Why choose the IT Governance Network?

Global leaders in the design and implementation of IT governance frameworks and mechanisms.

More than 10 years experience in the protection of personal information (POPIA).

Consulting services, software solutions and wide range of training available.

POPIA Compliance Framework and Monitoring System

POPI Compliance FrameworkThe Protection of Personal Information Act is technical and complex, it requires a wide range of technical and organisational measures to be implemented to protect the rights of natural and juristic persons to privacy.  To ensure compliance, the Information Regulator requires all organisations to develop and implement a compliance framework so that they can effectively monitor the protection afforded natural and juristic persons. 

A functionally rich POPIA Compliance Framework and Monitoring System supports small and large organisations effectively and efficiently achieve POPIA compliance. It enables organisations to jump start their POPIA programme by implementing an international standards-based POPIA compliance framework.   

More about the POPIA Compliace Framework and Monitoring System ...

Training

Description of the ISO 27001 Information Security Management Course

SEMINAR OBJECTIVES

Participants will gain an understanding of the ISO 27001 requirements and learn how to implement an information security management system. On completion of this seminar participants will be able to:

  • Demonstrate an understanding of the ISO 27001 specification for Information Security Management in South Africa
  • Communicate the requirements for ISO 27001 compliance 
  • Plan the implementation of an ISO 27001 compliant management system
  • Assist an organization implement the necessary ISO 27001 process for information security management
  • Assess the extent an organization adheres to the ISO 27001 specification.

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to design and implement information security in accordance with the ISO 27001 requirements for information security management.

This seminar includes topics about:

  • Overview of the ISO/IEC 27001 specification
  • The scope and purpose of an information security management system
  • Defining an ISMS policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s information security requirements
  • Developing and implementing an information security management system
  • Recognising current capability in information security
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's ISMS.
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure all ISMS processes
  • Implementing and operating controls to manage an organization's information security risks in the context of the organization’s overall business risks;
  • Monitoring and reviewing the performance and effectiveness of the ISMS
  • Continual improvement based on objective measurement.
  • Essential document and records management.

Description of the ISO 15504 Capability Assessment Course

Many organizations operate without clear insight as to the drivers of their success. Consequently, improvement initiatives are not based on a solid understanding of the IT organisation or service provider’s current capability. This seminar will help participants understand and make informed decisions and provide guidance on how to use the ISO 15504 process assessment model to conduct an assessment of processes and plan process improvements.

This seminar is relevant to those responsible for initiating, implementing or maintaining IT processes in their organizations, and to senior management who are responsible and accountable for ensuring the effective performance of these IT processes across their organisations.

Description of the ISO 20000 Service Management Course

SEMINAR OBJECTIVES

Participants will gain an understanding of the ISO/IEC 20000 specification for Service Management. On completion of this seminar, participants will be able to:

  • Demonstrate an understanding of the ISO 20000-1 specification for Service Management in South Africa
  • Communicate the requirements for ISO 20000-1 certification 
  • Guide organizations on the preparation for ISO 20000-1 certification
  • Assess the readiness of an organization for ISO 20000-1 certification
  • Assist an organization prepare for its ISO 20000-1 compliance audit. 

Description of the ISO 31000 Risk Management Course

SEMINAR OBJECTIVES

Participants will gain an understanding of the ISO 31000 requirements and learn how to implement a risk management system. On completion of this seminar participants will be able to:

  • Demonstrate an understanding of the ISO 31000 specification for Risk Management in South Africa
  • Communicate the requirements for ISO 31000 compliance 
  • Plan the implementation of an ISO 31000 compliant management system
  • Assist an organization implement the necessary ISO 31000 process for risk management
  • Assess the extent an organization adheres to the ISO 31000 specification.

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to design and implement risk management in accordance with the ISO 31000 requirements for risk management.

This seminar includes topics about:

  • Overview of the ISO/IEC 31000 specification
  • The scope and purpose of an risk management system
  • Defining a risk management policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s risk management requirements
  • Developing and implementing a risk management system
  • Recognising current capability in risk management
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's risk management.
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure all risk management processes
  • Implementing and operating controls to manage an organization's risks in the context of the organization’s overall business risks;
  • Monitoring and reviewing the performance and effectiveness of risk management
  • Continual improvement based on objective measurement.
  • Essential document and records management.

Description of the COBIT 5 Risk Management Course

SEMINAR OBJECTIVES

Participants will gain an understanding of the "COBIT 5 for Risk" approach to managing risk. This approach focuses on establishing a risk function and building a risk management process. 

On completion of this seminar, participants will be able to:

  • Demonstrate an understanding of the Risk Function and Risk Management perspectives
  • Communicate how the COBIT 5 Enablers contribute the Risk Function perspective
    • Process aspects that impact risk management
    • Information flows
    • Organisational structures
  • Communicate how the COBIT 5 processes EDM 3 Governance of Risk and APO 12 Manage Risk establish an effective risk management capability.

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to establish a Risk Management function and implement the process and practices necessary for an integrated approach to effectively managing risk.

This seminar includes topics about:

  • Overview of COBIT 5 for Risk
  • The scope of risk management
  • An integrated process approach to managing risks
  • COBIT 5 process EDM 3 Governance of Risk
  • COBIT 5 process APO 12 Manage Risk
  • Comparison with ISO/IEC 31000, the international standard for risk management.

The IT Governance Network (ITGN) is a leading provider of corporate governance, technology and information governance, IT management, service management, service orientated architecture, risk management, information security, BCP management, internal control, King IV, POPI, information governance, compliance governance, ISO 9001, ISO 14001, ISO 19600, ISO 20000 ISO 21500, ISO 22301, ISO 27001, ISO 30301, ISO 31000, ISO 38500, ISO 45001, CISA, CISM, CGEIT and IT process training. These information and related technology courses have been presented to a wide audience across the globe for over twenty years. The ITGN has also developed and presented fundamental, advanced and specialised COBIT training since 1997 covering topics such as LEAN IT, a sustainable approach to information security management and service orientated governance.

King IV Technology and Information Governance 

King IV is the latest corporate governance guidance for South Africa.  The King IV Principle 4.2 recommends 19 practices for the governance of technology and information that align with governance principles and governance outcomes.

"Technology and Information Governance" provide further guidance for governing bodies.

Read more about King IV TI Governance course

King IV Compliance Governance 

King IV is the latest corporate governance guidance for South Africa.

"Compliance Governance" provide further guidance for governing bodies.

Read about King IV Compliance Governance courses

Protection of Personal Information: Complying with the Act 

The Protection of Personal Information Act is South Africa's most technical and complex legislation. This general course is available for executives, management and staff interested in obtaining an understanding of the requirements.

A separate certification exam is available - Certified Personal Information officer.

Read more about POPI - Complying with the Act

Protection of Personal Information: Impact on HR

The Protection of Personal Information Act has a significant impact on the human resources function. This specialist training is available for human resources personnel, management and executives. This course highlights specific HR issues.

A separate certification exam is available - Certified Personal Information officer.

Read more about POPI Impact on HR

COBIT 5 Foundation 

The official COBIT 5 Foundation course is an entry level course developed by APMG (a training/examination company). This course covers the most basic elements of the COBIT 5 framework. It introduces some of the COBIT 5 framework concepts and provides delegates with an understanding of the terminology and the basic components for governance, management and IT operations. COBIT 5 is appropriate for enterprises of all sizes, commercial, not-for-profit and public sector. However its implementation will vary across organisations.

This course is best suited for IT and COBIT novices. ITGN will supplement the official course material with practical examples to demonstrate the full potential of COBIT 5. A certification exam is available.

Read more about the Foundation course

COBIT 5 Implementation

The official COBIT 5 Implementation course is a basic level course developed by APMG to introduce the ISACA approach for "change enablement" using a programme described in the ISACA "COBIT 5 Implementation Guide". This course is best suited for people who wish to better understand the steps required to manage a GRC implementation and maintenance programme. Attendees of this course will learn about the Programme Management life-cycle, how it enables change and continuous improvement, and how to analyse the enterprise drivers, prioritise business requirements and identify opportunities for GRC improvements to add value to the business.

A pre-requisite for this course is success in passing the COBIT 5  Foundation exam. A certification exam for the COBIT 5 Implementation course is available.

Read more about the Implementation course

COBIT 5 Assessor

The official COBIT 5 Assessor course is a basic level course developed by APMG to introduce the ISACA approach to conducting capability assessments. This approach is loosely based on the ISO 15504 process assessment standard. In the official course attendees will learn about the basic steps an assessor should perform when conducting an assessment. At the end of this course attendees can take the certification exam on this content. To complement the official APMG course, ITGN will provide course attendees with a more detailed understanding of how to apply ISO 15504 to define a COBIT 5 process and plan improvements in the current level of capability. (Note that this additional content not part of the official course.)

A pre-requisite for this course is success in passing the COBIT 5  Foundation exam. A certification exam for the COBIT 5 Assessor course is available.

Read more about the Assessor course

COBIT 5 for Information Security

COBIT 5 provides an excellent foundation for the effective and efficient management of information security. This intermediate-level ITGN course provides attendees with an understanding of how to manage information security in accordance with the ISO 27001 specification for information security management systems.

Almost every IT and business process has an aspect that impacts information security or is impacted by information security measures. Consequently, effective information security requires an integrated approach to management and an understanding of how the information security strategy and its implementation are aligned with the business' needs and its strategic objectives. 

Central to good security is clarity about the responsibilities of managers for their respective areas of accountability. COBIT clarifies this.

Read more about COBIT and Information Security

ISO 27001 Lead Implementer

ISO/IEC 27001:2013 is an international information security management system standard for a formal approach to designing and implementing information security measures in accordance with an organisation's need for information security. This intermediate-level ITGN course provides attendees with an understanding of the integrated approach specified in the ISO 27001 model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security in accordance with an organisation's business needs and strategic objectives. 

Read more about ISO 27001 Lead Implementer

ISO 27001 Lead Auditor

The formal evaluation of an organisation's information security management system is performed using the ISO 19011 auditing standard which outlines the audit process to be followed when evaluating the implementation of an information security management against the ISO/IEC 27001:2013 specification. This intermediate-level ITGN course covers the approach to be followed in conducting an audit of an information security management system. It provides auditors of the ISMS with a road map to follow when performing an audit of an ISO 27001 ISMS implementation.

Read more about ISO 27001 Lead Auditor

ISO 31000 Risk Management

This ISO 31000 Risk Management course provides delegates with an understanding of the ISO 31000 approach and specification for risk management. Attendees will gain an understanding of the nature of risk management activities, the scope and the integrated processes required to effectively and efficiently manage risk and measure performance of the Risk Management function.

Read more about ISO 31000

ISO 38500 - Governance for ICT

The ISO 38500 Corporate Governance for ICT course provides attendees with an understanding of IT governance and its implementation based on the six principles and governance model. Included in this course is the design and implementation of an IT governance framework, the development of an IT governance policy, and IT governance charter and the key processes. 

Read more about ISO 38500 

Description of the COBIT 5 Assurance Course

SEMINAR OBJECTIVES

Provide an understanding of the "COBIT 5 for Assurance" approach to delivering assurance, including: 

  • What is assurance?
  • How do the COBIT 5 enablers relate to providing assurance?
  • How do I set up and maintain an efficient assurance function?
  • How does COBIT 5 help me to provide assurance?
  • What does a COBIT 5-based audit/assurance programme look like?
  • Are there any examples of COBIT 5-based audit/assurance programmes? - Yes
  • Does COBIT 5 align with assurance standards? - Yes
  • Does COBIT 5 for Assurance include detailed instructions on how to perform an assessment? - No 

On completion of this seminar, participants will be able to:

  • Demonstrate an understanding of the Assurance Function and Assurance Process perspectives
  • Communicate how the COBIT 5 Enablers contribute the Assurance Function perspective
    • Process aspects that impact assurance
    • Information flows
    • Organisational structures
    • Policies, principles and practices.

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to establish an Assurance function and implement the process and practices necessary for an integrated approach to effectively providing assurance.

This seminar includes topics about:

  • How the COBIT 5 principles can be applied to assurance activities
  • Using COBIT 5 enablers for governing and managing assurance
  • Providing assurance over COBIT 5 enablers.

COBIT 5 Assessor mistakes!

Common mistakes by COBIT 5 assessors.

View video

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.

Read more...

COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.

Read more...

POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.

Read more...

Go to top