SIRO Training Course (Senior Information Risk Owner): All you need to know
SIRO Training Course overview
This is a one day SIRO training course for Senior Information Risk Owners that covers the role and responsibilities of the SIRO.
We will cover how to manage working relationships with your Information Asset Owners, Data Protection Officer and other Information Governance team members. How to develop and maintain an Information Risk Register. We will guide you through threats, hazards, controls, and the use of Data Protection Impact Assessments (DPIA).
New to the role of Senior Information Risk Owner (SIRO) or need an update, this is the course for you. It is an in depth course covering the role and responsibilities of the SIRO. We will cover how to manage working relationships with your Information Asset Owners, Data Protection Officer and other Information Governance team members. How to develop and maintain an Information Risk Register.
We will guide you through threats, hazards, controls, and the use of Data Protection Impact Assessments (DPIA).
The course also covers the legal framework of General Data Protection Regulation (GDPR), Data Protection Act 2018, e-Privacy regulations, cyber resilience and ISO 27001, all of which you will need to have knowledge of as a SIRO. We will also look at the importance of leadership, supporting and developing a compliance program, the accountability principle and records of processing activities.
SIRO Training Course Programme
| Time | Agenda |
| 9.15 - 9:30 | Refreshments and Registration |
| 9.30 - 10:00 | Background to Senior Information Risk Owner (SIRO) roles and responsibilities. SIRO Description Key Responsibilities Who should be the SIRO? Differences between; SIRO & DPO & Caldicott Guardian SIRO & DPO & Caldicott Guardian |
| 10.00 - 11:30 | National Picture - Information Security Management System 27001, Cyber Essentials Plus, Public Services Network and the Data Security and Protection Toolkit National Reviews - Health and Social Care Legal Framework - Data Protection Act 2018 Accountability and Records of Processing Activities What is Personal and Sensitive? SIRO Framework = Information Risk Radar GDPR Information Risk Management Scenario; Risk What is your risk appetite? Do you know what you need to protect? or what you need to have in place? Risks, Threats, Vulnerabilities, Controls and Potential outcomes. Examples of Threats Scenario: Key Systems |
| 11.30 - 11:45 | Refreshment Break |
| 11.45 - 13:00 | Risks do not go away - Plan, Do, Check and Act Scenario; Data Breach Example Data Breaches Personal data breaches You have become aware of a breach - What should you do? Potential Consequences Breach Assessment Grid National Cyber Security Center - 10 steps; Cyber security, Password Security |
| 13.00 - 13:30 | Lunch |
| 13.30 - 14:45 | Data Protection Impact Assessments Scenario; DPIA Exercise; Information Asset Owners & Administrators Exercise; What are the Daily IAO/IAA Tasks Exercise; Information Asset Register Why do you need a Information Asset Register? Exercise; Information Asset Register Checklist Exercise; Information Asset Risk Assessment Information Asset Management & Data Flow Mapping and Create Your Own Data Flow Map. Pseudonymisation, Anonymisation and Encryption. Primary and Secondary use of data. |
| 14.45 - 15:00 | Coffee |
| 15.00 - 16:30 | Information Security Risk Management Scenario: Data Flow Mapping Exercise: Create Your Own Data Flow Map What is forensic readiness? Simple example of Pseudonymisation Anonymisation and Encryption Primary and Secondary use of data Information Security Management System Build a Culture of Information Management What the SIRO did next? |
| 16.30 | Summary and Final Questions |
SIRO Training Course Dates
| Location | Date | Availability |
| Cardiff | 7th November 2019 | Places Available |
| London | 16th January 2020 | Places Available |
| Manchester | 22nd January 2020 | Places Available |
| Cardiff | 25th March 2020 | Places Available |
Want to know more about our SIRO Trainers?
Our Trainers are amazing, between us we have over 100 years of experience working in information Governance.
Leadership Through Data provide bespoke training courses that are custom made to your needs. Bespoke courses provide an exclusive learning and development opportunity which is cost effective.
If you did not find the course you are looking please contact us and we can discuss and design the right course for you. For a no obligation quote, email info@leadershipthroughdata.co.uk or call 07931566007 or 01206 807267
All prices include the attendance of 15 delegates, a course workbook, additional reading, slide handouts, an LTD delegate folder, a pen and a CPD certificate. If booked in advance, we offer a 4 week after care package.
