Corporate Compliance培训

Corporate Compliance培训

Corporate Compliance Training

Corporate Compliance大纲

代码 名字 期限 概览
cdp CDP - Certificate in Data Protection 35小时 Description: There is a need to provide adequate training on the Data Protection Act 1998 "the Act" and its implications for both organisations and individuals. There are important differences between the Act and its predecessor, the Data Protection Act 1984. In particular, the Act contains important new obligations in relation to manual records and transborder data flows, a new notification system and amended principles. It is important to understand the Act in the European context. Those experienced in data protection issues, as well as those new to the subject, need to be trained so that their organisations are confident that legal compliance is continually addressed. It is necessary to identify issues requiring expert data protection advice in good time in order that organisational reputation and credibility are enhanced through relevant data protection policies and procedures. Objectives: The aim of the syllabus is to promote an understanding of how the data protection principles work rather than simply focusing on the mechanics of regulation. The syllabus places the Act in the context of human rights and promotes good practice within organisations. On attaining the certificate, award holders will possess: an appreciation of the broader context of the Act. an understanding of the way in which the Act and the Privacy and Electronic Communications (EC Directive) Regulations 2003 work a broad understanding of the way associated legislation relates to the Act an understanding of what has to be done to achieve compliance a recognised qualification in data protection Course Synopsis: The syllabus comprises three main parts, each with many sub-sections! Context - this will address the origins of and reasons for the Act together with consideration of privacy in general. Law – Data Protection Act - this will address the main concepts and elements of the Act and subordinate legislation. Application - this will consider how compliance is achieved and how the Act works in practice. 1. Context The objective is to ensure a basic appreciation of the context of data protection law and in particular that privacy is wider than data protection. 1.1 What is privacy? 1.1.1 The right to private and family life and the relevance of confidentiality. 1.1.1 European Convention on Human Rights and Fundamental Freedoms, UK Human Rights Act 1.2 History of data protection legislation in the UK 1.2.1 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data 1980 1.2.2 Council of Europe Convention 108, 1981 1.2.3 Data Protection Act 1984 1.2.4 Data Protection Directive 95/46/EC 1.2.5 Telecommunications Directive 97/66/EC, Privacy and Electronic Communications 2. The Law 2.1 Data Protection Act 2.1.1 The definitions The objective is to ensure that candidates know, and understand the major definitions in the Act and how to apply them in order to identify what information and processing activities are subject to the Act. 2.1.2 The Role of the Commissioner The objective is to ensure an understanding of the role and main powers of the Information commissioner. The following are to be covered. Enforcement (including roles of the First-tier Tribunal and the Courts) Information and Enforcement Notices Prosecution Warrants (entry/inspection) (Schedule 9,1(1) & 12 only – that is a basic understanding of grounds for issuing and nature of offences) Assessment Notices (s41A-s41C) including effect of s55 (3) added by the Coroners and Justice Act 2009 which provides that the Information Commissioner may not issue a monetary penalty notice in respect of anything found in pursuance of an assessment notice or an assessment under s51 (7). Monetary penalties (s55A-55E) including the effect of the s55 (3A) provision. Undertakings (NB candidates are required to have a basic understanding of how the ICO uses ‘undertakings’ and that they do not derive from any provision in the DPA98. They are not expected to know the detail of their status and provenance). Carrying out s42 assessments Codes of Practice (including s52A-52E Code of Practice on data sharing) and all current ICO issued Codes but not any codes issued by other bodies. Candidates will be expected to have a broad understanding of s52A-E, to appreciate the distinction between a statutory code and other ICO issued codes and have a broad understanding (but not a detailed knowledge) of ICO issued codes. 2.1.3 Notification The exemptions from notification. A basic understanding of the two tier fee regime. 2.1.4 The Data Protection Principles The objective is to ensure an understanding of how the principles regulate the processing of personal data and how they are enforced, as well as an understanding of the individual principles in the light of guidance on their interpretation found in Part II of Schedule 1. Candidates will be required to show an understanding of the need to interpret and apply the principles in context. Introduction: how the principles regulate and how they are enforced including Information and Enforcement Notices. 2.1.5 Individual Rights The objective is to ensure an understanding of the rights conferred by the Act and how they can be applied and enforced. 2.1.6 Exemptions The objective is to ensure awareness of the fact that there are exemptions from certain provisions of the Act, and knowledge and understanding of some of these and how to apply them in practice. Candidates are not expected to have a detailed knowledge of all the exemptions. The following are expected to be covered in some detail: 2.1.7 Offences The objective is to ensure an awareness of the fact that there are a range of offences under the Act and of the role of the Courts as well as an appreciation of how certain specified offences apply in practice. It is not intended that candidates should have a detailed knowledge of all the offences. The candidates will be expected to cover: Unlawful obtaining and disclosure of personal data Unlawful selling of personal data Processing without notification Failure to notify changes in processing Failure to comply with an Enforcement Notice, an Information Notice or Special Information Notice. Warrant offences (Schedule 9,12) 2.2 Privacy and Electronic Communications (EC Directive) Regulations 2003 The objective is to ensure an awareness of the relationship between the above Regulations and the Act, an awareness of the broad scope of the Regulations and a detailed understanding of the practical application of the main provisions relating to unsolicited marketing. 2.3 Associated legislation The objective is to ensure a basic awareness of some other legislation which is relevant and an appreciation that data protection legislation must be considered in the context of other law. 3. Application The objective is to ensure an understanding of the practical application of the Act in a range of circumstances. This will include detailed analysis of sometimes complex scenarios, and deciding how the Act applies in particular circumstances and explaining and justifying a decision taken or advice given. 3.1 How to comply with the Act 3.2 Addressing scenarios in specific areas 3.3 Data processing topics Monitoring – internet, email, telephone calls and CCTV Use of the internet (including Electronic Commerce) Data matching Disclosure and Data sharing
ciaa CIAA - Certificate in Information Assurance Architecture 35小时 Description: The IA Architect is based on a set of skills defined by the Institute of Information Security Professionals (IISP) and the UK Government’s GCHQ department. The IA Architect, also referred to in industry as the Security Architect must be able to drive beneficial security change into an organisation through the development or review of security architectures so that they: Meet business requirements for security. Mitigate identified risks and conform to relevant corporate security policies. Balance information risk against the cost of countermeasures. This course aligns to Level 3 (Skilful Application) competence as defined in the Skills Framework developed by the IISP. Objectives: Candidates that have successfully completed the Practitioner in IA Architecture course should be able to: Describe the business environment and the information risks that apply to systems. Describe and apply security design principles. Identify information risks that arise from potential solution architectures. Design alternate architectures or countermeasures to mitigate identified information risks. Ensure that proposed architectures and countermeasures adequately mitigate identified information risks. Apply ‘standard’ security techniques and architectures to mitigate security risks. Develop new architectures that mitigate the risks posed by new technologies and business practices. Provide consultancy and advice to explain Information Assurance and architectural problems. Securely configure ICT systems in compliance with their approved security architectures. Audience: Candidates who wish to gain the BCS IA Architecture certificate. System Administrators who wish to become Security Architects. Technical Architects looking to move into the field of security architecture. Security professionals wishing to gain an appreciation of the technical and business aspects of their profession, or to move into a more senior architecture role. Module 1 - The Basics of IA Architecture: What is IA Architecture? The Role of an IA Architect. Security Design Principles. Conceptual Architectures. At the end of this module the candidates will be able to: Describe the role of the IA Architect and the concept of security architectures in context of enterprise architectures. Explain the skills, especially soft skills, an IA Architect must possess. Explain concepts and design principles used by IA Architects when designing systems. Design principles such as least privileged and segregation of duties are described. Describe security architectures at a high level using appropriate contextual terms and have sufficient knowledge to describe architectural concepts related to security concerns. Explain the importance of design patterns and conceptual architectures. Recognise separation of systems as a way to reduce risk. Module 2 – Advanced Security Architecture Concepts: Core Security Mechanisms. Security Services. Security Design. At the end of this module the candidate will be able to: Describe common methods for identification and authentication. Describe common methods for access control. Describe requirements and methods for auditing and alerting. Describe common methods for content control, such as anti-virus and data loss prevention. Describe common cryptographic based services, such as a public key infrastructure. Describe intruder detection and prevention services and their placement in systems. Describe the role of directories in a system. Describe the functions of security management within a system. Describe a wide range of network security controls and the threats they counter. This includes layer 2 controls and the use of packet filtering and firewalls. Identify common methods for resilience and recognise different recovery capabilities and techniques, including back-up and audit trails. Identify security aspects of virtualisation. Appreciate practicality as an issue in the selection of security mechanisms. Appreciate the need for correctness of input and on-going correctness of all stored data including parameters for all generalised software. Distinguish between different cryptographic mechanisms and techniques. Appreciate the use of threat modelling techniques to establish where security services should be positioned within a system. Describe a number of design patterns being able to explain the threats and security controls used to counter the threats Module 3 – Information Assurance Methodologies: Information Assurance Frameworks. Cryptographic Assurance. Product and Service Assurance. Vulnerability and Penetration Testing. At the end of this module the candidate will be able to: Explain a wide range of Information Assurance methodologies. Compare the benefits of using different methodologies. Describe how Information Assurance methodologies can reduce risk. Employ methods, tools and techniques for identifying potential vulnerabilities. Apply different testing strategies depending on the risk profile of a system Recognise that business processes need to be tested and not just the ICT elements. Explain the role of vulnerability and penetration testing. Plan and manage a penetration test Explain the typical structure of a penetration test report. Describe the typical findings of a penetration test report. Module 4 – Innovation and Business Improvement Business Change, Security Metrics and ROI. Risk, Security Postures and Security Culture. Security as a Business Enabler. IA Maturity Models. At the end of this module the candidate will be able to: Discuss the security implications of business transition (mergers, de-mergers, in-sourcing and out-sourcing, etc.). Describe the nature of organisational risk culture and exposure. Recognise security as a business enabler. Describe continuous improvement as a philosophy. Propose security metrics. Describe a number of different IA maturity models. Module 5 – Security Across the Lifecycle: Security Across the Lifecycle. At the end of this module the candidate will be able to: Describe the typical Terms of Reference of an IA Architect. Explain why it is important to brief Engineering teams at the start of a development process. Describe the concepts of audit and traceability. Describe the different types of design artefacts at the conceptual, logical and physical layers. Recognise the security issues associated with commercial off-the-shelf / outsourced / off shore systems / applications / products. Describe the role of hardening and coding standards in the development of a system and sources of guidance. Describe the OWASP top ten risks. Discuss the importance of links with the whole business process. Identify the benefits of separation of development, test and support from operational systems Module 6 – Preparation for the IA Architecture Examination and Mock Examination: Format, structure and scoring of the examination. Mock examination, using the BCS sample paper. At the end of this module the candidate will: Understand the format and scoring of the examination. Be prepared to take the IA Architecture examination
cgeit CGEIT – Certified in the Governance of Enterprise IT 28小时 Description: This four day event (CGEIT training) is the ultimate preparation for exam time and is designed to ensure that you pass the challenging CGEIT exam on your first attempt. The CGEIT qualification is an internationally recognised symbol of excellence in IT governance awarded by ISACA. It is designed for professionals responsible for managing IT governance or with significant advisory or assurance responsibility for IT governance. Achieving CGEIT status will provide you with wider recognition in the marketplace, as well as increased influence at executive level. Objectives: This seminar has been designed to prepare Delegates for the CGEIT examination by enabling them to supplement their existing knowledge and understanding so as to be better prepared to pass the exam, as defined by ISACA. Target Audience: Our training course is for IT and business professionals, with significant IT governance experience who are undertaking the CGEIT exam. Domain 1: Framework for the Governance of Enterprise IT (25%) Ensure the definition, establishment, and management of a framework for the governance of enterprise IT in alignment with the mission, vision and values of the enterprise. Domain 1—Knowledge Statements: Knowledge of components of a framework for the governance of enterprise IT Knowledge of IT governance industry practices, standards and frameworks (for example, COBIT, Information Technology Infrastructure Library [ITIL], International Organization for Standardization [ISO] 20000, ISO 38500) Knowledge of business drivers related to IT governance (for example, legal, regulatory and contractual requirements) Knowledge of IT governance enablers (for example, principles, policies and frameworks; processes; organizational structures; culture, ethics and behaviour; information; services, infrastructure and applications; people, skills and competencies) Knowledge of techniques used to identify IT strategy (for example, SWOT, BCG Matrix) Knowledge of components, principles, and concepts related to enterprise architecture (EA) Knowledge of Organizational structures and their roles and responsibilities (for example, enterprise investment committee, program management office, IT strategy committee, IT architecture review board, IT risk management committee) Knowledge of methods to manage organizational, process and cultural change Knowledge of models and methods to establish accountability for information requirements, data and system ownership; and IT processes Knowledge of IT governance monitoring processes/mechanisms (for example, balanced scorecard (BSC) Knowledge of IT governance reporting processes/mechanisms Knowledge of communication and promotion techniques Knowledge of assurance methodologies and techniques Knowledge of continuous improvement techniques and processes Domain 2: Strategic Management (20%) Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans. Domain 2—Knowledge Statements: Knowledge of an enterprise’s strategic plan and how it relates to IT Knowledge of strategic planning processes and techniques Knowledge of impact of changes in business strategy on IT strategy Knowledge of barriers to the achievement of strategic alignment Knowledge of policies and procedures necessary to support IT and business strategic alignment Knowledge of methods to document and communicate IT strategic planning processes (for example, IT dashboard/balanced scorecard, key indicators) Knowledge of components, principles and frameworks of enterprise architecture (EA) Knowledge of current and future technologies Knowledge of prioritization processes related to IT initiatives Knowledge of scope, objectives and benefits of IT investment programs Knowledge of IT roles and responsibilities and methods to cascade business and IT objectives to IT personnel Domain 3: Benefits Realization (16%) Ensure that IT-enabled investments are managed to deliver optimized business benefits and that benefit realization outcome and performance measures are established, evaluated and progress is reported to key stakeholders. Domain 3—Knowledge Statements: Knowledge of IT investment management processes, including the economic life cycle of investments Knowledge of basic principles of portfolio management Knowledge of benefit calculation techniques (for example, earned value, total cost of ownership, return on investment) Knowledge of process and service measurement techniques (for example, maturity models, benchmarking, key performance indicators [KPIs]) Knowledge of processes and practices for planning, development, transition, delivery, and support of IT solutions and services Knowledge of continuous improvement concepts and principles Knowledge of outcome and performance measurement techniques (for example, service metrics, key performance indicators [KPIs]) Knowledge of procedures to manage and report the status of IT investments& Knowledge of cost optimization strategies (for example, outsourcing, adoption of new technologies) Knowledge of models and methods to establish accountability over IT investments Knowledge of value delivery frameworks (for example, Val IT) Knowledge of business case development and evaluation techniques Domain 4: Risk Optimization (24%) Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework. Domain 4—Knowledge Statements: Knowledge of the application of risk management at the strategic, portfolio, program, project and operations levels Knowledge of risk management frameworks and standards (for example, RISK IT, the Committee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management—Integrated Framework (2004) [COSO ERM], International Organization for Standardization (ISO) 31000) Knowledge of the relationship of the risk management approach to legal and regulatory compliance Knowledge of methods to align IT and enterprise risk management (ERM) Knowledge of the relationship of the risk management approach to business resiliency (for example, business continuity planning [BCP] and disaster recovery planning [DRP]) Knowledge of risk, threats, vulnerabilities and opportunities inherent in the use of IT Knowledge of types of business risk, exposures and threats (for example, external environment, internal fraud, information security) that can be addressed using IT resources Knowledge of risk appetite and risk tolerance Knowledge of quantitative and qualitative risk assessment methods Knowledge of risk mitigation strategies related to IT in the enterprise Knowledge of methods to monitor effectiveness of mitigation strategies and/or controls Knowledge of stakeholder analysis and communication techniques Knowledge of methods to establish key risk indicators (KRIs) Knowledge of methods to manage and report the status of identified risk Domain 5: Resource Optimization (15%) Ensure the optimization of IT resources including information, services, infrastructure and applications, and people, to support the achievement of enterprise objectives. Domain 5—Knowledge Statements: Knowledge of IT resource planning methods Knowledge of human resource procurement, assessment, training, and development methodologies Knowledge of processes for acquiring application, information, and infrastructure resources Knowledge of outsourcing and offshoring approaches that may be employed to meet the investment program and operation level agreements (OLAs) and service level agreements (SLAs) Knowledge of methods used to record and monitor IT resource utilization and availability Knowledge of methods used to evaluate and report on IT resource performance Knowledge of interoperability, standardization and economies of scale
basel3 Basel III – Certified Basel Professional 21小时 Description: Basel III is a global regulatory standard on bank capital adequacy, stress testing and market liquidity risk. Having initially been agreed upon by the Basel Committee on Banking Supervision in 2010–11, changes to The Accord have extended implementation to 31st March 2019. Basel III strengthens bank capital requirements by increasing bank liquidity and decreasing bank leverage. Basel III differs from Basel I & II in that it requires different levels of reserves for different forms of deposits and other types of borrowings, so it does not supersede them so much as it does work alongside Basel I and Basel II. This complex and constantly changing landscape can be hard to keep up with, our course and training will help you manage likely changes and their impact on your institution. We are accredited with and a training partner to the Basel Certification Institute and as such the quality and suitability of our training and material is guaranteed to be up to date and effective Objectives: Preparation for the Certified Basel Professional Examination. Define hands-on strategies and techniques for the definition, measurement, analysis, improvement, and control of operational risk within a banking organization. Target Audience: Board members with risk responsibilities CROs and Heads of Risk Management Members of the Risk Management team Compliance, legal and IT support staff Equity and Credit Analysts Portfolio Managers Rating Agency Analysts Overview: Introduction to Basel norms and amendments to the Basel Accord (III) Regulations for market, credit, counterparty and liquidity risk Stress testing for various risk measures including how to formulate and deliver stress tests The likely effects of Basel III on the international banking industry, including demonstrations of its practical application Need For The New Basel Norms The Basel III Norms Objectives of The Basel III Norms Basel III – Timeline 1. What is Basel III? 1.1. The Basel III papers 1.2. Was Basel II responsible for the market crisis? 1.3. Introduction to the Basel III Amendments 1.4. The Financial Stability Board (FSB), the G20 and the Basel III framework 2. The New Basel III Principles for risk management and corporate governance The key areas where the Basel Committee believes the greatest focus is necessary 2.1 Board practices 2.2 Senior management 2.3 Risk management and internal controls 2.4 Compensation 2.5 Complex or opaque corporate structures 2.6 Disclosure and transparency 3. The Quality of Capital 3.1 The numerator: A strict definition of capital 3.2 Limits and Minima 3.3 Common Equity Tier 1 3.4 Common shares issued by the bank 3.5 Additional Tier 1 capital 3.6 Tier 2 capital 3.7 Investments held by banks in capital instruments of other banks and financial and insurance entities 3.8 The corresponding deduction approach and the changes in the business model 3.9 Double Gearing and Basel III 3.10 Securitisation and Resecuritisation 4. The Risk Weighted Assets 4.1 The denominator: Enhanced risk coverage 4.2 Understanding securitization 5. The Capital Ratio 5.1 In addition to the quality of capital and risk coverage 5.2 Calibration 5.3 Transition period 6. Global Liquidity Standards 6.1 Introduction of global minimum liquidity standards 6.2 The Liquidity Coverage Ratio (LCR) that makes banks more resilient to potential short-term disruptions 6.3 Stock of high-quality liquid assets 6.4 Total net cash outflows 6.5 The Net Stable Funding Ratio (NSFR) that addresses longer-term structural liquidity mismatches 6.6 Available stable funding (ASF) 6.7 Required stable funding (RSF) 6.8 Contractual maturity mismatch 6.9 Concentration of funding 6.10 Available unencumbered assets 6.11 LCR by significant currency 6.12 Market-related monitoring tools 6.13 Transitional arrangements 7. Capital Conservation 7.1 Distribution policies that are inconsistent with sound capital conservation principles 7.2 Supervisors enforce capital conservation discipline 8. Leverage Ratio 8.1 Strong Tier 1 risk based ratios with high levels of on and off balance sheet leverage 8.2 Simple, non-risk-based leverage ratio 8.3 Introducing additional safeguards against model risk and measurement error 8.4 Calculation of the leverage ratio 9. Countercyclical Capital Buffer 9.1 Procyclical or Countercyclical? 9.2 The new countercyclical capital buffer 9.3 Home / Host Challenges 9.4 Guidance for national authorities operating the countercyclical capital buffer 9.5 Principles underpinning the role of judgement 9.6 Principle 1: (Objectives) 9.7 Principle 2: (Common reference guide) 9.8 Principle 3: (Risk of misleading signals) 9.9 Principle 4: (Prompt release) 9.10 Principle 5: (Other macroprudential tools) 9.11 Jurisdictional reciprocity 9.12 Frequency of buffer decisions and communications 9.13 Treatment of surplus when buffer returns to zero 10. Systemically Important Financial Institutions (SIFIs) 10.1 SIFIs and G-SIFIs 10.2 Improvements to resolution regimes 10.3 Additional loss absorption capacity 10.4 More intensive supervisory oversight 10.5 Stronger robustness standards 10.6 Peer review 10.7 Developments at the national and regional level 10.8 The Financial Stability Oversight Council (FSOC) 10.9 The European Systemic Risk Board (ESRB) 10.10 Strengthening SIFI supervision 11. Systemically Important Markets and Infrastructures (SIMIs) 11.1 The Basel Committee and Financial Stability Board endorse central clearing and trade reporting on OTC derivatives 11.2 Derivative counterparty credit exposures to central counterparty clearing houses (CCPs) 12. Risk Modelling, Stress Testing and Scenario Analysis 12.1 Capture of systemic risk/tail events in stress testing and risk modelling 12.2 VaR shortcomings: the normality assumption 12.3 Need for a strong stress testing programme 12.4 Systemic risk capture in banks’ risk models 13. Pillar 2 Amendments: Stress testing) 13.1 Pillar 2 Amendments: Stress testing 13.2 Principles for sound stress testing practices and supervision 13.3 15 stress testing principles for banks 13.4 Firm-wide stress testing 13.5 6 stress testing principles for supervisors 14. The Impact of Basel III 14.1 The Impact of Basel III 14.2 Investment Banking, Corporate Banking, Retail Banking 14.3 Investment banks are primarily affected, particularly in trading and securitization businesses 14.4 The new capital rules have a substantial impact on profitability 14.5 Basel III Impact on Regional Banks 14.6 Basel III Impact on Pillar 2 14.7 Basel III effect on financial sector 14.8 Basel III implications for bank risk management 14.9 Implications for European Systemic Risk Board 14.10 Impact of Basel III for commercial banks? 14.11 Basel III implications for indigenous banks 14.12 Can regional banks mitigate Basel III impacts? 14.13 Other Implications of Basel III 14.14 Areas of Focus 15. Conclusions 16. Examples (Case Studies) Basel III Capital Structure A worked example of a bank Basel III – explanation of changes Basel III Capital Structure


课程日期价格【远程 / 传统课堂】
Basel III – Certified Basel Professional - 厦门 - 国际银行大厦星期三, 2017-09-06 09:30¥29400 / ¥33600
CGEIT – Certified in the Governance of Enterprise IT - Beijing Pacific Century Place星期一, 2017-09-11 09:30¥39270 / ¥45270
CDP - Certificate in Data Protection - 香港 - 中環中心星期一, 2017-09-11 09:30¥47490 / ¥70690
CIAA - Certificate in Information Assurance Architecture - 上海 - 六八八广场星期一, 2017-09-11 09:30¥48180 / ¥51380
CDP - Certificate in Data Protection - 苏州 - 晋合广场星期一, 2017-09-18 09:30¥47490 / ¥53690
Corporate Compliance,培训,课程,培训课程, Corporate Compliances辅导,Corporate Compliance私教,Corporate Compliance教程,一对一Corporate Compliance课程,Corporate Compliance辅导班,Corporate Compliance课程,Corporate Compliance晚上培训,学Corporate Compliance班,企业Corporate Compliance培训,Corporate Compliance周末培训,学习Corporate Compliance ,短期Corporate Compliance培训,Corporate Compliance老师,小组Corporate Compliance课程,Corporate Compliance训练,Corporate Compliance讲师,Corporate Compliance培训师