This one day SIRO training course for Senior Information Risk Owners covers all you need to know for the role and responsibilities of the SIRO.
This course covers how to manage working relationships with your Information Asset Owners, Data Protection Officer and other Information Governance team members. How to develop and maintain an Information Risk Register. Guide you through threats, hazards, controls, and the use of Data Protection Impact Assessments (DPIA).
We will guide you through threats, hazards, controls, and the use of Data Protection Impact Assessments (DPIA).
The course also covers the legal framework of General Data Protection Regulation (GDPR), Data Protection Act 2018, e-Privacy regulations, cyber resilience and ISO 27001, all of which you will need to have knowledge of as a SIRO. We will also look at the importance of leadership, supporting and developing a compliance program, the accountability principle and records of processing activities.
9.15 – 9:30
- Refreshments and Registration
9.30 – 10:00
- Background to Senior Information Risk Owner (SIRO) roles and responsibilities.
- SIRO Description, Key Responsibilities
- Who should be the SIRO?
- Differences between; SIRO & DPO & Caldicott Guardian
- SIRO & DPO & Caldicott Guardian
10.00 – 11:30
- National Picture and National Reviews
- Legal Framework
- What is Personal and Sensitive?
- GDPR Information Risk Management
- What is your risk appetite?
- Do you know what you need to protect? or what you need to have in place?
- Risks, Threats, Vulnerabilities, Controls and Potential outcomes. Examples of Threats
11.30 – 11:45
11.45 – 13:00
- Risks do not go away – Plan, Do, Check and Act
- Data Breaches
- You have become aware of a breach – What should you do?
- National Cyber Security Center – 10 steps; Cyber security, Password Security
13.00 – 13:30
13.30 – 14:45
- Data Protection Impact Assessments
- Information Asset Owners & Administrators
- What are the Daily IAO/IAA Tasks
- Information Asset Register
- Why do you need a Information Asset Register?
- Information Asset Risk Assessment
- Information Asset Management & Data Flow Mapping and Create Your Own Data Flow Map.
- Pseudonymisation, Anonymisation and Encryption. Primary and Secondary use of data.
14.45 – 15:00
15.00 – 16:30
- Information Security Risk Management
- Data Flow Mapping
- What is forensic readiness?
- Simple example of Pseudonymisation
- Anonymisation and Encryption
- Primary and Secondary use of data
- Information Security Management System
- Build a Culture of Information Management
- What the SIRO did next?
- Summary and Final Questions
Who should attend?
This course is for all new and existing SIRO’s. Delegates for the day would include SIROs, their deputies Data Protection Officers, and any information governance professionals working in support of the SIRO.
Suggested Follow on Courses
Book more than one course and receive a 10% discount.
Will I get a recognised qualification?jacqueline2021-01-22T14:17:00+00:00
As part of our accreditation with the CPD accreditation group, you will receive 6 or 12 CPD points for each course attended.
The Certificate in Managing Data Protection Complaince is the second qualification of a suite of 3 data protection qualifications.
Do you offer any course discounts?jacqueline2021-01-22T14:17:13+00:00
Yes we offer a 10% discount for the primary delegate if you book more than one person from the same organisation at the same time.
We offer 20% off on selected course for promotional offers.
What happens if the course is cancelled?jacqueline2021-01-22T14:17:37+00:00
To try to avoid cancelling face to face courses, however if the number of delegates is below 5 we will offer this a virtual course instead.
See full terms and conditions.
When will I be advised of the venue location?jacqueline2021-01-22T14:17:49+00:00
Exact location are sent out via email, two weeks before the course, we would therefore advise you not to book accommodation until the venue is confirmed.