Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Domain 1—The Process of Auditing Information Systems (14%)
Deliver audit services aligned with IT audit standards to help the organization protect and control its information systems.
- 1.1 Design and implement a risk-based IT audit strategy that complies with IT audit standards to ensure comprehensive coverage of key areas.
- 1.2 Plan specific audits to verify that information systems are protected, controlled, and deliver value to the organization.
- 1.3 Execute audits in line with IT audit standards to achieve planned audit objectives.
- 1.4 Report audit findings and provide recommendations to key stakeholders to communicate results and facilitate necessary changes.
- 1.5 Conduct follow-ups or prepare status reports to ensure management takes appropriate actions in a timely manner.
Domain 2—Governance and Management of IT (14%)
Provide assurance that the necessary leadership, organizational structure, and processes are established to achieve objectives and support the organization's strategy.
- 2.1 Assess the effectiveness of the IT governance structure to determine if IT decisions, directions, and performance support the organization’s strategies and objectives.
- 2.2 Evaluate the IT organizational structure and human resource management to ensure alignment with the organization’s strategies and objectives.
- 2.3 Review the IT strategy, including direction and the processes for development, approval, implementation, and maintenance, to ensure alignment with organizational goals.
- 2.4 Assess the organization’s IT policies, standards, and procedures, along with their development and monitoring processes, to ensure they support IT strategy and comply with regulatory and legal requirements.
- 2.5 Evaluate the adequacy of the quality management system to determine if it supports organizational strategies and objectives cost-effectively.
- 2.6 Review IT management and control monitoring (e.g., continuous monitoring, quality assurance) to ensure compliance with organizational policies, standards, and procedures.
- 2.7 Assess IT resource investment, usage, and allocation practices, including prioritization criteria, for alignment with organizational strategies and objectives.
- 2.8 Evaluate IT contracting strategies, policies, and contract management practices to determine their support for organizational strategies and objectives.
- 2.9 Assess risk management practices to determine if the organization’s IT-related risks are appropriately managed.
- 2.10 Evaluate monitoring and assurance practices to ensure the board and executive management receive sufficient and timely information on IT performance.
- 2.11 Review the organization’s business continuity plan to determine its ability to maintain essential business operations during an IT disruption.
Domain 3—Information Systems Acquisition, Development, and Implementation (19%)
Provide assurance that practices for acquiring, developing, testing, and implementing information systems align with the organization’s strategies and objectives.
- 3.1 Evaluate the business case for proposed investments in information systems acquisition, development, maintenance, and retirement to ensure it meets business objectives.
- 3.2 Assess project management practices and controls to determine if business requirements are achieved cost-effectively while managing organizational risks.
- 3.3 Conduct reviews to verify that projects are progressing according to plans, are adequately documented, and have accurate status reporting.
- 3.4 Evaluate controls for information systems during requirements, acquisition, development, and testing phases to ensure compliance with organizational policies, standards, and external requirements.
- 3.5 Assess the readiness of information systems for implementation and migration into production to ensure project deliverables, controls, and organizational requirements are met.
- 3.6 Conduct post-implementation reviews of systems to determine if project deliverables, controls, and organizational requirements have been fulfilled.
Domain 4—Information Systems Operations, Maintenance and Support (23%)
Provide assurance that processes for information systems operations, maintenance, and support align with the organization’s strategies and objectives.
- 4.1 Conduct periodic reviews of information systems to ensure they continue to meet organizational objectives.
- 4.2 Assess service level management practices to determine if service levels from internal and external providers are defined and managed effectively.
- 4.3 Evaluate third-party management practices to ensure providers adhere to the control levels expected by the organization.
- 4.4 Review operations and end-user procedures to determine if scheduled and unscheduled processes are managed to completion.
- 4.5 Assess the information systems maintenance process to ensure it is controlled effectively and continues to support organizational objectives.
- 4.6 Evaluate data administration practices to determine the integrity and optimization of databases.
- 4.7 Assess the use of capacity and performance monitoring tools and techniques to verify that IT services meet organizational objectives.
- 4.8 Evaluate problem and incident management practices to ensure incidents, problems, or errors are recorded, analyzed, and resolved promptly.
- 4.9 Assess change, configuration, and release management practices to determine if scheduled and unscheduled changes to the production environment are adequately controlled and documented.
- 4.10 Evaluate the adequacy of backup and restore provisions to ensure the availability of information required to resume processing.
- 4.11 Review the organization’s disaster recovery plan to determine if it enables the recovery of IT processing capabilities in the event of a disaster.
Domain 5—Protection of Information Assets (30%)
Provide assurance that the organization’s security policies, standards, procedures, and controls ensure the confidentiality, integrity, and availability of information assets.
- 5.1 Assess information security policies, standards, and procedures for completeness and alignment with generally accepted practices.
- 5.2 Evaluate the design, implementation, and monitoring of system and logical security controls to verify the confidentiality, integrity, and availability of information.
- 5.3 Assess the design, implementation, and monitoring of data classification processes and procedures to ensure alignment with organizational policies, standards, and external requirements.
- 5.4 Evaluate the design, implementation, and monitoring of physical access and environmental controls to determine if information assets are adequately safeguarded.
- 5.5 Review the processes and procedures for storing, retrieving, transporting, and disposing of information assets (e.g., backup media, offsite storage, hard copy/print data, and softcopy media) to ensure adequate safeguarding.
Requirements
This non-certified course does not require any specific prerequisites.
35 Hours
Testimonials (2)
1. The BCS test exam questions were often incoherent or not related to the syllabus - which appears to be a trait of BCS course and exams 2. the subject matter was taught reading powerpoint slides full of text - the BCS should be providing at least some diagrammatic content and other visual aids especially as many people learn in very different ways - more than just reading text.
john - UKHO
Course - BCS Practitioner Certificate in Information Assurance Architecture (CIAA)
Overview of Risk topics and preparing for exam
