SIRO Training Course (Senior Information Risk Owner): All you need to know
SIRO Training Course overview
This is a one day SIRO training course for Senior Information Risk Owners that covers the role and responsibilities of the SIRO.
We will cover how to manage working relationships with your Information Asset Owners, Data Protection Officer and other Information Governance team members. How to develop and maintain an Information Risk Register. We will guide you through threats, hazards, controls, and the use of Data Protection Impact Assessments (DPIA).
New to the role of Senior Information Risk Owner (SIRO) or need an update, this is the course for you. It is an in depth course covering the role and responsibilities of the SIRO. We will cover how to manage working relationships with your Information Asset Owners, Data Protection Officer and other Information Governance team members. How to develop and maintain an Information Risk Register.
We will guide you through threats, hazards, controls, and the use of Data Protection Impact Assessments (DPIA).
The course also covers the legal framework of General Data Protection Regulation (GDPR), Data Protection Act 2018, e-Privacy regulations, cyber resilience and ISO 27001, all of which you will need to have knowledge of as a SIRO. We will also look at the importance of leadership, supporting and developing a compliance program, the accountability principle and records of processing activities.
Who should attend?
This course is for all new and existing SIRO’s. Delegates for the day would include SIROs, their deputies Data Protection Officers, and any information governance professionals working in support of the SIRO.
SIRO Training Course Programme
|9.15 - 9:30||Refreshments and Registration|
|9.30 - 10:00||Background to Senior Information Risk Owner (SIRO) roles and responsibilities.
Who should be the SIRO?
Differences between; SIRO & DPO & Caldicott Guardian
SIRO & DPO & Caldicott Guardian
|10.00 - 11:30|| National Picture - Information Security Management System 27001, Cyber Essentials Plus, Public Services Network and the Data Security and Protection Toolkit
National Reviews - Health and Social Care
Legal Framework - Data Protection Act 2018
Accountability and Records of Processing Activities
What is Personal and Sensitive?
SIRO Framework = Information Risk Radar
GDPR Information Risk Management
What is your risk appetite?
Do you know what you need to protect? or what you need to have in place?
Risks, Threats, Vulnerabilities, Controls and Potential outcomes. Examples of Threats
Scenario: Key Systems
|11.30 - 11:45||Refreshment Break|
|11.45 - 13:00||Risks do not go away - Plan, Do, Check and Act
Scenario; Data Breach
Example Data Breaches
Personal data breaches
You have become aware of a breach - What should you do?
Breach Assessment Grid
National Cyber Security Center - 10 steps; Cyber security, Password Security
|13.00 - 13:30||Lunch|
|13.30 - 14:45||Data Protection Impact Assessments
Exercise; Information Asset Owners & Administrators
Exercise; What are the Daily IAO/IAA Tasks
Exercise; Information Asset Register
Why do you need a Information Asset Register?
Exercise; Information Asset Register Checklist
Exercise; Information Asset Risk Assessment
Information Asset Management & Data Flow Mapping and Create Your Own Data Flow Map.
Pseudonymisation, Anonymisation and Encryption. Primary and Secondary use of data.
|14.45 - 15:00||Coffee|
|15.00 - 16:30||Information Security Risk Management
Scenario: Data Flow Mapping
Exercise: Create Your Own Data Flow Map
What is forensic readiness?
Simple example of Pseudonymisation
Anonymisation and Encryption
Primary and Secondary use of data
Information Security Management System
Build a Culture of Information Management
What the SIRO did next?
|16.30||Summary and Final Questions|
SIRO Virtual Training Dates
SIRO Classroom Training
Very helpful course and content. Thank you.Director of Resources - SIRO
All interesting and useful topics which relate to my role.Police - SIRO
Who are our SIRO Trainers?
Ralph has spent nearly two decades working at the intersection of privacy, security and risk management. He believes good information governance adds business value to achieve business objectives and return on investment.
Debbie is a passionate and motivated information governance professional with more than 34 years’ experience in the Public Sector.
Inga has over 12 years’ experience working in the area of data protection and privacy in relation to new and emerging technologies. She enjoys bringing what some may deem to be a ‘dry’ subject to life through consultancy and training. She is able to translate complex data protection issues into clear and understandable language; to enable clients to make informed business decisions in relation to data protection.
All prices include the attendance of 15 delegates, a course workbook, additional reading, slide handouts, an LTD delegate folder, a pen and a CPD certificate. If booked in advance, we offer a 4 week after care package.
If you did not find the course you are looking please contact us and we can discuss and design the right course for you. For a no obligation quote, email firstname.lastname@example.org or call 07931566007 or 01206 807267