Trainings and consulting services

Our most requested competence training for Industry guidelines, methods and international management system standards.

Our Exemplar Global certified training courses on ISO 9001, IATF 16949, etc. are modular and may be booked according to personal needs.

Module 1 (2 days): Understanding the standard

Module 2 (advanced, 2 days): Qualification as internal auditor

Module 3 (advanced, 1 day): Qualification as Lead or Supplier auditor

ALL AUDITOR CERTIFICATION TRAININGS ALIGN WITH THE REQUIREMENTS OF ISO 19011.

Understanding and Certification Series:

Seminar Content

Omnex is an Exemplar Global Certified TPECS provider for Exemplar Global AU and TL Competency Units. This five-day course has been developed to satisfy the Exemplar Global AU and TL Examination Profiles and, as such, all attendees who successfully pass the exams during this course will achieve a Certificate of Attainment for the following competency units:

  • Exemplar Global-AU
  • Exemplar Global-TL

This course was developed to cover all requirements of the ISO/IEC 27001:2013 standard. The course includes definitions from ISO/IEC 27000:2018 (Information Security Management Systems – Overview and Vocabulary), Guidance from ISO/IEC 27003:2017 (Information Security Management System Implementation and Guidance) and auditing requirements from both ISO 19011:2010 (Guidelines for Auditing Management Systems) and ISO/IEC 27007:2017 (Guidelines for Information Security Management Systems Auditing). Group exercises and case studies will be used to develop the required skills. Other topics covered include the auditing process and methodologies, e. g. planning and conducting an audit, writing nonconformity statements, preparing an audit summary and report, and verifying corrective actions following the requirements of ISO 19011 and ISO 27007. Auditing case studies to develop skills for identifying nonconformities will be used.

Who Should Attend

This seminar is primarily designed for lead auditor candidates, but can also be valuable for Information Security Assurance Managers, ISO/IEC 27001:2013 Implementation and/or Transition Team Members, Management Representatives, and all others who would like to develop competency in ISO/IEC 27001:2013 and the auditing process for third party auditing.

Recommended Training and/or Experience

An understanding of the ISO/IEC 27001:2013 requirements and/or work experience in applying ISO/IEC 27001:2013 is recommended.

Seminar Materials

Each participant will receive a seminar manual and a breakout workbook that includes auditing case studies.

Seminar Goals

  • Understand the application of Information Security Management principles in the context of ISO/IEC 27001:2013.
  • Relate the Information Security Management system to the organizational products, services, activities and operational processes.
  • Relate organization’s context and interested party needs and expectations to the planning and implementation of an organization’s Information Security Management system.
  • Relate organization’s context and interested party needs and expectations to the planning and implementation of an organization’s Information Security Management system.
  • Understand the application of the principles, procedures and techniques of auditing.
  • Understand the conduct of an effective audit in the context of the auditee’s organizational situation.
  • Understand the application of the regulations, and other considerations that are relevant to the management system, and the conduct of the audit.
  • Practice personal attributes necessary for the effective and efficient conduct of a management system audit.
  • Establish, plan and task the activities of an audit team.
  • Communicate effectively with the auditee and audit client.
  • Organize and direct audit team members.
  • Prevent and resolve conflict with the auditee and/or within the audit team.
  • Prepare and complete the audit report.

Seminar Outline

Day One

  • Introduction and Welcome
  • The ISO Standards Explained
  • Introduction to ISO/IEC 27001:2013 and Key Terms from the ISO 27000:2014 – Overview and Vocabulary
  • ISO/IEC 27001:2013 Requirements Including Applicable Guidance from ISO 27003:2017
    • Group Exercise: Context of the Organization
    • Group Exercise: Interested Parties
    • Group Exercise: Audit Scenarios
    • Group Exercise : IT Security Controls

Day Two

  • ISO/IEC 27001:2013 Requirements Including Applicable Guidance from ISO 27003:2017
    • Group Exercises: Audit Scenarios (cont’d)
    • Independent ISMS Written Exercise
  • Introduction to Turtle Diagrams and Audit Trails
  • Management of Audit Programs
  • Audit Planning and Preparation including ISO 27007 Guidelines for Information Security Management Systems Auditing
    • Breakout Exercise 1: Writing an Objective and Scope Statement
    • Breakout Exercise 2: Documentation Review
    • Breakout Exercise 3: Creating an Audit Plan

Day Three

  • Performing the Audit
    • Breakout Exercise 4: Performing an Audit
  • Writing Nonconformity Statements
    • Breakout Exercise 5: Writing Nonconformity Statements
  • Closing Meeting
  • Completing the Audit Report
  • Corrective Action and Closeout
    • Management Systems Auditing Written Exercise

Day Four

  • Leading Audit Teams
  • Customer-Specific Requirements – including NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations) and NIST SP 800-53 (Recommended Security Controls for Federal Information Systems and Organizations); as well as CSRs from the Aerospace, Automotive, Medical Devices Industries and Legal and Regulatory Requirements
  • Management System Certification Scheme and Auditor Qualifications
    • Leading Management Systems Audit Teams Written Exercise

Day Five

  • Review of Audit Process and Audit Management Strategies
    • Leading Management Systems Audit Teams Mock Audit Case Study
  • Practical Application of Audit Principles and Instructor Interviews

Seminar Content

This five-day seminar covers all 14 Clauses of the ISO 21434 standard to give those attending the information necessary to understand the standard, and move your organization toward conformance. ISO 21434 is the draft cybersecurity standard that is applied to Cybersecurity Related Systems that include electric/electronic, wired and wireless communication systems installed in production passenger vehicles. The course combines presentations with hands-on work and is conducted in English. There is an optional ISO 21434 Certification exam at the end of the class for those wanting to demonstrate and document their knowledge.

This course combines presentations, along with in-class group exercises to put what you are learning into practice. Concepts are reinforced by a running case study of an air bag system. Forms are used to complete the exercises as a part of the integrated workshops that include Item Definition, Threat Analysis and Risk Assessment (TARA), Cybersecurity Goals, CAL levels, Cybersecurity Concept, and Hardware/Software Interface.

Who Should Attend

Those involved in the design, development, and production of electrical and electronic based vehicle products, including the systems, software and hardware engineers, and managers. Basically, all those responsible for the development and implementation of hardware and software systems in motor vehicles.

Participants should be, or plan to be, actively managing, or involved in, or aware of electrical and/or electronic items, systems, or elements that are incorporated in motor vehicles. And have the abilities, education, and experience required for the above roles.

Recommended Training and/or Experience

Participants should be involved in or aware of software and hardware development as it relates to the motor vehicle industry.

Seminar Materials

Each participant will receive a seminar manual including case studies.

Seminar Goals

  • Tailor the necessary activities to support vehicle cybersecurity lifecycle management, development, production, operation, service, and decommissioning
  • Information provided in the class can be used for ISO 21434 implementation
  • Understand cybersecurity aspects of the entire development process including requirements specification, design, implementation, integration, verification, validation, and configuration.
  • Understand the risk-based approach for determining risk classes cybersecurity assurance levels (CALs)
  • Use CALs for achieving an acceptable residual risk
  • Provide requirements for validation and confirmation measures to ensure a sufficient and acceptable level of cybersecurity is being achieved.

Daily Agenda (approximate, based on class discussions)

Day One

  • Chapter 1: Introduction and Overview to ISO 21434
    • ISO 21434 Purpose, Scope and Framework
  • Chapter 2: Overall Cybersecurity Management (Clause 5)
    • Cybersecurity Governance
    • Cybersecurity Culture
    • Cybersecurity Risk Management
    • Cybersecurity Audit
    • Information sharing
    • Confirmation Measures
  • Chapter 3: Project Dependent Cybersecurity Management (Clause 6)
    • Tailoring of Cybersecurity Activities
    • System or Component out of Context
    • Cybersecurity Planning
    • Cybersecurity Case
    • Breakout Exercise 1: Safety Case Outline
  • Chapter 4: Post-Development Phases (Clauses 10-13)
    • Production, Operation, Maintenance, and Decommissioning
  • Chapter 5: Concept Phase (Clause 8)
    • Cybersecurity Relevance
    • Item Definition
    • Breakout Exercise 2: Item Definition

Day Two

  • Chapter 5: Concept Phase (Clause 8) (cont’d)
    • Threat Analysis and Risk Assessment (HARA)
    • Breakout Exercise 3: Threat and Risk Analysis
    • Cybersecurity Goals
    • Cybersecurity Concept
    • Breakout Exercise 4: Cybersecurity Requirements
  • Chapter 6: CAL-Oriented and Cybersecurity-Oriented Analyses (Annex F)
    • Cybersecurity Assurance Levels (CAL)
    • Usage of CALs
  • Chapter 7: Risk Assessment Methods (Clause 7)
    • Asset Identification
    • Vulnerability Analysis
    • Breakout Exercise 5: Vulnerability Analysis
    • Attack Feasibility Analysis
    • Risk Determination
    • Risk Treatment

Day Three

  • Chapter 8: Product Development I (Clause 9.1)
    • Introduction to Design & Verification
    • Structure of Cybersecurity Requirements
    • Refined Cybersecurity Design
    • Cybersecurity Controls
    • Design Principles
  • Chapter 9: Product Development II (Clause 9.1)
    • Hardware Development
    • Reference Model
    • Hardware Design Principles

Daily Agenda (approximate, based on class discussions) 

  • Chapter 10: Product Development III (Clause 9.1)
    • Software Development I
    • Design Principles
    • Breakout Exercise 6: Walkthrough vs. Inspection
    • Design Verification

Day Four

  • Chapter 11: Product Development IV (Clause 9.1)
    • Software Development II
    • Verification Compliance
    • Testing Environments
    • Item Integration and Testing
    • System Integration and Testing
    • Test Cases
  • Chapter 12: Validation at Vehicle Level & Release for Post-Development (Clauses 9.2 & 9.3)
    • Cybersecurity Validation
    • Cybersecurity Assessment
    • Breakout Exercise 6: Developing a Cybersecurity Case
    • Release for Post-Development

Daily Agenda (approximate, based on class discussions)

Day Five

  • Chapter 13: Supporting Processes (Clause 14)
    • Quality Management Systems
    • Change Management
    • Documentation Management
    • Configuration Management
    • Requirements Management
    • Verification
    • Breakout Exercise 8: Confidence in Management Systems
    • Tool Management
    • Distributed Cybersecurity Activities
  • Chapter 14: ISO 21434 Implementation Strategy

Optional ISO 21434 Certification Exam – Final 3 hours of Day Five

Three Levels of Certification

Level 1

Cybersecurity Engineer
Provisional (CSEP)

Knowledge Requirements:

  • One week of Automotive Cybersecurity Training and pass the ISO 21434 Certification exam.

Prerequisites:

  • At least three years of relevant professional experience, an engineering degree or work experience equivalency with degree.

Level 2

Cybersecurity Engineer (CSE)

Knowledge Requirements:

  • One week of Automotive Cybersecurity Training and pass the ISO 21434 Certification exam.

Prerequisites:

  • Submit a case study demonstrating experience in Automotive Cybersecurity that can be verified. The case study should demonstrate a broad understanding from Cybersecurity Plan to Cybersecurity Case (work products).
  • Interview with an Omnex Cybersecurity Expert.
  • At least five years of relevant industry experience.

Level 3

Cybersecurity Expert (CSX)

Knowledge Requirements:

  • One week of Automotive Cybersecurity Training and pass the ISO 21434 Certification exam

Prerequisites:

  • Submit two case studies demonstrating the ability to conduct confirmation reviews, evidence of communication and a broad understanding from Cybersecurity Plan to Cybersecurity Case.
  • Interview with an Omnex Cybersecurity Expert.
  • At least five years of relevant industry experience.

Have more questions?

If you are looking for information or certification training for another standard, call or email us. We can and will help meet your needs.

Omnex Worldwide

Please choose your location.

X