Cloud Officer & Outsourcing Officer - Certified programme

À qui s'adresse la formation?

Stakeholders (Information and communication technology (ICT) and Risk Management), e.g., (C)ISO, Risk Officer, Cloud Officer, Outsourcing Officer, Business Continuity Manager, Compliance Officer, Project Managers, Program Managers, Change Managers etc. in:

Credit institutions (LFS)
Investment firms (LFS)
Payment institutions (LPS)
Other Professionals of Financial Sector (PFS)
IFMs (Investment fund managers)
Post Luxembourg
Support PFS
Insurance firms

Durée

42,00 heure(s)

Langues(s) de prestation

Prochaine session

Contacter l'organisme

Objectifs

At the end of the course, the participants must be able to:

understand the role and responsibilities of the cloud officer / outsourcing officer
have an overview of the applicable circulars including CSSF Circular 22/806 and the domains covered in this circular. It will enable them to make their choices including gap analysis and remediation actions for conformity with this circular.
understand and demonstrate different service and delivery models of cloud computing
understand and demonstrate the risk management for outsourcing arrangements (ICT, cloud, and business process outsourcing)
understand and demonstrate security aspects and principles of cloud computing
practically manage the outsourcing operations

Contenu

Role and responsibilities

Introduction
Definition
- Cloud officer
- Outsourcing officer
Responsibilities
Hierarchical structure

Compliance considerations (Circular 22/806 CSSF included)

Introduction
Applicable circulars
- CSSF 22/806
- CSSF 20/750
- CSSF 21/769 (22/804)
Circular 22/806 domains
- General principles (including sustainability (ESG))
- Governance
  - Assessments of outsourcing arrangements
  - Framework
  - Outsourcing process
- Requirements in the context of ICT outsourcing arrangements
Next Steps

Cybersecurity, policies, processes, and Risk Management

Introduction
Cybersecurity domains
- Governance and strategy
- Risk management
  - Basics of Risk Management
  - Risk management of the outsourcing arrangements (ICT, cloud and business process outsourcing)
- Information security
  - Policy and processes
  - Identity and Access management
  - Cryptography
  - Examples of cloud security solutions
- ICT governance
- Business continuity management
Next Steps

Outsourcing and Technologies: Cloud Solution Providers (AWS & AZURE) and other outsourcing use case

Introduction to different service and delivery models of cloud computing.
Introduction to the cloud solution providers
- AWS
- MS Azure
Cloud solution providers
- Security principles
- How principles apply (Security options, data encryption…)?
Cascade outsourcing: Organisational and Compliance Aspects
Other outsourcing use cases: SOC, Hosting, Development, …

Compliance practical implications (Circular 22/806 CSSF included)

CSSF notification step by step
Alignment of the governance with the circular
- Management body responsibility
- Proportionality analysis
- Outsourcing definition
- Outsourcing policy
- Outsourcing life-cycle
- Outsourcing register
- Contract management
- Upgrade of existing outsourced functions
- Critical or important functions (CIF)
- Exit strategy and Business Continuity management
- Service provider monitoring process – Outsourcing monitoring framework.

Évaluation

The knowledge acquired in the seminar will be validated through an examination. The examination is based on a MCQ questionnaire of around 30 questions. The required passing rate is 60%.