If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2018 November Training Session

When: November 07, 2018 - 1300-1630
Where: RTP HQ
Registration: Website
Cost
ISACA-RTC Members - Free (Log in to register to ensure discounted fee)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $25
All Others: $40
CPEs: Upto 3
Handouts:



Session I Third Party Information Risk Management Process at GSK (1-230PM)

To provide a high-level interactive overview of the framework and process to monitor & manage Interactions with all external supplier relationships from initial offerings to increased or enhanced service offerings through to termination of the relationship.

Speaker: Speaker: Reggie Williams, Director, Strategy & Risk, GSK

Reggie has 25+ years of experience in audit; risk & compliance; and project & service management focused on Technology risks.
He has both an undergraduate and graduate degree in Finance; along with a degree in programming. He has multiple certifications with emphasis on Technology risk; including
HIPAA, ITIL, Project Management & Information System Auditing. His working perspective concentrates on Business understanding to guide Technology risk focus; contributing on an individual, managerial, as well as a strategic level.

Session II

Part 1: On Site Verification – checking if you got the risk assessment right

This talk will answer some of the key questions in verifying the results of a third-party risk assessment by going on-site to a third-party. What are some of the options for approaching the on-site work and what, from Michael’s experience, has worked well and what are some of the pitfalls. This talk will give you an overview of a successful approach to plan, conduct, and report as well as what are some of the key skills needed to get the most value out of on-site work.

Part 2: Independent Attestations – overview, value, and areas of assurance they and don’t provide
This talk will consider different independent attestations suppliers often provide and the value these provide to a customer. Questions this talk will address include: What are the common attestations and certifications encountered in the information security area? What do they really indicate? What are the key questions to ask and details to examine to assess the value of the attestations in providing assurance of good controls from the supplier’s customer perspective?

Speaker: Michael Woods, Director, Senior Information Security Consultant, Supplier Security, Risk and Assurance, GSK

Michael heads up GlaxoSmithKline’s on-site supplier assurance process for suppliers who manage or process the company’s most sensitive information. He has over 15 years’ experience conducting third-party on-site audits and assurance visits and over 25 years’ experience working in the information security field. He is a CISSP and is a graduate of NC State University.

For more information and to register for the training session, please visit the ISACA RTC website.