Data Protection 27701 Lead Auditor – ISO 27701 formação

Introdução

This course is available to be delivered in a classroom and Live-Training model.
Live Training brings you the dynamic environment of the classroom, to your desk. Using your computer, you interact with the trainer and the trainees as if you were with them in the classroom.

Click to learn how > Live Online Training works < This course enables participants to develop the necessary expertise to audit a Data Protection Management System (DPMS) based on ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27701 (or PIMS), in compliance with the specified requirements of REGULATION (EU) 2016/679 (GDPR) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

Participants will learn the fundamental concepts and principles of privacy and data protection and an overview and comparison of the main Privacy and Data protection EU and related frameworks, including, the OECD Privacy Framework, the Australian Privacy Management Framework, the ISO 27701 & ISO 29001 Privacy Frameworks for PII, the Canada Privacy legislation, the US Data Privacy legislation, the APEC Privacy Framework and, in detail, the EU Data Protection Framework (GDPR).

During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with the certification criteria as defined on: General Data Protection Regulation (2016/679), Articles 42 and 43; European Data Protection Board (EDPB) guidelines; and, ISO/IEC 17065, ISO 19011 and ISO/IEC 17021 standards. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.

This 5-day course prepares the participants for the Behaviour Data Protection Lead Auditor (DPLA) certification. This certification is aligned with ISO/IEC 17024 and therefore valid at international level.

Metodologia

The DPLA training course is based on both theory and practice sessions with:

• Lectures illustrated with examples based on real cases
• Practical exercises based on a full case study including role-plays and oral presentations
• Review exercises that assist in preparation to the certification exam.

To benefit from the practical exercises, the number of training participants is limited.

Destinatários

• Internal auditors
• Auditors wanting to perform and lead certification audits of Data Protection Management Systems (DPMS) based on GDPR
• Project managers, consultants, and designated DPO’s for public organizations or by private companies wanting to master the audit process of Data Protection Management Systems (DPMS) based on GDPR
• Privacy and data protection consultants and/or auditors involved or supporting organizations on the compliance with EU data protection requirements
• CxO and Senior Managers responsible for the governance of an enterprise and the management of its data protection risks
• Members of information security and/or data protection teams
• Expert advisors in privacy, data protection and information security
• Technical experts wanting to prepare for a Data Protection or Information security audit function
• Any professional wanting to acquire the necessary skills to audit an EU GDPR based Data Protection Management System
(DPMS)

Pré-Requisitos

Participants should understand English as the course documentation is in this language.

Duração (dias)

5 days

Objectivos Gerais

At the end of the course students should be able to:

• Identify and know how to apply the main privacy and data protection concepts and terminology
• Understand the main privacy and data protection frameworks, including the details of EU GDPR regulation and the foundations of related data protection frameworks
• Understand the roles and responsibilities of the several stakeholders, including the DPO, on the compliance of the GDPR and their involvement on the audit and certification process
• Acquire the expertise to perform an DPMS (or, PIMS) GDPR internal audit following ISO 19011 guidelines
• Acquire the expertise to perform an DPMS (or, PIMS) GDPR certification audit following ISO 19011 guidelines, EDPB guidelines and the specifications of ISO/IEC 17065 and ISO/IEC 17021
• Acquire the necessary expertise to manage an DPMS (or, PIMS) GDPR audit team
• Understand the operation of an GDPR conformant data protection management system
• Understand the relationship between a Data Protection Management System, including risk management supported by data protection impact assessments (DPIA), controls and compliance with the requirements of GDPR and the different stakeholders of the organization
• Improve the ability to analyse the internal and external environment of an organization, its risk assessment / DPIA and audit decision-making
• Acquire the knowledge needed to succeed on the BEHAVIOUR DPLA exam and become a Certified Data Protection Lead Auditor (DPLA) professional

Programa

1. Day 1: Introduction to privacy and data protection concepts and principles; Privacy and data protection frameworks; Introduction to GDPR the EU data protection framework.
   • Course objectives and structure
   • Fundamental concepts and principles of privacy and data protection
   • Certification process
   • Data protection roles and responsibilities
   • Privacy and data protection EU and related frameworks
   • EU data protection revision drivers and benefits
   
   
2. Day 2: EU data protection legislative framework; Audit concepts and principles.
   • EU GDPR principles for data processing
   • EU data protection for individuals
   • EU data protection for organizations
   • EU data protection and data transfers outside the EU
   • EU data protection bodies
   • Fundamental audit concepts and principles
   
   
3. Day 3: Preparation and launching of an audit; On-site audit activities
   • Audit approach based on evidence and on risk
   • Initiating the audit
   • Stage 1 documentation audit
   • Preparing the stage 2 audit (on-site audit)
   • Stage 2 onsite audit
   • Communication during the audit
   • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
   
   
4. Day 4: Concluding the On-site audit activities and Closing the audit
   • Audit test plans
   • Audit findings and drafting non-conformity reports
   • Audit documentation and quality review
   • Conducting the closing meeting and closing the audit
   • Evaluating of action plans by the auditor
   • Beyond the initial audit
   • Managing an internal audit programme
   
   
5. Day 5: Data Protection Lead Auditor (DPLA) exam

Exame

The “Data Protection Lead Auditor” exam fully covers the following competence domains:

• Domain 1: Concepts and principles of privacy and data protection
• Domain 2: EU GDPR and related data protection frameworks
• Domain 3: Fundamental audit concepts and principles
• Domain 4: Preparation of an GDPR audit
• Domain 5: Conducting an GDPR audit
• Domain 6: Closing an GDPR audit
• Domain 7: Managing an GDPR audit program

The “Data Protection Lead Auditor” exam is available in Portuguese and English language.
Duration: 3,5 hours, passing score 70%.
Exam available on-site and online.
This is a two parts exam, with part one being a 40 multiple choice questions (1 hour, closed book) and part two with 10 essay questions (2,5 hours, open book, i.e. the participants can use all the documentation provided during the course).
The exam result is sent via email to the candidate within two months after the examination, being the exam result graduated in qualitative note: “Pass or Fail”.
In the case of a failure, the result will be accompanied with the list of domains in which you had a mark lower than the passing grade.

If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

Certificação

Data Protection Lead Auditor (DPLA)

After successfully completing the exam, participants can apply to one of the certification levels: "Data Protection Provisional Auditor", "Data Protection Auditor" or "Data Protection Lead Auditor", depending on their level of experience.
These credentials are available for internal and external auditors.
A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. Data Protection Lead Auditor is a certification program aligned with ISO/IEC 17024 standard.

Requirements for “Auditor” certification:

Certification	Exam	Professional Experience	Privacy and Data Protection Audit Experience	Privacy and Data Protection Project Experience
Data Protection Associate Auditor	DPLA Exam	None	None	None
Data Protection Auditor	DPLA Exam	2 years 1 year of privacy or data protection work experience	Audit activities totalling 200 hours	None
Data Protection Lead Auditor	DPLA Exam	5 years 2 year of privacy or data protection work experience	Audit activities totalling 300 hours	None

Formador

Our experts are consultants and auditors, with several years of experience in the areas of implementation, auditing and training in various international standards.

Informações Gerais

FORMAÇÃO PRESENCIAL

• Formação em regime presencial na língua portuguesa ou inglesa.
• Recursos materiais da formação em Inglês.
• Metodologia prática de auditoria passo-a-passo.
• Certificado de Frequência de Formação Behaviour com 32 créditos CPD/CPE.
• Exame de Certificação em Inglês e Português.
• Diploma digital de Certificação e Insígnia digital de Certificação, após sucesso no exame e conclusão do processo de candidatura. Este registo não tem qualquer custo associado.
• Se o candidato não for aprovado no exame, tem o direito a uma nova tentativa gratuita dentro de um período máximo de 12 meses, a contar da data do exame inicial.
• Coffee-break da manhã e da tarde (aplica-se para todas as formações de decorram nas instalações da Behaviour).

FORMAÇÃO LIVE ONLINE TRAINING

• Formação na língua portuguesa ou inglesa.
• Recursos materiais da formação online e em Inglês, com acesso online.
• Metodologia prática de auditoria passo-a-passo.
• Certificado digital de Frequência de Formação Behaviour com 32 créditos CPD/CPE.
• Exame de Certificação online, em Português e Inglês. O exame pode ser realizado até 3 meses, após a conclusão do curso.
• Diploma digital de Certificação e Insígnia digital de Certificação, após sucesso no exame e conclusão do processo de candidatura. Este registo não tem qualquer custo associado.
• Se o candidato não for aprovado no exame, tem o direito a uma nova tentativa gratuita dentro de um período máximo de 12 meses, a contar da data do exame inicial.

Benefícios

• GDPR is a requirement for all organizations that process personal data and, therefore, an auditable regulation.


• GDPR allows certification and international recognition of an organization. Allows access to new markets and optimization of operations. Allows improvement of quality, increase productivity, competitive advantage, customer satisfaction and sales.


• Organization’s data protection management systems (GDPR) can now be certified in data protection accredited schemes provided by accredited certification bodies under Article 43 of the General Data Protection Regulation (2016/679).


• This certification can be used as an evidence and support organizations in the demonstration of compliance with GDPR under Article 42.


• Organizations can use this certification for their international recognition and thus stand out from their peers.


• Behaviour Data Protection Lead Auditor (DPLA) course bases its pedagogical model in a certification program aligned in ISO/IEC 17024 standard, which defines the requirements for certification of people, fulfilling the recommendations of ISO.


• Data Protection Lead Auditor (DPLA) course is geared towards to the audit of the GDPR, through a step-by-step audit process. Thus, throughout the course, in addition to the basic concepts of GDPR, related legislation and other international recognized best practices, are presented the steps needed to prepare and start the Data Protection Management System (DPMS) (based on GDPR) audit process and the management of audits through an audit program, which includes the selection of the approach, the audit methodology, selection and skills of the auditors, steps and approaches for evidence collection and drafting of findings and nonconformities, among other activities needed to prepare the auditor to audit the DPMS (based on GDPR) of his organization or to participate and lead audits for a certification body, using the best practices of audit according the ISO 19011 and the requirements for certification bodies in ISO/IEC 17021.


• One of the strengths of the Data Protection Lead Auditor (DPLA) course, in addition to inclusion of implementation methodology, is that it allows prepare professionals for the audit of an GDPR certification and the registration in an accredited certifying body under GDPR Article 43. Addresses itself to this end, the recommendations of ISO 19011, ISO/IEC 17065 and ISO/IEC 17021 - requirements for certification bodies, and the guidelines of European Protection Data Board (EDPB).


• Certification exam is monitored by an official Behaviour administrator.


• Data Protection Lead Auditor (DPLA) certification exam is conducted at the end of the course, on the last day of training or, divided in two moments, at the end of day 2 (part 1) and on the morning of day 5 (part 2). This process allows the certifying entity to measure, more effectively, the knowledge of the candidates.


• Upon success on the exam, the professional will achieve one of the Data Protection Lead Auditor (DPLA) certifications levels. In case of failure, the professional may repeat the exam with no additional cost (one free retake), within 1 year after the date of the 1st examination.


• Behaviour Pedagogical Model aims to provide a learning environment conducive to acquisition of competences, in accordance with objectives of each training program. Promoting interaction, participation and appreciation of experiences, we contribute to meaningful learning, certification and international recognition but, above all to the development of critical thinking and autonomy.


• Behaviour is an organization accredited by DGERT (Portuguese Government Entity) and has its Quality Management System (QMS) implemented in accordance with the requirements of ISO 9001, the requirements of DGERT, the requirements of the European standard NP 4512 and the standard ISO 10015.

Datas e Preço

Clique em “Preço e Inscrição” para aceder a mais informação, incluindo o preço:

Programa Datas Garantidas

All dates of this course are guaranteed only for the events that take place in Lisbon. In other locations the events are subject to a minimum number of participants.
On Behaviour all courses at Lisbon occur regardless of the number of trainees in room. The concept of setting up classes does not exist in our educational model, which is why all public dates, presented on the website, are guaranteed. So if you're in Portugal or anywhere else in the world, you can prepare your week and your trip, as long as you ensure your registration in the course.

Descontos de Volume

For companies, Behaviour offer discounts, starting from the registration of the 2nd participant, in the same course and on the same date.
Simulate the prices for the number of participants you want to register to training@behaviour-group.com or contact us via chat.

Hotéis e Informações Úteis

Know where you can stay in Lisbon, near Behaviour. For more information please see >> Booking <<