Why choose the IT Governance Network?

Global leaders in the design and implementation of IT governance frameworks and mechanisms.

More than 10 years experience in the protection of personal information (POPIA).

Consulting services, software solutions and wide range of training available.

POPIA Compliance Framework and Monitoring System

POPI Compliance FrameworkThe Protection of Personal Information Act is technical and complex, it requires a wide range of technical and organisational measures to be implemented to protect the rights of natural and juristic persons to privacy.  To ensure compliance, the Information Regulator requires all organisations to develop and implement a compliance framework so that they can effectively monitor the protection afforded natural and juristic persons. 

A functionally rich POPIA Compliance Framework and Monitoring System supports small and large organisations effectively and efficiently achieve POPIA compliance. It enables organisations to jump start their POPIA programme by implementing an international standards-based POPIA compliance framework.   

More about the POPIA Compliace Framework and Monitoring System ...

ISO Training

Description of the COBIT 5 based Information Security Management Course

Corporate governance, cloud computing, outsourcing, mobile computing and privacy legislation all require that effective information security be implemented and administered. A COBIT 5 based information security management system (ISMS) will ensure that the information security strategy and its implementation are aligned with business needs and strategic objectives, an integrated approached to information security is adopted and capability is built in a sustainable manner.

This seminar will help participants understand how the COBIT 5 framework is used as a foundation to information security management in line with ISO 27001 and other sources of best practices.

SEMINAR OBJECTIVES

Participants will learn how to implement an information security management system and on completion of this seminar they will be able to:

  • Demonstrate an understanding of the COBT 5 and ISO 27001 specifications for Information Security Management
  • Communicate the requirements for compliance with COBIT 5 and ISO 27001
  • Plan, design and implement an information security management system
  • Use COBIT 5 processes as a foundation for information security management
  • Build capability in information security across the organisation
  • Assess the extent to which an organization adheres to the ISO 27001 specification and COBIT 5 for Information Security.

SEMINAR OUTLINE

Participants will learn through discussion and practical examples about:

  • Overview of the ISO/IEC 27001 specification
  • Overview of COBIT 5 for Information Security
  • The scope and purpose of an information security management system
  • Defining an ISMS policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s information security requirements
  • Developing and implementing an information security management system
  • Recognising current capability in information security
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's ISMS
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure and manage all ISMS processes
  • Implementing and operating controls to manage an organization's information security risks in the context of the organization’s overall business risks
  • Monitor and review the performance and effectiveness of the ISMS
  • Continual improvement based on objective measurement.

Description of the ISO 20000 Service Management Course

SEMINAR OBJECTIVES

Participants will gain an understanding of the ISO/IEC 20000 specification for Service Management. On completion of this seminar, participants will be able to:

  • Demonstrate an understanding of the ISO 20000-1 specification for Service Management in South Africa
  • Communicate the requirements for ISO 20000-1 certification 
  • Guide organizations on the preparation for ISO 20000-1 certification
  • Assess the readiness of an organization for ISO 20000-1 certification
  • Assist an organization prepare for its ISO 20000-1 compliance audit. 

Description of ISO 22301 Business Continuity Management Course

SEMINAR OBJECTIVES

Participants will gain an understanding of the ISO 22301 requirements and learn how to implement a business continuity management system. On completion of this seminar participants will be able to:

  • Demonstrate an understanding of the ISO 22301 specification for business continuity management in South Africa
  • Communicate the requirements for ISO 22301 compliance 
  • Plan the implementation of an ISO 22301 compliant business continuity management system
  • Assist an organization implement the necessary ISO 22301 processes for business continuity management
  • Assess the extent an organization adheres to the ISO 22301 specification.

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to design and implement business continuity planning in accordance with the ISO 22301 requirements for business continuity management.

This seminar includes topics about:

  • Overview of the ISO/IEC 22301 specification
  • The scope and purpose of a business continuity management system
  • Defining a business continuity policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s business continuity requirements
  • Developing and implementing a business continuity management system
  • Recognising current capability in business continuity management
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's business continuity arrangements.
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure all business continuity processes
  • Implementing and operating controls to manage an organization's business continuity risks in the context of the organization’s overall business risks;
  • Monitoring and reviewing the performance and effectiveness of the business continuity management system
  • Continual improvement based on objective measurement.
  • Essential document and records management.

Description of the ISO 15504 Capability Assessment Course

Many organizations operate without clear insight as to the drivers of their success. Consequently, improvement initiatives are not based on a solid understanding of the IT organisation or service provider’s current capability. This seminar will help participants understand and make informed decisions and provide guidance on how to use the ISO 15504 process assessment model to conduct an assessment of processes and plan process improvements.

This seminar is relevant to those responsible for initiating, implementing or maintaining IT processes in their organizations, and to senior management who are responsible and accountable for ensuring the effective performance of these IT processes across their organisations.

Description of the ISO 38500 Corporate Governance of ICT Course

The ISO 38500 Corporate Governance of ICT standard outlines the requirements for IT governance. It is a high-level document that introduces the concepts of governance for ICT. This standard provides definitions, principles and a model useful for the implementation of IT governance. 

SEMINAR OBJECTIVES

Proper corporate governance of IT assists the top level of management to ensure that IT use contributes positively to the performance of the organization, through:

  • appropriate implementation and operation of IT assets;
  • clarity of responsibility and accountability for both the use and provision of IT in achieving the goals of the organization;
  • business continuity and sustainability;
  • alignment of IT with business needs;
  • efficient allocation of resources;
  • innovation in services, markets, and business;
  • good practice in relationships with stakeholders;
  • reduction in the costs for an organization; and
  • actual realization of benefits from each IT investment.

Proper corporate governance of IT will also assist directors in assuring conformance with obligations (regulatory, legislation, contractual) concerning the acceptable use of IT. 

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to implement IT governance in accordance with the ISO 38500 specification.

This seminar will assist delegates understand the six principles for good IT governance: 

Principle 1: Responsibility

  • Individuals and groups within the organization understand and accept their responsibilities in respect of both supply of, and demand for IT. 

Principle 2: Strategy

  • The organization’s business strategy takes into account the current and future capabilities of IT; the strategic plans for IT satisfy the current and ongoing needs of the organization’s business strategy.

Principle 3: Acquisition

  • IT acquisitions are made for valid reasons, on the basis of appropriate and ongoing analysis, with clear and transparent decision making. 

Principle 4: Performance

  • IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements.

Principle 5: Conformance

  • IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced.

Principle 6: Human Behaviour

  • IT policies, practices and decisions demonstrate respect for Human Behaviour, including the current and evolving needs of all the ‘people in the process’.

Delegates will also learn more about how to integrate the implementation of ISO 38500 with other related initiatives.

Description of the ISO 31000 Risk Management Course

SEMINAR OBJECTIVES

Participants will gain an understanding of the ISO 31000 requirements and learn how to implement a risk management system. On completion of this seminar participants will be able to:

  • Demonstrate an understanding of the ISO 31000 specification for Risk Management in South Africa
  • Communicate the requirements for ISO 31000 compliance 
  • Plan the implementation of an ISO 31000 compliant management system
  • Assist an organization implement the necessary ISO 31000 process for risk management
  • Assess the extent an organization adheres to the ISO 31000 specification.

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to design and implement risk management in accordance with the ISO 31000 requirements for risk management.

This seminar includes topics about:

  • Overview of the ISO/IEC 31000 specification
  • The scope and purpose of an risk management system
  • Defining a risk management policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s risk management requirements
  • Developing and implementing a risk management system
  • Recognising current capability in risk management
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's risk management.
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure all risk management processes
  • Implementing and operating controls to manage an organization's risks in the context of the organization’s overall business risks;
  • Monitoring and reviewing the performance and effectiveness of risk management
  • Continual improvement based on objective measurement.
  • Essential document and records management.

Description of the ISO 27001 Information Security Management Course

SEMINAR OBJECTIVES

Participants will gain an understanding of the ISO 27001 requirements and learn how to implement an information security management system. On completion of this seminar participants will be able to:

  • Demonstrate an understanding of the ISO 27001 specification for Information Security Management in South Africa
  • Communicate the requirements for ISO 27001 compliance 
  • Plan the implementation of an ISO 27001 compliant management system
  • Assist an organization implement the necessary ISO 27001 process for information security management
  • Assess the extent an organization adheres to the ISO 27001 specification.

SEMINAR CONTENTS

Participants will learn through discussion and practical examples how to design and implement information security in accordance with the ISO 27001 requirements for information security management.

This seminar includes topics about:

  • Overview of the ISO/IEC 27001 specification
  • The scope and purpose of an information security management system
  • Defining an ISMS policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s information security requirements
  • Developing and implementing an information security management system
  • Recognising current capability in information security
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's ISMS.
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure all ISMS processes
  • Implementing and operating controls to manage an organization's information security risks in the context of the organization’s overall business risks;
  • Monitoring and reviewing the performance and effectiveness of the ISMS
  • Continual improvement based on objective measurement.
  • Essential document and records management.

COBIT 5 Assessor mistakes!

Common mistakes by COBIT 5 assessors.

View video

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.

Read more...

COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.

Read more...

POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.

Read more...

Go to top