Training Modules

Use management systems to drive performance, risk control and organisational credibility beyond certification

Apply executive judgement to turn management systems into drivers of reliability, trust and strategic performance

Analyse organisational context, stakeholders and system boundaries to support effective management systems

Define clear policy direction and accountability through effective leadership responsibilities in management systems

Design coherent, auditable policy frameworks that align with strategy, scale across entities, and stay current without excess bureaucracy

Define clear roles, decision rights, governance mechanisms and escalation paths in management systems

Ensure management systems are supported with sufficient people, time, budget, infrastructure and external support

Control documented information, records and organisational knowledge so they stay accurate, accessible and usable in management systems

Systematically identify, evaluate, treat and monitor risks and opportunities across management systems

Define and govern management system objectives and KPIs with clarity and consistency

Design, document and maintain usable processes with clear boundaries, flows, handovers, controls and evidence

Plan and ensure competence, awareness and communication for people within the scope of a management system

Establish and run operational control with clear operating criteria, checks, records and deviation handling

Select, qualify and control suppliers and outsourced processes across their lifecycle

Design and run monitoring activities and measurement methods to generate reliable performance data for evaluation and improvement

Evaluate monitoring and measurement results, interpret trends and deviations, and summarise conclusions to support management decisions

Plan, perform and use internal audits effectively to support governance and improvement

Conduct effective management reviews with structured inputs, clear decisions and audit-ready evidence

Build disciplined corrective action and continual improvement through root cause analysis, action planning, implementation and effectiveness verification

Structure complex decisions, clarify objectives, evaluate trade-offs, and make defensible choices under uncertainty

Implement and evolve management systems so new processes, controls and improvements are adopted effectively

Apply evidence-based audit reasoning, materiality-focused prioritisation and structured audit test planning

Plan and conduct effective audit interviews, use structured questioning, and guide conversations to obtain reliable audit evidence

Formulate evidence-based audit findings, structure clear audit reports, and verify the effective closure of agreed actions

Design and govern risk-informed audit programmes, decide when audits should be combined or kept separate across standards, harmonise group-level structures, and structure programme-level reporting

Plan and conduct supplier audits using contract-based criteria, defined evidence targets and disciplined audit documentation

Navigate accreditation, the certification ecosystem, the audit lifecycle, impartiality boundaries and certification decision interfaces

Determine, review, agree and control customer requirements and related customer communications in line with ISO 9001

Control product design and development, produce the required evidence, and manage design changes effectively

Control service design and development, produce required evidence, and manage changes in line with ISO 9001 Clause 8.3

Control production under defined conditions, with identification, traceability, preservation and managed production changes

Control service delivery under defined conditions, including acceptance and release, customer property, and operational changes

Core concepts in preventive controls, including access management, cryptography, secure configuration and protective design

Core concepts in detective and corrective controls, including logging, monitoring, incident response, backup and recovery

Define clear ISO/IEC 27001 ISMS scope and boundaries and maintain a defensible Statement of Applicability (SoA)

Systematically assess, treat and document information security risks with traceable decisions in line with ISO/IEC 27001

Plan, implement and operate information security controls consistently in day-to-day activities in line with ISO/IEC 27001

Core AI concepts, AI system types, AI agents, and the technical building blocks behind modern AI-enabled products and services

AI uncertainty, limitations and common failure modes across predictive and generative AI systems

Define AI system scope, set lifecycle boundaries, and maintain an AI system inventory aligned with ISO/IEC 42001

Assess AI impacts and harms, document findings, and connect them to risk decisions in an AI management system

Define, implement and maintain operational controls for AI systems across deployment, change and monitoring

Perform ISO 22301-aligned business impact analysis, identify critical activities, and define time-based recovery requirements

Evaluate continuity strategy options, design continuity solutions, and apply decision criteria aligned with ISO 22301 time-based requirements

Structure continuity plans, define response roles and communications, and design exercises aligned with continuity requirements

Privacy roles, obligations and controls in organisations, aligned with common national and international data protection requirements

Define PII processing context, determine controller and processor roles, and set practical PIMS scope boundaries under ISO/IEC 27701

Assess privacy risks, reason about impacts, and document DPIAs within an ISO/IEC 27701-aligned PIMS

Implement role-based privacy controls and data subject rights handling within an ISO/IEC 27701-aligned PIMS

Identify environmental aspects, evaluate impacts and significance, and maintain the assessment over time in an ISO 14001 context

Control operations in an environmentally sound and compliant manner in line with ISO 14001

Establish effective arrangements for environmental emergencies through defined response plans, drills and post-incident learning

Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates

Assess whether leadership commitment, policy direction and governance structures credibly steer the management system

Assess whether risk and opportunity management credibly informs organisational decisions and priorities

Assess whether documented information is fit for use, internally consistent and credible as audit evidence

Assess whether objectives and KPIs credibly measure and steer organisational performance

Assess whether operational controls and process interactions work reliably in day-to-day practice

Assess whether supplier and outsourced process controls manage risk effectively and achieve intended outcomes across organisational boundaries

Assess whether internal audit and related assurance mechanisms cover risk credibly and provide meaningful assurance

Assess whether management review credibly steers organisational priorities, risks and improvement

Assess whether corrective action addresses nonconformities effectively and whether continual improvement strengthens performance beyond nonconformity response

Evaluate whether customer requirements are defined, agreed, controlled and traceable from commitment through delivery in an ISO 9001 QMS

Assess controls, validation and effectiveness in product and service design and development against ISO 9001 requirements

Assess whether production and service provision are controlled, monitored and capable of delivering consistent outcomes in an ISO 9001 QMS

Evaluate asset-threat-vulnerability logic, risk treatment decisions, and traceability to controls and the Statement of Applicability

Evaluate control applicability, implementation evidence and common failure patterns across ISO/IEC 27001 Annex A control themes

Evaluate harm, impact and risk reasoning, intended use alignment, and decision traceability in ISO/IEC 42001

Evaluate lifecycle and data governance controls across data sourcing, training, validation, deployment, monitoring, and change in ISO/IEC 42001

Assess whether environmental aspects are identified, significance is judged credibly, and lifecycle perspective is applied in an ISO 14001 EMS

Assess whether environmental operational controls and emergency preparedness work effectively within an ISO 14001 management system

Assess whether business impact analyses produce credible recovery priorities and recovery objectives in an ISO 22301 BCMS

Evaluate whether continuity strategies, operational readiness and exercising provide credible recovery capability in an ISO 22301 BCMS

Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS

Evaluate whether privacy controls are implemented effectively and applied consistently across personal data processing activities