
  • Design and implement the core processes and components of the Framework using COBIT 5.

SEMINAR CONTENTS

The role and responsibilities of the Executive Authority, Head of Department and Executive Management for the implementation of an ICT Policy Framework.

The key sources that have influenced the development of the Policy Framework:

  • Public Service Act and Regulations (as amended)
  • Public Finance Management Act
  • State IT Agency Act and Regulations (as amended)
  • The Corporate Governance of ICT Policy Framework
  • CGICT Assessment Standard
  • COBIT 5 Processes: EDM1, APO1, APO2, DSS1 and MEA1.

An overview of the Corporate Governance in the Public Sector, Corporate Governance of ICT in the Public Sector, the Objectives, the Principles, the Corporate Governance of ICT Practices, and the Enabling Structures, including:

  • Implementation of an ICT governance framework (based on King III, ISO 38500 and COBIT 5)
  • Creating an accountability framework and defining roles and responsibilities
  • Implementing the Policy Framework and drafting effective IT policies
  • Developing an ICT Governance Charter
  • Implementing an effective management system
  • Integrating processes and institutionalising capability
  • Aligning IT operations with organisational goals and strategic objectives
  • Creating value, optimising risk management and resource usage
  • Managing risks, implementing a system of internal controls and ensuring regulatory compliance.

Free preview of the COBIT 5 Assessor course online.

View SEMINAR SCHEDULE on top menu for course dates.

ISACA has introduced the COBIT 5 Assessor course and exam for individuals to learn and understand how an assessor should conduct COBIT 5 process capability assessment using the COBIT 5 Assessor Guide and COBIT 5 Self-Assessment Guide.

As the scope of the APMG Assessor course does not include the process definition and actual capability development,  the ITGN has extended the learning experience with examples of process definition and capability improvement based on ISO 15504.

The COBIT 5 Foundation course and exam is the entry point to become familiar with the COBIT terminology. Candidates who have passed the COBIT 5 Foundation exam can register for the COBIT 5 Assessor course and exam to learn how to undertake a process capability assessment using COBIT 5.

SEMINAR OBJECTIVES

The official COBIT 5 Assessor course will provide participants with an understanding of the key issues an assessor should be aware of when organising and executing a COBIT 5 capability assessment. At the end of the course attendees will be able to:

  • Identify and assess the roles and their responsibilities regarding the assessment process
  • Organise an assessment team to conduct an assessment
  • Determine the requirements for conducting an assessment
  • Perform and assess the 7 steps outlined in the Assessor Guide to initiate, plan, coordinate and complete a process assessment
  • Conduct a process capability assessment in accordance with the COBIT 5 Assessor Guide requirements.

In addition, through examples provided by the ITGN, candidates will learn about:

  • Process definition
  • Capability improvement.

SEMINAR OUTLINE

Participants will learn through discussion and practical examples about:

  • Introduction to the Assessment Programme
  • Overview of Process Assessment Model
  • Roles and Responsibilities of the Assessment team and other Participants
  • Initiation – recommended steps
  • Scoping – selecting processes
  • Planning and briefing of the Team
  • Data Collection – “instances”, evidence, records
  • Data validation and dealing with Deficiencies
  • Process Attribute Rating
  • Reporting the Assessment results
  • Performing a Self-Assessment
  • Exam Preparation</li>
  • Certification Requirements and Registration with ISACA.

Successfully take the COBIT 5 Assessor exam!

 

Why choose an IT Governance Network course?

The IT Governance Network's trainers have extensive knowledge and experience with the protection of personal information. Some members of staff are active Information Officers for clients and have been advising on the measures necessary to satisfy the requirements of the Protection of Personal Information Act for a number of years. Other staff participated in the Parliamentary discussions that resulted in the legislation.

    

COURSES

General and specialist courses address various aspects of the lawful processing of personal information. Courses are available in-house, open to the public and online. 

POPI: Complying with the Act

The Protection of Personal Information Act requires all public and private bodies to process personal information in accordance with the conditions for the lawful processing of personal information. In most organisations personal information is ubiquitous and the risk of not processing personal information is high.

This course provides the attendee with an understanding of the key requirements of the Act and a road map to address the requirements and manage the risk.

POPI: Impact on HR 

The processing of personal information with the human resources function presents many challenges for those responsible. Currently the misuse of personal information within HR is widespread making many organisations vulnerable to complains from unsuccessful job applicants and employees.

This course includes topics about processing personal information within the human resources function. Practical examples illustrate what is acceptable and what is unlawful.

POPI: Role of Information Officers 

Information officers have a significant role in overseeing the protection of personal information and can be personally liable in some instances where they do not fulfil their responsibilities.

This course will assist attendees understand the role and responsibilities of the information officer in encouraging a public or private body complying with the requirements for the lawful processing of personal information, handle personal information requests and respond to interferences.

POPI: Obligations of responsible Parties 

It is the responsibility of the “Responsible Parties” identified by the CEO and listed in the PAIA manual to ensure that personal information is processed lawfully and in a reasonable manner that does not infringe the constitutional rights of individuals to privacy.

This seminar informs heads of public bodies, CEO’s of private bodies and the business leaders identified as “responsible parties” about their role and responsibilities for processing personal information lawfully.

POPI: Security using ISO 27001 

The Protection of Personal Information Act requires all organisations to implement the necessary safeguards to protect personal information according to generally accepted information security practices and procedures.

This course provides attendees with an understanding of the approach required to identify and implement the necessary safeguards to protect the processing of personal information using ISO 27001, the international generally accepted standard for information security.

POPI: Requirements for ERP Systems

Enterprise Resource Planning (ERP) systems process a wide variety of business information, including many types of personal information. ERP systems have many features that can assist responsible parties protect personal information. Omitting to use the available features could be a problem when non-compliance is reported to the Information Regulator.

This course provides attendees with an understanding of the privacy-related issues that will need attention in ERP systems.

POPI: Auditing Readiness and the Programme

The Protection of Personal Information Act is technical and complex. It has numerous requirements that impact just about everyone within an organisation, it’s customers, suppliers and service providers.

This seminar includes topics about:

  • Which aspects of POPI are important to auditors
  • How auditors should plan their approach
  • Conducting an audit of the organisation’s POPI programme.

 

SCHEDULE

View the latest Protection of Personal Information training schedule on the top menu - SEMINAR SCHEDULE. 

Description of the COBIT 5 based Information Security Management Course

Corporate governance, cloud computing, outsourcing, mobile computing and privacy legislation all require that effective information security be implemented and administered. A COBIT 5 based information security management system (ISMS) will ensure that the information security strategy and its implementation are aligned with business needs and strategic objectives, an integrated approached to information security is adopted and capability is built in a sustainable manner.

This seminar will help participants understand how the COBIT 5 framework is used as a foundation to information security management in line with ISO 27001 and other sources of best practices.

SEMINAR OBJECTIVES

Participants will learn how to implement an information security management system and on completion of this seminar they will be able to:

  • Demonstrate an understanding of the COBT 5 and ISO 27001 specifications for Information Security Management
  • Communicate the requirements for compliance with COBIT 5 and ISO 27001
  • Plan, design and implement an information security management system
  • Use COBIT 5 processes as a foundation for information security management
  • Build capability in information security across the organisation
  • Assess the extent to which an organization adheres to the ISO 27001 specification and COBIT 5 for Information Security.

SEMINAR OUTLINE

Participants will learn through discussion and practical examples about:

  • Overview of the ISO/IEC 27001 specification
  • Overview of COBIT 5 for Information Security
  • The scope and purpose of an information security management system
  • Defining an ISMS policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s information security requirements
  • Developing and implementing an information security management system
  • Recognising current capability in information security
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's ISMS
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure and manage all ISMS processes
  • Implementing and operating controls to manage an organization's information security risks in the context of the organization’s overall business risks
  • Monitor and review the performance and effectiveness of the ISMS
  • Continual improvement based on objective measurement.

Description of the COBIT 5 Implementation Course

ISACA has introduced the COBIT 5 Implementation course and exam for organisations to identify who is competent to implement COBIT 5 using the ISACA approach for enabling change through a programme designed to enable change and manage continuous improvement.

The COBIT 5 Foundation course and exam is the entry point. Only candidates who have passed the COBIT 5 Foundation exam may register for the COBIT 5 Implementation exam.

SEMINAR OBJECTIVES

Participants will obtain an understanding of the of the key aspects of "Change Enablement" using the COBT 5 Implementation Guide and be able to: 

  • Analyse the enterprise drivers for change in IT
  • Identify the implementation challenges, root causes & success factors
  • Assess current process capability (As Is)
  • Determine target process capability (To Be)
  • Scope and plan improvements
  • Consider practical implementation factors
  • Identify and avoid potential pitfalls
  • Leverage the latest good practices
  • Apply the COBIT 5 continual improvement life-cycle approach to address these requirements and establish and maintain a sustainable approach to governing and managing enterprise IT as “normal business practice”.

 SEMINAR OUTLINE

Participants will learn through discussion and practical examples about:

  • Analysing the enterprise drivers, prioritising business requirements and identifying opportunities for improvements in IT to add value to the business in alignment with strategic objectives
  • Recognising the implementation challenges, root causes and success factors to enable change
  • Avoiding potential implementation pitfalls by leveraging good practice and avoiding poor strategies.
  • Selecting the most appropriate approach to implementing GRC, addressing information technology related pain points and building IT capability 
  • Resourcing strategies for the implementation team
  • Scoping and planning improvements
  • The phases of the Programme Management life-cycle
  • The phases of the Change Enablement life-cycle
  • The phases of the Continuous Improvement life-cycle.

Take the COBIT 5 Implementation Exam!

Description of ISO 22301 Business Continuity Management Course

SEMINAR OBJECTIVES

Participants will gain an understanding of the ISO 22301 requirements and learn how to implement a business continuity management system. On completion of this seminar participants will be able to:

  • Demonstrate an understanding of the ISO 22301 specification for business continuity management in South Africa
  • Communicate the requirements for ISO 22301 compliance 
  • Plan the implementation of an ISO 22301 compliant business continuity management system
  • Assist an organization implement the necessary ISO 22301 processes for business continuity management
  • Assess the extent an organization adheres to the ISO 22301 specification.

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to design and implement business continuity planning in accordance with the ISO 22301 requirements for business continuity management.

This seminar includes topics about:

  • Overview of the ISO/IEC 22301 specification
  • The scope and purpose of a business continuity management system
  • Defining a business continuity policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s business continuity requirements
  • Developing and implementing a business continuity management system
  • Recognising current capability in business continuity management
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's business continuity arrangements.
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure all business continuity processes
  • Implementing and operating controls to manage an organization's business continuity risks in the context of the organization’s overall business risks;
  • Monitoring and reviewing the performance and effectiveness of the business continuity management system
  • Continual improvement based on objective measurement.
  • Essential document and records management.

The IT Governance Network is the global leader in providing COBIT 5 training. Since its first training course in 1998, delegates from around the world have received training that covers:

  • COBIT for Assurance
  • COBIT for Application Controls
  • COBIT for General Controls
  • COBIT for Information Security Management
  • COBIT and ISO 27001
  • COBIT and IT Governance
  • COBIT and Risk Management
  • COBIT and ISO 31000
  • COBIT and Enterprise Architecture
  • COBIT and Service Management
  • COBIT and ISO 20000
  • COBIT and Performance Management
  • COBIT and Process Capability Assessment
  • COBIT and Quality Management.

Description of the ISO 38500 Corporate Governance of ICT Course

The ISO 38500 Corporate Governance of ICT standard outlines the requirements for IT governance. It is a high-level document that introduces the concepts of governance for ICT. This standard provides definitions, principles and a model useful for the implementation of IT governance. 

SEMINAR OBJECTIVES

Proper corporate governance of IT assists the top level of management to ensure that IT use contributes positively to the performance of the organization, through:

  • appropriate implementation and operation of IT assets;
  • clarity of responsibility and accountability for both the use and provision of IT in achieving the goals of the organization;
  • business continuity and sustainability;
  • alignment of IT with business needs;
  • efficient allocation of resources;
  • innovation in services, markets, and business;
  • good practice in relationships with stakeholders;
  • reduction in the costs for an organization; and
  • actual realization of benefits from each IT investment.

Proper corporate governance of IT will also assist directors in assuring conformance with obligations (regulatory, legislation, contractual) concerning the acceptable use of IT. 

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to implement IT governance in accordance with the ISO 38500 specification.

This seminar will assist delegates understand the six principles for good IT governance: 

Principle 1: Responsibility

  • Individuals and groups within the organization understand and accept their responsibilities in respect of both supply of, and demand for IT. 

Principle 2: Strategy

  • The organization’s business strategy takes into account the current and future capabilities of IT; the strategic plans for IT satisfy the current and ongoing needs of the organization’s business strategy.

Principle 3: Acquisition

  • IT acquisitions are made for valid reasons, on the basis of appropriate and ongoing analysis, with clear and transparent decision making. 

Principle 4: Performance

  • IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements.

Principle 5: Conformance

  • IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced.

Principle 6: Human Behaviour

  • IT policies, practices and decisions demonstrate respect for Human Behaviour, including the current and evolving needs of all the ‘people in the process’.

Delegates will also learn more about how to integrate the implementation of ISO 38500 with other related initiatives.

Description of the COBIT 5 Foundation Course

This course provides an introduction to COBIT 5, ISACA’s latest business framework for the governance, management and operation of IT across an enterprise. It prepares candidates for the COBIT 5 Foundation exam taken at the end of the course. With an understanding of the COBIT 5 Framework, delegates will be able to identify and understand how to make use the COBIT 5 components in their business operations.

This course is recommended for IT personnel working in IT governance, management, operations, enterprise architecture, information security, compliance, assurance and audit who would like to pass the COBIT 5 FOUNDATION exam.

SEMINAR OBJECTIVES

Participants will obtain a good understanding of the COBIT 5 Framework and thereafter they will be able to: 

  • Articulate the key features of the COBIT 5 Framework
  • Describe the differences between COBIT 4.1 and COBIT 5
  • Explain the benefits of using COBIT 5.
  • Understand the difference between governance, management and operational processes
  • Understand the COBIT 5 basic Principles 
  • Implement the COBIT 5 Enablers, including cascading goals and identify relevant processes
  • Use the seven governance and management enablers to build capability following the COBIT 5 Process Assessment Methodology
  • Use COBIT 5 for managing risk and implementing internal controls
  • Use COBIT 5 for assurance purposes
  • Pass the COBIT 5 FOUNDATION exam.

 SEMINAR OUTLINE

Participants will review COBIT 5 sufficiently well to be able to pass the COBIT 5 FOUNDATION Exam.

Module 1: Overview of COBIT 5

  • Section 1: The business case for COBIT 5
  • Section 2: The business application

Module 2: The differences between COBIT 4.1 to COBIT 5

  • Section 1: From a Process Model to a Governance Model
  • Section 2: Narrative descriptions to Process Diagrams
  • Section 3: From COBIT 4.1 Management Guidelines to COBIT 5 Enabling Processes and Capability Assessment

Module 3: Understanding the COBIT 5 Principles

  • Section 1: Meeting Stakeholder needs
  • Section 2: Covering the enterprise end-to-end
  • Section 3: Applying a single integrated framework
  • Section 4: Enabling a holistic approach
  • Section 5: Separating Governance from Management

Module 4: COBIT 5 Implementation Guidance

  • Section 1: Designing COBIT 5 Governance Practices
  • Section 2: Implementing a COBIT 5 Management System
  • Section 3: Building a set of integrated COBIT 5 processes

Module 5: The COBIT 5 Process Capability Model

  • Section 1: Differences between COBIT 4.1 Maturity Model and the COBIT 5 Process Capability Model
  • Section 2: Building sufficient capability
  • Section 3: Performing a Process Capability Assessment (including a practical demonstration)

Module 6: Understand COBIT 5 for Risk and COBIT 5 for Assurance

  • Section 1: Articulate the key features of COBIT 5 for Risk
  • Section 2: Understand the core aspects of COBIT 5 for Assurance.

Take the Exam!

KING IV - Information and Technology Governance Course

King IVTM defines a framework for technology and information governance aimed at supporting an organisation’s governing body to govern in a way that supports the organisation in defining its core purpose and to set and achieve its strategic objectives.

Today, more than ever, organisations are required to contend with increasingly dynamic and demanding external and internal environments by making good corporate governance accessible and fit for application through the adoption of governance practices suitable to the organisation and able to sustain value creation.

COBIT 5 Assessor mistakes!

Common mistakes by COBIT 5 assessors.

View video

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.

Read more...

COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.

Read more...

POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.

Read more...

Go to top