67 Courses

About this training course This 3-day introductory-level course provides a comprehensive overview of Auditing in the Exploration & Production (E&P) industry. It is suitable for anyone who wants to gain a broader understanding of Upstream Oil & Gas Auditing - including joint venture, financial and contractual audits by government and regulatory authorities in the various granting regimes (Production Sharing Contracts, Risk Service Contracts, Concessionary). Training Objectives After the completion of this training course, participants will be able to: Gain knowledge of the unique features or key phases of the E&P Business Understand the general principles and objectives of the various different types of Upstream Oil & Gas audits Add value to your organisation by improving your audit techniques and auditing skills Review the importance of following process in order to avoid costly audit related findings. Utilize industry specific examples and exercises, develop your understanding of the most common E&P industry audit issues Target Audience This training course is suitable and will greatly benefit the following specific groups: Audit staff who are new or relatively new to the industry and who require a grounding in the various aspects of E&P Audit Finance or Accounting personnel involved in supporting audits Staff from a wide range of other business functions who are connected to / impacted by audit, such as, Supply Chain, Operations, Contracts Holders, IT, Tax and Treasury Topics will be covered from both the perspective of being part of an audit team plus that of the team being audited. Therefore, the course will appeal to staff from IOC's, NOC's and those from Government and/or Regulatory Authorities. Course Level Basic or Foundation Training Methods The training instructor relies on a highly interactive training method to enhance the learning process. This method ensures that all participants gain a complete understanding of all the topics covered. The training environment is highly stimulating, challenging, and effective because the participants will learn by case studies which will allow them to apply the material taught in their own organization. Course Duration: 3 days in total (21 hours). Training Schedule 0830 - Registration 0900 - Start of training 1030 - Morning Break 1045 - Training recommences 1230 - Lunch Break 1330 - Training recommences 1515 - Evening break 1530 - Training recommences 1700 - End of Training The maximum number of participants allowed for this training course is 25. This course is also available through our Virtual Instructor Led Training (VILT) format. Trainer Your expert course leader has more than 30 years of experience in the international oil and gas industry, covering all areas of Finance and Audit, including involvement in Commercial roles. During her 19 years with ENI she worked in Italy, Netherlands, Egypt and UK and was CFO for 2 major ENI subsidiaries. She has delivered training courses in Accounting, Audit, Economics and Commercial topics in many Countries. She has a Degree in Economics & Accounting and is a Certified Chartered Accountant. She is also a Chartered Auditor and an International Petroleum Negotiator. Outside of work, she is inspired by the beauty of nature and art, helping disadvantaged people, sports (football, golf) and her cat. Courses Delivered Internationally: E&P Accounting, Auditing in the Oil & Gas Industry Cost Control & Budgeting Introduction to the Oil & Gas Industry Petroleum Project Economics Contracts Strategy International O&G Exploitation Contracts POST TRAINING COACHING SUPPORT (OPTIONAL) To further optimise your learning experience from our courses, we also offer individualized 'One to One' coaching support for 2 hours post training. We can help improve your competence in your chosen area of interest, based on your learning needs and available hours. This is a great opportunity to improve your capability and confidence in a particular area of expertise. It will be delivered over a secure video conference call by one of our senior trainers. They will work with you to create a tailor-made coaching program that will help you achieve your goals faster. Request for further information post training support and fees applicable Accreditions And Affliations

Course Information Our comprehensive course is used as a gateway to those stepping into the world of auditing clinical studies. Tailored for those already acquainted with Good Clinical Practice (GCP) and those transitioning from other audit disciplines, this programme stands as a pivotal guide. Pre-existing knowledge of GCP will significantly enhance your learning experience in auditing against these guidelines. How is this course run? Engage in immersive workshops providing hands-on practice with auditing techniques in a GCP context. Our seasoned tutors, boasting extensive audit experience, intertwine theory with practical insights drawn from their own professional journeys. What will I learn? A comprehensive understanding of the historical backdrop and objectives driving Good Clinical Practice, incorporating the latest industry developments Solid grounding in quality assurance activities aligned with regulatory standards Insight into potential pitfalls within clinical trials and the pivotal role of auditors in addressing these issues Clarity on the roles and responsibilities inherent to clinical trials auditing Exposure to a diverse range of audit techniques complemented by illustrative examples and supportive documents A nuanced understanding of regulatory inspectors' activities Expanded professional networks to propel your auditing career forward. Benefits include: A clear understanding of the role of the auditor under Good Clinical Practice improved audits Improved Good Clinical Practice compliance for your clinical trials. This course is structured to encourage delegates to: Discuss and develop ideas Solve specific problems Examine particular aspects of Good Clinical Practice. Tutors Tutors will be comprised of (click the photos for biographies): Rosemarie Corrigan EVP Global Quality, Worldwide Clinical Trials Cathy Dove Director and Owner, Dove Quality Solutions Julie Kelly Associate Director, Clinical Quality Assurance, Corcept Therapeutics Susana Tavares Director of Research Quality Assurance, - Programme Please note timings may be subject to alteration. Day 1 12:30 Registration 13:00 Welcome and Objectives for the first day of the course 13:30 Laying the Foundations Introduction to the clinical development process, the concepts of quality assurance, quality control and audit. 14:30 Break 15:00 Patient Protection Requirements for informed consent and ethics committee. Access to source documentation. Including a patient protection exercise. 16:05 Workshop 1 - Case Study on Informed Consent 16:45 End of Day Questions and Answers 17:00 Close of Day Day 2 08:50 Questions and Answers from Day 1 09:00 Effective Site Audits The procedures involved in selecting and setting up audits at investigator sites. 09:40 Workshop 1 - Planning the Effective Audit 10:30 Break 10:45 Source Data Verification The need for and purpose of verifying data. 11:25 Workshop 2 - Source Data Verification 12:30 Lunch 13:30 IMP Management The requirements surrounding the distribution of investigational medicinal products. Accountability from release to destruction. 14:15 Critical Document Audits The conduct of other study specific audits including protocols, databases and reports. 15:00 Break 15:15 Non-compliance Determining the acceptability of data. 16:00 Fraud - Fact or Fiction? How to identify fraud and its consequences 16:45 End of Day Questions and Answers 17:00 Close of Day Day 3 08:50 Questions and Answers from Days 1 and 2 09:00 Auditing Third Parties A review of audits of contract research organisations. 10:00 System Audits The concept of auditing processes across many clinical trials, including a practical exercise in process mapping. 10:45 Break 11:00 Workshop 3 - Process Mapping 11:45 Effective Audits Where theory meets reality. 12:30 Lunch 13:20 Audit Reports - Closing the Loop An examination of the processes which follow the evidence gathering phase of the audit. 14:20 Workshop 4 - Audit Reports Audit reports, corrective and preventive action. 15:00 Break 15:10 Regulatory Inspection Auditors and regulatory inspections -how the QA team can help the organisation to perform during a regulatory inspection. 15:55 Final Questions and Answers 16:10 Close of Course Extra Information Face-to-face course Course Material Course material will be available in PDF format for delegates attending this course. The advantages of this include: Ability for delegates to keep material on a mobile device Ability to review material at any time pre and post course Environmental benefits – less paper being used per course. The material will be emailed in advance of the course and RQA will not be providing any printed copies of the course notes during the training itself. Delegates wishing to have a hard copy of the notes should print these in advance to bring with them. Alternatively delegates are welcome to bring along their own portable devices to view the material during the training sessions. Remote course Course Material This course will be run completely online. You will receive an email with a link to our online system, which will house your licensed course materials and access to the remote event. Please note this course will run in UK timezone. The advantages of this include: Ability for delegates to keep material on a mobile device Ability to review material at any time pre and post course Environmental benefits – less paper being used per course Access to an online course group to enhance networking. You will need a stable internet connection, a microphone and a webcam. CPD Points 17 Points Development Level Develop

The "ISO 14298:2021 Lead Auditor Course" integrates the principles of ISO 14298:2021, the International Standard for Security Printing Management, with the methodologies outlined in ISO 19011:2018, the Guidelines for Auditing Management Systems. The course equips participants with the skills and knowledge required to lead security printing audits effectively, ensuring compliance with ISO 14298:2021, and applies the principles of ISO 17011:2017 for conformity assessment bodies. It covers audit planning, execution, and reporting while emphasizing risk management and continual improvement.

Course Information Our extensively proven course delves into the essential stages of process and system auditing. Gain invaluable insights and direction in auditing systems and processes, spanning across global and local organisational levels. This course will assist delegates with: A practical approach for the development and conduct of process and system audits An enhanced understanding of key system audit principles, preparation, design and conduct Increased expertise, efficiency and confidence. This course is structured to encourage delegates to: Discuss and develop ideas Solve specific problems Share knowledge and experiences. By the end of the course delegates will be better able to: Design and plan more effectively to achieve their process and systems audit objectives and add value to their organisation Improve the effectiveness, focus and credibility of the audit programme Understand the key system audit principles, preparation, design and conduct Develop system audit tools to ensure more effective audit conduct and outcome Create audit strategies utilising risk management principles Prepare for inspections. Tutors Tutors will be comprised of (click the photos for biographies): Allison Jack Executive Director, Bristol Myers Squibb Rocio Castellanos Director, Pfizer Ltd Guy Houben G(C)LP Auditor, Janssen Pharmaceutical Companies of Johnson & Johnson Programme Please note timings may be subject to alteration. Day 1 08:50 Registration 09:00 Welcome and Introductions, Expectations/Challenges/Experiences A discussion to explore the range of approaches to the conduct of systems audit. 09:30 Introducing Systems Audit What is a system? Why conduct system audits? Advantages, disadvantages and challenges. 10:20 Break 10:35 Systems Audit Design and Planning Identifying the customer, setting objectives, development of the audit plan and audit tools, plans for the audit report. 12:00 Designing System Audit Tools 12:45 Lunch 13:30 System Audit Plan - Exercise 14:00 Introduction to Case Studies The objectives of the case studies are defined and process and outputs described. 14:15 Case Studies - Session 1 A first opportunity for work on case studies. Defining objectives and scope and understanding the requirements of the audit client. 15:00 Break 15:20 Case Studies - Session 1 continued 16:30 Case Studies - Feedback 17:00 Close of Day 1 Day 2 09:00 Simple System Audit Example - Introduction The objectives of the case studies are defined and process and outputs described. 09:10 Case Studies - Session 2 - A Simple System Audit Example An example of system audit applied to a simple system. 10:30 Break 10:45 A Simple System Audit Example - Case Study Feedback 11:30 Strategy Audit programme planning. 12:15 Lunch 13:00 Case Studies - Session 3 Work on delegate's case studies. 14:30 Break 14:45 Case Studies - Session 3 - Feedback 15:15 Closing remarks 15:30 Close of course Extra Information Face-to-face course Course Material Course material will be available in PDF format for delegates attending this course. The advantages of this include: Ability for delegates to keep material on a mobile device Ability to review material at any time pre and post course Environmental benefits – less paper being used per course. The material will be emailed in advance of the course and RQA will not be providing any printed copies of the course notes during the training itself. Delegates wishing to have a hard copy of the notes should print these in advance to bring with them. Alternatively delegates are welcome to bring along their own portable devices to view the material during the training sessions. Remote course Course Material This course will be run completely online. You will receive an email with a link to our online system, which will house your licensed course materials and access to the remote event. Please note this course will run in UK timezone. The advantages of this include: Ability for delegates to keep material on a mobile device Ability to review material at any time pre and post course Environmental benefits – less paper being used per course Access to an online course group to enhance networking. You will need a stable internet connection, a microphone and a webcam. CPD Points 14 Points Development Level Develop

If you need to conduct effective internal audits against your own Quality Management Systems against the ISO 9001 series of standards, customer-specific, or regulatory requirements – then this is the workshop for you! Course Overview: This ISO 9001:2015 Internal Auditor training is a highly interactive two-day practical workshop, perfect for those requiring a solid understanding of quality auditing techniques and principles. It emphasises the role of the internal ISO auditor in developing and improving effective Quality Management Systems (QMS) and is designed to ensure that participants will have the knowledge and skills to plan, prepare, perform and report the results of internal audits based on ISO 9001 requirements. This ISO 9001 Internal Auditor workshop is aimed at candidates who already have a basic knowledge & understanding of the ISO 9001 requirements. For individuals who do not yet have this knowledge, then we recommend that they become familiar with/develop their understanding of the standard prior to attending the auditor course. What Will Your Learn: You will learn about: What is an effective Quality management system The purpose of an audit How to approach an audit You’ll have the knowledge to: Explain the guidelines of auditing management systems according to ISO 19011:2018 Guidelines for Auditing Management Systems Describe the application of these guidelines to auditing ISO 9001:2015 You’ll have the skills to: Initiate the audit. Prepare and audit activities; complete the audit. Prepare and distribute the audit report. Identify trends and use them to develop action plans. Audit follow-up. Who Should Attend: This Internal Auditor workshop is designed to build upon delegates’ prior knowledge of ISO 9001 and teach them the skills to undertake internal audits of part of a QMS based on ISO 9001. It is delivered as a mix of practical activities, group discussions, and classroom learning. It is suitable for: Staff who will be involved in performing internal audits within their organisation. Managers responsible for the effectiveness and efficiency of an operating unit. Auditees who wish to understand the audit process. Operational and Support functions involved in maintaining or supervising of an ISO 9001:2015 QMS. Managers and decision-makers wanting to understand the auditing process to improve their organisation’s quality management practices. Cost: £800 + VAT per person. What is included Refreshments and lunch provided each day of training Free car park If your organization is a CforC member, please contact us for discounted rates.

Overview The course focuses on topics such as the fundamental concepts of auditing and quality management, principles of internal and external audit, auditing processes and tools, principles and practice of root cause analysis, communication and people skills, and other related topics. Students who successfully complete this course will gain the essential knowledge and skills necessary to become successful auditors and work with confidence to improve the processes in their organizations.

Overview Internal auditing is an independent and objective activity to evaluate an organisation's internal operations. You'll learn how to initiate an audit, prepare and conduct audit activities, compile and distribute audit reports and complete follow-up activities. It is very important for the organisation to have a smooth flow of accounting as it plays a very important role in the development of the organisation. Financial Managers or any person who deals with Accounts need to see that the company accounts are very updated and are free from any risks that can become a problem during the time of Auditing.  Objectives   By the end of the course, participants will be able to: Efficiently dealing with senior leaders with confidence Effective Contribution and Strategically Analysing and Auditing towards business success Analysing and Evaluating as an effective internal audit leader How to manage key relationships with the audit committee Practical methods for managing the audit committee and senior management Describing the significance to help maximize the contribution to their organization

Oracle Database 12c Admin training course description This Oracle Database 12c Administration course is designed to give the Oracle database administrator practical experience in administering, monitoring, tuning and troubleshooting an Oracle 12c database. Database administrators will gain an understanding of the architecture and processes of the Oracle database server. They will be able to ensure the integrity and availability of a company's data within the Oracle environment. They will be able to monitor the performance of the database, allocate resources with the Resource Manager and Schedule jobs. What will you learn Administer an Oracle database instance. Monitor an Oracle database. Configure the Oracle network environment. Create and manage database storage structures. Manage users, profiles, privileges and roles. Manage undo data and temporary segments. Monitor and resolve lock conflicts. Maintain database security. Implement database auditing. Monitor the performance of the Database. Load and unload data. Use the job scheduler. Configure a database for backup and recovery. Oracle Database 12c Admin training course details Who will benefit: This Oracle Database 12c Administration course is for anyone who needs to administer, monitor and support an Oracle 12c database. Prerequisites: An understanding of relational database concepts and good operating system knowledge. They should have attended the Oracle SQL course or have a good working knowledge of Oracle SQL. Knowledge of the usage of PL/SQL packages is highly recommended. Duration 5 days Oracle Database 12c Admin training course contents Introduction to Oracle database 12c Overview of the Oracle database 12c, Overview of the Oracle Cloud, Relational database concepts, database administration tasks. Oracle Database 12c Architecture Overview of the Oracle database architecture, The Oracle database instance, Oracle Database memory structures, Process architecture and structures, Server and client processes, The Oracle database storage architecture, Connect to the Oracle database instance. Administer a database instance Administrative tools available to a DBA, Use SQL*Plus in Oracle to manage a database instance, Use SQL Developer to manage a database instance, Administer the database using Enterprise Manager (EM), Overview of the Enterprise Manager framework, Access Enterprise Manager Database Express, The Enterprise Manager Database Express Home Page, Enterprise Manager Cloud Control, Initialization parameter files. Configure the Oracle network environment Overview of network configuration, Oracle Net Listener configuration and management, Oracle Net naming methods, Tools for configuring and managing the Oracle network, Using the Net Configuration Assistant, Configure client connections with Net Manager, View listener configuration, Start and stop the Oracle listener, Use TNSPING to test Oracle Net connectivity, Connect to the database, Configure Net Services with Enterprise Manager. Storage Structures Overview of data storage, The database block, Overview of tablespaces and datafiles, Use Enterprise Manager to view the storage structure of the database, Create and alter tablespace commands, Temporary tablespaces, Create and manage datafiles, Use OMF, Drop tablespaces and datafiles. Manage users Predefined database administration accounts, User accounts, Create a user account, User authentication, Change a user's password, Manage a user account, Drop a user account, Monitor user information, Terminate user sessions. Manage profiles and resources Overview of user profiles, Profile resource parameters, Create profile command, Manage passwords with profiles, Control resource usage with profiles, Maintain profiles. Manage privileges Database access, Oracle supplied roles, System and object level privileges, The grant and revoke commands, Create, modify and drop roles, Use predefined roles. Database auditing Overview of database security, Overview of database auditing, Security compliance, Standard auditing, Unified audit trail, Separation of audit responsibilities with the AUDIT_ADMIN and AUDIT_VIEWER roles, Configure the audit trail, Specify audit options. Data concurrency and lock conflicts Levels of locking in Oracle, Methods used to acquire locks, Data concurrency, Possible causes of contention, DML locks, Prevent locking problems, Detect lock contention, Resolve conflicts. Undo management Undo data overview, Monitor and administer undo, Configure undo retention, Switch undo tablespaces, Specify the retention period, Guarantee undo retention, Retention period for flashback queries, View undo space information, Use the undo advisor, Size the undo tablespace, Alter an undo tablespace to a fixed size. Proactive database management Database Maintenance, View the alert log, The Automatic Workload Repository, Statistic levels, The Automatic Database Diagnostic Monitoring, Monitor an Oracle database, Use the Advisors, Set up notification rules/ Performance management Tuning information sources, Performance monitoring, Tuning activities, Performance planning, Instance tuning, Performance tuning methodology, Performance tuning data, Monitoring performance, Managing memory. SQL tuning SQL tuning, The Oracle Optimizer, SQL Plan directives, Adaptive execution plans, SQL Advisors, Automatic SQL Tuning results, Implement automatic tuning recommendations , SQL Tuning Advisor. Moving data Create directory objects , Data Pump architecture, Data Pump data dictionary views, Data Pump interactive mode, Data Pump API, Use Data Pump to export and import data, Overview of SQL Loader, Command line parameters, Record filtering, Control file keywords, Datafiles, SQL Loader data paths, External Tables. Automate tasks with the scheduler Introduction to the Scheduler, Access Rights, Scheduler components and workflow, Create a Job, Job Classes, Use time based, event based schedules, Create an event based schedule. Managing resources with Resource Manager Overview of the Database Resource Manage, Use the Resource Manager, Create Resource Plans, The default maintenance resource manager plan, Create Resource Plan Directives, Allocate resources for Resource Plans. Manage space Overview of space management, Block space management within segments, Segment types, Allocate extents, Allocate space, Row chaining and migration, Create tables without segments. Backup and recovery configuration Oracle backup solutions, Oracle suggested backup strategy, Overview of database backup, restore and recover, Flashback technology, Types of failure ,Instance recovery, Tune instance recovery, The MTTR Advisor, Media failure, Configure a database for recoverability Oracle support The Enterprise Manager Support Workbench, Register for security updates, Work with Oracle Support, My Oracle Support integration, Log Service Requests, Manage patches, Apply a patch

CWSP training course description A hands-on training course concentrating solely on WiFi security with an emphasis on the delegates learning the necessary knowledge and skills to pass the CWSP exam. The course progresses from simple authentication, encryption and key management onto in depth coverage of 802.X and EAP along with many other security solutions such as access control, intrusion prevention and secure roaming. What will you learn Demonstrate the threats to WiFi networks. Secure WiFi networks. Configure: WPA2 RADIUS 802.1x EAP Pass the CWSP exam. CWSP training course details Who will benefit: Technical network staff. Technical security staff. Prerequisites: Certified Wireless Network Associate. Duration 5 days CWSP training course contents WLAN Security overview Standards, security basics, AAA, 802.11 security history. Hands on WLAN connectivity. Legacy 802.11 security Authentication: Open system, shared key. WEP. VPNs. MAC filters. SSID segmentation, SSID cloaking. Hands on Analysing 802.11 frame exchanges, viewing hidden SSIDs. Encryption Basics, AES, TKIP, CCMP, WPA, WPA2. Hands on Decrypting 802.11 data frames. 802.11 layer 2 authentication 802.1X: Supplicant, Authenticator, Authentication server. Credentials. Legacy authentication. EAP, Weak EAP protocols, Strong EAP protocols: EAP -PEAP, EAP-TTLS, EAP-TLS, EAP-FAST. Hands on Analysing 802.1X/EAP frames. 802.11 layer 2 dynamic key generation Robust Security Network. Hands on Authentication and key management. SOHO 802.11 security WPA/WPA2 personal, Preshared Keys, WiFi Protected Setup (WPS). Hands on PSK mapping. WLAN security infrastructure DS, Autonomous APs, WLAN controllers, split MAC, mesh, bridging, location based access control. Resilience. Wireless network management system. RADIUS/LDAP servers, PKI, RBAC. Hands on 802.1X/EAP configuration. RADIUS configuration. 802.11 Fast secure roaming History, RSNA, OKC, Fast BSS transition, 802.11k. Hands on Roaming. Wireless security risks Rogue devices, rogue prevention. Eavesdropping, DOS attacks. Public access and hotspots. Hands on Backtrack. WiFi security auditing Layer 1 audit, layer 2 audit, pen testing. WLAN security auditing tools. WiFi security monitoring Wireless Intrusion Detection and Prevention Systems. Device classification, WIDS/WIPS analysis. Monitoring. 802.11w. Hands on Laptop spectrum analysers. VPNs, remote access, guest access Role of VPNs in 802.11, remote access, hotspots, captive portal. Wireless security policies General policy, functional policy, recommendations.

Security+ training course description A hands on course aimed at getting delegates successfully through the CompTia Security+ examination. What will you learn Explain general security concepts. Describe the security concepts in communications. Describe how to secure an infrastructure. Recognise the role of cryptography. Describe operational/organisational security. Security+ training course details Who will benefit: Those wishing to pass the Security+ exam. Prerequisites: TCP/IP foundation for engineers Duration 5 days Security+ training course contents General security concepts Non-essential services and protocols. Access control: MAC, DAC, RBAC. Security attacks: DOS, DDOS, back doors, spoofing, man in the middle, replay, hijacking, weak keys, social engineering, mathematical, password guessing, brute force, dictionary, software exploitation. Authentication: Kerberos, CHAP, certificates, usernames/ passwords, tokens, biometrics. Malicious code: Viruses, trojan horses, logic bombs, worms. Auditing, logging, scanning. Communication security Remote access: 802.1x, VPNs, L2TP, PPTP, IPsec, RADIUS, TACACS, SSH. Email: S/MIME, PGP, spam, hoaxes. Internet: SSL, TLS, HTTPS, IM, packet sniffing, privacy, Javascript, ActiveX, buffer overflows, cookies, signed applets, CGI, SMTP relay. LDAP. sftp, anon ftp, file sharing, sniffing, 8.3 names. Wireless: WTLS, 802.11, 802.11x, WEP/WAP. Infrastructure security Firewalls, routers, switches, wireless, modems, RAS, PBX, VPN, IDS, networking monitoring, workstations, servers, mobile devices. Media security: Coax, UTP, STP, fibre. Removable media. Topologies: Security zones, DMZ, Intranet, Extranet, VLANs, NAT, Tunnelling. IDS: Active/ passive, network/host based, honey pots, incident response. Security baselines: Hardening OS/NOS, networks and applications. Cryptography basics Integrity, confidentiality, access control, authentication, non-repudiation. Standards and protocols. Hashing, symmetric, asymmetric. PKI: Certificates, policies, practice statements, revocation, trust models. Key management and certificate lifecycles. Storage: h/w, s/w, private key protection. Escrow, expiration, revocation, suspension, recovery, destruction, key usage. Operational/Organisation security Physical security: Access control, social engineering, environment. Disaster recovery: Backups, secure disaster recovery plans. Business continuity: Utilities, high availability, backups. Security policies: AU, due care, privacy, separation of duties, need to know, password management, SLAs, disposal, destruction, HR policies. Incident response policy. Privilege management: Users, groups, roles, single sign on, centralised/decentralised. Auditing. Forensics: Chain of custody, preserving and collecting evidence. Identifying risks: Assets, risks, threats, vulnerabilities. Role of education/training. Security documentation.