Courses offered by EY CertifyPoint
EY CertifyPoint provides four and five day courses for several standards. The courses are designed in order to help participants develop the essential skills to implement (and/or audit) a Management System that meets the requirements of each of the ISO standards.
EY CertifyPoint currently offers courses for the following ISO Standards. Click on the standards for more information:
- ISO 9001 — Quality Management Lead Implementer / Lead Auditor (4 to 5 day course)
ISO 9001 specifies the basic requirements for a quality management system (QMS) that an organization must fulfil to demonstrate its ability to consistently provide products (which include services) that enhance customer satisfaction and meet applicable statutory and regulatory requirements. The standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.
- ISO 14001 — Environment Management Lead Implementer / Lead Auditor (4 to 5 day course)
ISO 14001 sets the standards for an environmental management system that helps meet legal requirements and improve environmental performance and sustainability. It specifies the requirements related to an environmental policy (which includes a commitment to prevent pollution), planning, management review, legal compliance, training, improvement and operational controls.
- ISO/IEC 20000 — IT Service Management Lead Implementer / Lead Auditor (4 to 5 day course)
ISO 20000 is a standard for quality management specifically focused around IT service management. The standard specifies four key processes related to 1) service delivery — service level, availability and capacity management; 2) relationship — interfaces between the service provider and customers and suppliers; 3) resolution — prevention or resolution of incidents; and 4) controls — managing changes, assets and configurations.
- ISO 22301 — Business Continuity Management Lead Implementer / Lead Auditor (4 to 5 day course)
ISO 22301 is a standard that helps organizations be better prepared to handle disruptions to its business operations in order to recover from disruptive incidents when they arise. The standard specifies security requirements for disaster recovery preparedness and business continuity management systems. It specifies what is needed to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system.
- ISO/IEC 27001 — Information Security Management Lead implementer / Lead auditor (4 to 5 day course)
ISO 27001 is a standard that helps organizations manage the security of assets such as financial information, intellectual property, employee details or information entrusted to an organization by third parties. It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS), using a continual improvement approach. It provides the foundation for third-party audits and is meant to “harmonize” with other management standards, such as ISO 9001.
- ISO 50001 — Energy Management Lead Implementer / Lead Auditor (4 to 5 day training)
The ISO 50001 standard sets the requirements that help organizations design an Energy Management System by developing a policy for a more efficient use of energy, setting targets and objectives that help fulfill the policy and overall to continually improve their energy management. This standard is applicable to any organization, in any sector in a way that it makes it easy to be integrated with other management systems.
Learning how to design, implement and audit an ISO 50001 Management System is one solution to ensure organizations’ compliance (to the EU Energy Efficiency Directive) but also to develop a framework that improves energy savings.
- ISO 37001 — Anti-bribery Management Lead Implementer / Lead Auditor (4 to 5 day training)
ISO 37001 is the standard that helps organizations design a series of measures for preventing, detecting and addressing bribery. These measures include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, employee training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures. This standard is applicable to any organization from any sector (either public, or private), in a way that it makes it easy to be integrated with other management systems; it can be adapted to the size and nature of each organization and to the bribery risk it faces.
Through this training you will have a chance to learn how to design, implement and audit an ISO 37001 Management System in order to help reduce the risk of bribery, as well as learning how to address bribery where it does occur.
- ISO/IEC 27017 — Information technology — Security techniques (Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors) Lead Implementer / Lead Auditor (2 to 4 day training)*
The ISO 27017 Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing implementation guidance for relevant ISO/IEC 27002 controls and additional controls specifically related to cloud services.
This ISO Standard provides controls and implementation guidance applicable to both cloud service providers and cloud service customers.
Note: a good understanding of Information Security Management System based on ISO27001 standard is required for a stand-alone course on this topic
- ISO/IEC 27018 — Information technology — Security techniques (Code of practice for information security controls based on ISO/IEC 27002 for cloud services) Lead Implementer / Lead Auditor (2 to 4 day training)*
ISO/IEC 27018 supports organizations with defining objectives, procedures, controls and guidelines for measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles of ISO/IEC 29100 for the public cloud computing environment.
This standard specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a public cloud service provider.
ISO/IEC 27018 is applicable to any organization from any sector (either public, or private), which provides information processing services as PII processor via cloud computing under contract to other organizations.
- SS 584:2015+C1:2016 — Specification for multi-tiered cloud computing security (MTCS) Lead Implementer / Lead Auditor (2 to 4 day training)*
The Singapore Standard SS 584: 2015 Specification for multi-tiered cloud computing security, commonly known as MTCS, is the world’s first cloud security standard that covers multiple tiers of cloud security developed under the Information Technology Standards Committee (ITSC) for Cloud Service Providers (CSPs) in Singapore. The standard builds on recognized international standard, such as ISO 27001, with the added enhancement to provide Cloud Service Users with a mechanism to benchmark and tier the capabilities of Cloud Service Providers against a set of minimum baseline security requirements. This benefits the Cloud Service Users by providing assurance to the users that the provider meets accepted minimum baseline security requirements for each tier. Cloud Service Providers benefit from having a mechanism to demonstrate the security of their offerings.
- ISO 45001 — Occupational Health and Safety Management Lead Implementer / Lead Auditor (4 to 5 day training)
The ISO 45001 standard, Occupational health and safety management systems – Requirements with guidance for use, is the world’s first International Standard for occupational health and safety (OH&S). It provides a framework to increase safety, reduce workplace risks and enhance health and well-being at work, enabling an organization to proactively improve its OH&S performance. ISO 45001 enables organizations to put in place an occupational health and safety (OH&S) management system. This will help them manage their OH&S risks and improve their OH&S performance by developing and implementing effective policies and objectives.
*Note: a good understanding of Information Security Management System based on ISO27001 standard is required for a stand-alone course on this topic
Note: The ISO 27017, ISO 27018 and MTCS trainings can be combined in a 4 to 5 days training event.