Description
Objectives
At the end of the course, the participants must be able to:
understand the role and responsibilities of the cloud officer / outsourcing officer
have an overview of the applicable circulars including CSSF Circular 22/806 and the domains covered in this circular. It will enable them to make their choices including gap analysis and remediation actions for conformity with this circular.
understand and demonstrate different service and delivery models of cloud computing
understand and demonstrate the risk management for outsourcing arrangements (ICT, cloud, and business process outsourcing)
understand and demonstrate security aspects and principles of cloud computing
practically manage the outsourcing operations
Programme
Role and responsibilities
Introduction
Definition
Cloud officer
Outsourcing officer
Responsibilities
Hierarchical structure
Compliance considerations
Based on the European Banking Authority (EBA) guidelines and best practices in the field of outsourcing compliance
Introduction
Applicable circulars
CSSF 22/806
CSSF 20/750
CSSF 21/769 (22/804)
Circular 22/806 domains
General principles (including sustainability (ESG))
Governance
Assessments of outsourcing arrangements
Framework
Outsourcing process
Requirements in the context of ICT outsourcing arrangements
Next Steps
Cybersecurity, policies, processes, and Risk Management
Introduction
Cybersecurity domains
Governance and strategy
Risk management
Basics of Risk Management
Risk management of the outsourcing arrangements (ICT, cloud and business process outsourcing)
Information security
Policy and processes
Identity and Access management
Cryptography
Examples of cloud security solutions
ICT governance
Business continuity management
Next Steps
Outsourcing and Technologies: Cloud Solution Providers (AWS & AZURE) and other outsourcing use case
Introduction to different service and delivery models of cloud computing.
Introduction to the cloud solution providers
AWS
MS Azure
Cloud solution providers
Security principles
How principles apply (Security options, data encryption…)?
Cascade outsourcing: Organisational and Compliance Aspects
Other outsourcing use cases: SOC, Hosting, Development, …
Compliance practical implications (Circular 22/806 CSSF included)
CSSF notification step by step
Alignment of the governance with the circular
Management body responsibility
Proportionality analysis
Outsourcing definition
Outsourcing policy
Outsourcing life-cycle
Outsourcing register
Contract management
Upgrade of existing outsourced functions
Critical or important functions (CIF)
Exit strategy and Business Continuity management
Service provider monitoring process – Outsourcing monitoring framework.
Target audience
ICT/Security Risk Managers, (C)ISO, Risk Officer, Cloud Officer, Outsourcing Officer, Business Continuity Manager, Compliance Officer, of Banks
Any manager involved in the 2nd Line of defense (such as governance, risk management, compliance, security, business continuity)
Modalities
Course Material
The training material will be handed out at the beginning of the course.
Exam
The knowledge acquired in the seminar will be validated through an ONLINE examination. The examination is based on a MCQ questionnaire of around 50 questions. The required passing rate is 80%.
By the end of the course participants will receive the link for the examination and will have 5 working days to take it.
Certificate
At the end of the training, a certificate of attendance will be available either on your client account or on demand to the customer service.
Candidates who successfully complete the examination will receive the following certificate of completion co-signed by the ABBL: "Certified Cloud Officer & Outsourcing Officer"
Location
L-1615 Luxembourg
Luxembourg
Contact
For further questions please contact our partner in your country