PECB Insights Issue 08 June 2017

Insights
Taking Action!
There is always a risk
THE EXPERT BITCOIN WOMENS THE DREAM
GDPR - GENERAL DATA A REVOLUTION OF THE PATH TO SPOT
PROTECTION REGULATION CONVENTIONAL PAYMENT SYSTEM LEADERSHIP
ISSUE 08 / June 2017 When Standards Matter

The
Expedition
of Risk
The latest ambiguous economic developments during the last few years have
played a key role in terms of how organizations operate these days. Organizations
that used to function easily with the help of estimates and forecasts now reject to
make business decisions that are set in stone. At this present day, organizations are
seeking for a new focus: managing risk.
Why risk? Risk is the leading origin of uncertainty in every organization. As a result,
companies attention has shifted towards mitigating risks and managing them
before they have a disastrous impact on the organization. The ability to anticipate
risk will guide organizations towards acting more assertively on forthcoming
business decisions. An organizations knowledge of the risks that is facing will have
a majorly positive effect in terms of giving numerous possibilities on how to deal
with probable complications and problems.
HANDLING RISKS
COMPANIES IMPLEMENTING Enterprise Risk Management (ERM) INTERESTING FIGURES
86% 83% More than 85% of executives

Make better
Have greater want to build ERM Processes
management
decisions
consensus
Approximately 10% have

completed their implementation
79% 16%
12%
Have greater Implemented ERM
management
accountability
in their strategic
planning
Organizations spend of
total revenue on GRC activities
An effective ERM Strategy mitigates:
Financial Risks Operational Risks Compliance Risks Supply Chain Compliance

CONTENT 10
The Standard:
ISO 31000 and its
Revision
18
The Expert
GDPR - General Data
Protection Regulation
32
Interview
Brian Henry - CEO AT
THE CARIDON GROUP
38 50
Womens path to Attending
10 18 32 Leadership Pre-Conference
Training Courses
60 68 72
Bitcoin Sun, Sea and a Trainer Interview
38 50 60 A Revolution of the Training Anders Carlstedt
Conventional Payment Miami Beach, Florida
System
68 72 76 76 78
The Dream Spot Doing Business
in Peru
78 88 90
CONTENT
INDUSTRY
In a world of constant change,
risk management is increasingly
viewed as a means of improving
the likelihood of success in the
challenging task of managing
the organizations reputation
and stakeholders interest. The
unmanaged risk is the greatest
source of waste, where as a result
thousands of jobs and expertise get
lost, and many great companies fail
to survive; consequently, standards
are considered to be very beneficial
since their implementation allows
the organizations to compare
their existing risk management
practices with internationally
The Standard:
recognized benchmarks. The ISO
31000 standard should be the first
step that shows organizations
commitment to ensuring the
evolvement of risk management.
ISO 31000
Therefore, it serves as a guide
for identifying and prioritizing
important risks. Risk management
process is applicable to
and its Revision

organizations of all sizes and types,
and it is intended to be tailored
to meet the varying needs of the
organization.
10 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 11
Key Points for an Effective The Purpose of ISO 31000
Risk Management Plan ISO 31000 specifies principles and guidelines of
risk management to identify, assess and mitigate
Understanding the value of risk management risks faced by organizations. It is designed to
helps organizations to achieve higher levels of help organizations ensure conformity with legal
efficiency, flexibility and transparency. and regulatory requirements and international
norms. In addition, it increases the possibility of
An effective Risk Management includes the achieving organizational objectives, improves the
following: identification of threats and opportunities, and
helps an organization in treating the risks and
Creates shareholders value by linking risk with minimizing the negative impact.
organizational performance;
Established common objectives and clear The standard consists of two related documents:
understanding of the effect of the potential ISO Guide 73 and ISO/IEC 31010. The ISO Guide 73
risks; provides definitions and terms that are linked to
Involvement of organizations members in Risk Management while ISO/IEC 31010 entails risk
crucial decision-making processes; assessment techniques. This standard provides
guidance on how to appropriately identify and
Effective risk assessment process and manage risks in order to minimize losses and
continuous improvement; maximize the opportunities. It outlines the
Increased risk awareness, and incorporation of principles for effective risk management and a
risk into the organizations culture; framework for supporting the implementation of
Appropriate risk management measures that continual improvement.
continuously facilitate the detection and
updating process of the risks and relevant Risk management capabilities can directly affect
actions to treat such risks. the costs incurred by the organization, as well
as the customer value creation. By effectively
managing the uncertainties which occur in the
business environment, those capabilities can turn
into a source of competitive advantage.
The ability to respond faster to unforeseen events

and the willingness to seek greater risks which
competitors are not capable of undertaking,
gives the organization the opportunity to
enhance future profits. Furthermore, risk
management is considered as a core aspect of
project management process, as it is viewed as
a promising tool for protecting organizations
reputation and brand, and improving the
sustainability and resilience of the organization.
John Roos a Project, Program and Quality

specialist stated ISO benefits exceed the simple
satisfaction of having just another certificate on
your wall. If such benefits are recognized and
acknowledged, the management will provide
approval and support to ISO as this ensures the
use of professional methods and techniques, and
simultaneously a high quality standard.

A structure preview of the ISO 31000 8. Risk management takes human and cultural The ISO 31000 Revision
factors into account
ISO 31000 consists of principles that may be 9. Risk management is transparent and inclusive The ISO 31000 Revision has a
considered as the cornerstone based on which clearer objective: make things
10. Risk management is dynamic, iterative and
organizations success is built upon; a Risk easier and simpler for the user.
responsive to change
Management framework comprising 5 components ISO/DIS 31000:2017 uses plain
which ensure that the process for managing 11. Risk management facilitates continual language to define the basics
risk is fully integrated into the organization; and improvement of the organization of risk management with the
Risk Management processes that emphasize the expectation that the reader will
necessity for active communication and consultation Risk Management Framework find it easier to understand. The
with internal and external stakeholders, and the standard is intended to be more
continuous monitoring and review. Policy and Governance concise, understandable and
comprehensible for the user. To
Program Design
The detailed components of the ISO 31000 avoid potential complications,
Implementation it has been decided to reduce
11 Principles of Risk Management Monitoring and Review the terminology in ISO/DIS
31000:2017 to the basic concepts
Continual Improvement
1. Risk management creates and protects value which are closely related to risk
management, which appears in
2. Risk management is an integral part of all Risk Management Process ISO Guide 73 - Risk management
organizational processes - Vocabulary. An important
3. Risk management is part of decision making Communication and consultation aspect of the progress within
4. Risk management explicitly addresses Establishing the context the standard is the value of
uncertainty human and cultural elements,
Risk identification
which facilitates attainment of
5. Risk management is systematic, structured and Risk analysis the organization's objectives.
timely Nevertheless, the main objective
Risk evaluation
6. Risk management is based on the best set by the ISO 31000 standard
Risk treatment Principles
available information remains the same - to integrate
Monitoring and review risk management into a strategic
7. Risk management is tailored
and operational management Integrated
system. Continual
Structured
improvement
a) Creates Value
b) Integral part of
organizational processes Human and
Mandate and Value creation
c) Part of decision making cultural
and protection
Customized
commitment Establishing the context factors
d) Explicitly addresses
uncertainty
e) Systematic, structured Risk Assessment Best
Communication and consultation
Design of available Inclusive

and timely
framework for Risk Identification Framework information
Dynamic Process
Monitoring and review
f) Based on the best managing risk and

responsive
available information
External context
g) Tailored Risk Analysis
h) Takes human and cultural Continual
Implementing risk
factors into account improvement of
management
the framework Risk Evaluation Design Recording Communication
i) Transparent and inclusive & Establishing &
Reporting the context Consultation
j) Dynamic, iterative and
Implementation
Improvement
responsive to change Monitoring and Leadership

&
k) Facilitates continual review of the Commitment Risk Risk
improvement and framework Risk Treatment Treatment Assessment
enhancement of the
Evaluation
organization
Monitoring
Internal context &
Review
PRINCIPLES FRAMEWORK PROCESS

It is important to note that the ISO/DIS 31000 The Value of ISO 31000 Having recognized risk management as a promising tool for improved economic performance and
has been approved by the majority, and the next professional reputation, it is of crucial importance to adhere to principles of standards such as ISO 31000.
meeting will take place in Sunnyvale, California ISO 31000 principles and guidelines may not only This standard is viewed as an impactful body of knowledge for the project risk-management community.
from July 10th to July 14th. be employed to catalyze the professionalization PECB offers its expertise in multiple fields, including ISO 31000 courses, where it provides a shared
of project risk management, but also to enable understanding of best practices with the ultimate goal of enhancing risk management effectiveness.
Carlos Horna Vallejos committee member at organizations to conduct coordinated research on
ISO/TC 262 stated: In my opinion, the main the effectiveness of risk management measures For further information, please visit PECB Certified ISO 31000 training courses.
change is the simplicity, an easier to understand and practices; thus, in so doing provide the
wording to extend the use of the standard. We necessary protection for the organization.
have new management systems with a focus on
risk management (all ISO requirements), greater ISO 31000 adoption will trigger the following
impact on GRC and compliance, and this standard benefits:
will help us to understand how to deal with
uncertainty to adequately address risks (positive, Increased probability of reaching organizations
negative or both) for achieving our objectives. objectives
Enhancement of proactive activities
Improved ability to identify and treat risks
within an organization
Enhanced capacity to identify opportunities
and threats
Higher conformity with legal and regulatory
requirements and international norms
Improved shareholders confidence and
reliability
Improved financial reporting
Improved governance
Consistent basis for decision-making and
planning
Successful allocation of resources for risk
treatment
Improved coherence, effectiveness, and
efficiency of operations within organizations
Improved environmental protection as well as
health and safety performance
Lower financial volatility
Establishment of a resilient organizational
culture

THE EXPERT
GDPR - General Data

A new regulation, a new

framework for better coping
with privacy issues in EU

During the last years, an These factors may form an electronically, GDPR aims to
enhanced attention has been obstacle for the exercise of update and harmonize laws to
placed on the several studies economic activities at the EU better address the contemporary
that aim to point out the level, prevent the free circulation privacy challenges posed by the
major costs on the existence of of personal data within the EU, internet, social media, mobile
different legal realities in the and prevent the authorities from apps, cloud computing etc.
State Members. For instance, meeting their correspondent Additionally, GDPR proves to
the annual estimated cost for functions and responsibilities to be efficient and necessary as it
businesses was approximately conform to the European Law. lowers the administrative burden
2.5 Billion. In addition, the for companies that previously
Commission itself drafted, The importance of customer trust dealt with multiple data
within the reflection process, in the development of digital protection authorities.
the need to draft a new economy triggers the necessity
regulation on data protection, for the establishment of a more What are its objectives?
several analyses on the cost of solid and coherent framework for
the existing diverse legislation data protection in the European The objective of EU data
amongst the State Members in Union that is backed by the strict protection reform is to
regards to international trade, implementation. modernize, simplify and
international data transfers, strengthen the data protection
etc. The rapid technological Usually, people must have framework that facilitates
development and globalization control of their own personal the implementation of the
have brought forward new data data while obtaining a certain Single Market Strategy. This
protection challenges, where level of legal and practical will foster economic growth,
due to such technological security which shall be reinforced innovation and job creation.
advancement the economy and by economic operators and The reform will considerably
social life have been subject public authorities. reduce administrative burdens,
to systematic transformation; especially for SMEs, including
thus, technology has further Why is GDPR so the current obligation to notify
facilitated the free circulation data processing, which amounts
of personal data within the EU,
necessary, then? to a 130 million/year cost for
as well as its transfer to third businesses, or prior authorization
Considering that currently the
countries and international for international transfers Data
vast majority of information
organizations. based on mandatory rules or
is produced and consumed
standard contractual clauses.
On top of this, EU companies
currently shall deal with
27 different national data
protection laws. This lack of
rule harmonization between
EU countries is an expensive Attitude towards data expressed the belief that their The Directive 95/46/EC did
administrative burden which protection - Some personal data can be used by not meet its objective to
enhances the difficulty for companies for purposes different homogenize data protection
figures from what the information has across the Member States, as:
many enterprises, especially
small and medium-sized been initially collected for.
Authorities and institutions Data protection has been
ones to enter new markets.
are more trustworthy than Most Europeans believe that applied in a fragmented
Trust is considered the core
European companies (especially companies that violate data manner
foundation of successful
online businesses), 88% of protection rules should: Risks for natural persons in
businesses, and as such data
the respondents felt that their online activities continue to
protection shortcomings can
personal data would be better Receive fines (51%) exist
do irreparable damage to
protected in large companies Be prohibited from using There are divergences
companies credibility, as it takes
if they were obliged to comply such data in the future (40%) on the execution and
years to gain a customers trust,
with data protection laws. In Be forced to compensate application across the
but only an instant to lose it.
addition, 70% of Europeans victims (39%) Member States
The statement above can be A unique framework for have to be more accountable appointing a Data Protection One of the most effective ways
easily summarized in three a unique market with for their data processing. Officer will be considered a good to implement these principles of and possible
simple aspects: Companies employing more practice and will help in proving privacy by design and privacy by
some obligations for than 250 employees, as well as accountability. default is with the help of a Data penalties
1. This Regulation lays organizations the companies whose processing Protection Impact Assessment
down rules relating to of personal data may result in a "Privacy by design" and "Privacy (DPIA). This assessment will Amongst the many changes that
the protection of natural After years of wrangling, the potential risk to the rights and by default" are principles that allow the identification of risks the new regulation involves,
persons regarding the GDPR is now a fact, and finally, freedoms of data subjects, shall should be integrated into involved in each process of the increased compliance
processing of personal data companies will only have to deal maintain a record of processing business processes. Privacy personal data processing, the that is backed by the threat of
and rules relating to the free with a set of data protection activities. by design implies that data possible impact on the rights substantial fees is one aspect
movement of personal data. rules and be accountable to a protection safeguards should and freedoms of the data that reflects the importance of
2. This Regulation protects single data protection authority Core activities of companies be incorporated into products subjects and finally determine the regulation. Organizations
fundamental rights and - the national authority in that consist of data processing and services from the design the measures envisaged to found to be in breach of the
freedoms of natural persons the EU country where their operations and require stage, rather than adapt such be aligned with the GDPR. regulation, can be fined up
and their right to the main establishment is located. systematic monitoring on a privacy features at later stages. Following article 35 (Data to 20 million or 4% of total
protection of personal data. This single window for data large scale must appoint a DPO Privacy by default, on the other Protection Impact Assessment") turnover. As there are few
3. The free movement of protection will greatly simplify (Data Protection Officer). Core hand, means that in the default from the GDPR, such a DPIA will companies that would be willing
personal data within the the way companies interact activities refer to operations setting the user is already be mandatory when the process to take a hit of that magnitude,
Union shall be neither with data protection laws and that are rather necessary to protected from potential risks; of personal data may likely result this enforcement instrument
restricted nor prohibited encourage cross-border trade reach processors goals. Even if thus, default settings for privacy in a high risk for the rights and is to be employed to ensure
for reasons connected with and investment in the internal a businesss core activities do protection should be the norm. freedoms of the data subjects. compliance.
personal data processing. market. In return, companies will not require regular monitoring,

To what does it apply? Key Changes by the Accountability: Companies
GDPR processing personal data
This Regulation applies to the from EU residents should
processing of personal data, Equity: A fair playing field not only follow all the
wholly or partly, by automated for companies through a requirements envisaged
means and to the processing single law applicable to any on the regulation for the
other than by automated means company throughout the EU. protection of personal data,
of personal data which form This harmonization should but also shall be able to
part of a filing system or are allow businesses to save up prove their implementation.
intended to form part of a filing to 2.3 billion euros per year.
system, but does not apply to the Simplification: Simplified Glossary of main
processing of personal data: regulatory environment concepts introduced by
by the drastic reduction of GDPR:
during an activity which falls red tape and bureaucratic
outside the scope of Union requirements that impose
law; Personal Data: Any
unnecessary costs on information relating to an
by the Member States when businesses.
carrying out activities which identified or identifiable
Unity of control: A "one- natural person (data
fall within the scope of stop shop" - EU companies
Chapter 2 of Title V of the subject); an identifiable
will report to a single data natural person is one who
TEU; protection authority (DPA),
by a natural person during a can be identified, directly
regardless of the number or indirectly, by reference
purely personal or household of countries in which they
activity; to an identifier such as a
operate. name, an identification
by competent authorities Cooperation: Enhanced
for the purposes of the number, location data, an
cooperation between online identifier or to one
prevention, investigation, ODAs to ensure coherent
detection or prosecution or more factors specific to
application of rules across the the physical, physiological,
of criminal offences or EU.
the execution of criminal genetic, mental, economic,
penalties, including the cultural or social identity of
that natural person. Processing: Any operation the use of personal data to data are not attributed to
safeguarding against threats or set of operations which evaluate certain personal an identified or identifiable
and the prevention of such is performed on personal aspects relating to a natural natural person.
threats to public security. data or on sets of personal person, to analyze or predict Filing system: any structured
data, whether by automated aspects concerning that set of personal data which
Advantages of this means, such as collection, natural person's performance are accessible according to
A single recording, organization, at work, economic situation, specific criteria, whether
implementation control
More authority structuring, storage, health, personal preferences, centralized, decentralized or
confidence in adaptation or alteration, interests, reliability, dispersed on a functional or
transactions retrieval, consultation, use, behaviour, location or geographical basis.
between A single
regulation disclosure by transmission, movements. Controller: the natural or
citizens and
businesses dissemination or otherwise Pseudonymisation: the legal person, public authority,
making available, alignment processing of personal data agency or other body which,
or combination, restriction, in such a manner that the alone or jointly with others,
erasure or destruction. personal data can no longer determines the purposes
Restrictions of processing: be attributed to a specific and means of the processing
European Framework
companies The marking of stored data subject without the use of personal data; where the
providing
Trustworthy in
the global
Advantages reasonable personal data with the aim of additional information, purposes and means of such
assurance of of limiting their processing in provided that such additional processing are determined by
market privacy the future. information is kept separately Union or Member State law,
Profiling: any form of and is subject to technical the controller or the specific
automated processing of and organizational measures criteria for its nomination
personal data consisting of to ensure that the personal may be provided for by Union
or Member State law. of those data by those signifies agreement to the
Processor: a natural or legal public authorities shall be processing of personal data
person, public authority, following the applicable data relating to him or her.
agency or another body protection rules according Personal data breach: a
which processes personal to the purposes of the breach of security leading to
data on behalf of the processing. the accidental or unlawful
controller. Third party: a natural or destruction, loss, alteration,
Recipient: a natural or legal legal person, public authority, unauthorized disclosure
person, public authority, agency or body other than of, or access to, personal
agency or another body, to the data subject, controller, data transmitted, stored or
which the personal data are processor and persons who, otherwise processed.
disclosed, whether a third under the direct authority of Genetic data: personal data
party or not. However, public the controller or processor, relating to the inherited
authorities which may receive are authorized to process or acquired genetic
personal data in the 4.5.2016 personal data. characteristics of a natural
EN Official Journal of the Consent of the data subject: person which give unique
European Union L 119/33 any freely given, specific, information about the
framework of an inquiry in informed and unambiguous physiology or the health of
accordance with the Union indication of the data that natural person and which
or one of its Member State subject's wishes by which result from an analysis of a
law shall not be regarded as he or she, by a statement or biological sample from the
recipients; the processing by a clear affirmative action, natural person in question.
Biometric data: personal in the Union, unless the in the context of the activities
data resulting from specific decisions on the purposes of an establishment of the
technical processing relating and means of the processing processor take place to the
to the physical, physiological of personal data are taken extent that the processor is
or behavioral characteristics in another establishment of subject to specific obligations
of a natural person, which the controller in the Union under this Regulation.
allow or confirm the unique and the latter establishment Representative: a natural or
identification of that natural has the power to have such legal person established in
person, such as facial images decisions implemented, in the Union who, designated
or dactyloscopic data. which case the establishment by the controller or processor
Health data: personal data having taken such in writing pursuant to Article
related to the physical or decisions is to be the main 27, represents the controller
mental health of a natural establishment. or processor regarding their
person, including the About a processor with respective obligations under
provision of health care establishments in more than this Regulation.
services, which reveal one Member State, the place Enterprise: a natural or
information about his or her of its central administration legal person engaged
health status. in the Union, or, if the in an economic activity,
Main Establishment: processor has no central irrespective of its legal form,
About a controller with administration in the Union, including partnerships
establishments in more than the establishment of the or associations regularly
one Member State, the place processor in the Union where engaged in an economic
of its central administration the main processing activities activity.
Group of undertakings: a Cross-border Processing: Relevant and reasoned
controlling undertaking and Processing of personal data objection: an objection to a
its controlled undertakings. which takes place in the draft decision as to whether
Binding corporate rules: context of the activities of there is an infringement
Personal data protection establishments in more of this Regulation, or
policies which are adhered to
by a controller or processor
than one Member State of a
controller or processor in the
whether envisaged action
in relation to the controller Your companys
established on the territory of Union where the controller or processor complies with
a Member State for transfers
or a set of transfers of
or processor is established in
more than one Member State
this Regulation, which
clearly demonstrates the
Data security for
personal data to a controller
or processor in one or more
Processing of personal data
which takes place in the
significance of the risks posed
by the draft decision about your company
third countries within a context of the activities of the fundamental rights and
group of undertakings, or
group of enterprises engaged
a single establishment of
a controller or processor
freedoms of data subjects
and, where applicable, the
and GDPR
in a joint economic activity. in the Union but which
substantially affects or is
free flow of personal data
within the Union. What are the
likely to substantially affect
data subjects in more than
one Member State.
solutions?
Author
Be.wan invites you for a quick,
understandable and pragmatic
presentation on: General Data
Protection Regulation (GDPR) issues.
Pierre Dewez
Solutions that are field-proven
With 18 years of extensive experience in the field of information technologies, the CEO of PECB Europe to secure sensitive data within
and Altirian, Pierre is an acknowledged senior expert in Information Security, Compliance, and IT Risk companies.
Management and an active member in the JTC1/sc27 committee in Luxembourg. He is the Lead Auditor for
Management Systems about Quality, Information Security, IT Service Management, and Business Continuity,
an advisor in IT Risk Management for many Financial, Insurance and Service Delivery companies in Belgium,
June 22, 2017.
Germany, France, Luxembourg, Switzerland, The Netherlands, and Canada.
Ferme de Mont-Saint-Jean -
A trainer and author of various articles in Information Security Audits, Business Continuity Governance, Chausse de
and IT Service Management, Pierre is also an international ISMS and risk management expert extending his
contribution to the elaboration of recommendations intended to improve the contents and the relevance of
Charleroi, 591- 1410 Waterloo.
international standards in the current market.
Co-Author
Due to limited availability of places,
early registration by e-mail to
advice@bewan.be is highly
encouraged to ensure your
participation!
Kirian Bosch Moline
With a master degree in Auditing, Security, Governance and ICT Law in The Autonomous University of
Madrid and experience in the Institute of Audit & IT-Governance as a Consultant in providing assurance and
consulting services related to IT governance, risk management, compliance and information security, today he
shares his knowledge and passion as a co-author at PECB Insights.
28 | PECB Insights / June, 2017

LEADERSHIP
Interview with
Brian Henry
CEO AT THE CARIDON GROUP
The Caridon Group is a company offering business

solutions in Governance, Risk and Compliance
Business Continuity Management, Contract
Lifecycle and Risk Management, Project
Management, Knowledge Management,
Change Management, Training, Certification,
Mentoring and Coaching. Headquartered
in Bicton, Austraila, The Caridon Group has
been founded in 1986. As a community
of skilled and experienced consultants,
they guide business owners from
conception to completion.
PECB Insights / June, 2017 | 33

Interview
company is judged by the people you keep.
We also use a self-actualization principle in that remuneration is voluntary.
That means earning are based on revenue generated. If one person acts in a
way that compromises a project then revenue is forfeit and remuneration is
lost. So, its a conscious decision by each of us to contribute.
1
This also applies to revenue and expenditure. Each team member is actively
involved in the invoicing and collections process.
You are the CEO & Owner at Caridon Business Solutions. We work from various locations so we must use collaborative tools to stay in
It must have been quite the challenge to remain there for touch and provide information access. The cloud is excellent for storing and
more than 15 years? sharing information, but we still must guard against the risks of the cloud,
such as hacking, data integrity and accessibility.
No not at all. Ive always wanted to have my own business and took the
plunge when I was faced with my 7th Merger / Acquisition in less than 10
years, I knew I had to take my own services and ideas to market and not
someone elses.
4
What is the biggest challenge facing leaders today?
Change.
2
Ive just heard a conversation about how traditional leadership is now so
How do you encourage creative thinking within your out of touch with the knowledge, opinions and interests of the next two
organization? generations, that there is a fatal communications failure between over-55
leaders and the Millennials for example.
We work on an informal structure to ensure that all members of our team are Add to this the extreme almost seismic shifts in global technology that
free to do what they really enjoy, provided of course it adds to the companys happen every couple of months, like self-flying Uber cars, AI, Blockchain,
values and goals. There are no limitations except that it must add value to Brexit, The list is growing.
the services we offer -and thats a fairly wide list. I may be the CEO and owner Keeping up with all this means having to review your paradigms almost daily.
of the company, but in truth there are no bosses. We encourage our team
members to participate fully in setting the direction of the organisation, and
share ideas as often as we can.
We expect everyone to express their opinions and ideas with everyone for two
5
reasons:
to ensure that we support one another, and What is the worst professional mistake you made and
to get opinions and suggestions from the rest of the team and that way what did you learn from it?
the idea has always been improved.
I would encourage anyone to read the books Maverick and The Seven Day No excuses -Ive made quite a few, but perhaps the biggest was introducing
Weekend, by Ricardo Semler. The methods they describe turn accepted people with the wrong set of principles. It caused reputational damage, and
corporate business models and governance upside down in favour of the hard earned cash with nothing to show for it. It set us back 18 months.
human spirit.
3 6
What is the best professional move you made and why?
How do you manage Risk in your organization?
I guess taking the plunge to start my own business. Its was the kind of
We minimize risk through our operating model -which has until now served growth step that challenges you to find out what you are truly capable of, and
us well. failure cant be blamed on anyone else but yourself. Conversely, one of the
As a small select group, we limit the risk by keeping everything as simple as most exciting events is seeing money come into your account however small
possible. As a consulting and training organisation, the main risks would be the amount, when a client agrees to pay your first invoice.
financial, reputational and contractual.
Our Personnel risks are also key, but our team members are with us mainly
because they like to work with us. As the alternative saying goes: Your
7
What are the three top values/characteristics for success
and why?
Personal and corporate Integrity, because your integrity is all you have.
Compromise that and you lose everything.
Mutually beneficial relationships with interested parties -customers and
suppliers included. People dont like to do business with people they dont
trust and if they do then it becomes a win-lose relationship.
Team mutual respect and collaboration between team members. This must
be in the DNA of the organisation. There is no room for destructive politics,
gossip or brinkmanship. Its costly, slows down projects and damages, scars or
even disables relationships for a very long time afterwards.
8
What advice would you give someone going into a
leadership position for the first time?
Leave your EGO at home.
Have the humility to respect that your team trusts you to lead them, and you
are a leader because they chose you, not because you're superior in any way.
Your job is to encourage and enable your team to enjoy what they do and feel
that they have contributed something meaningful to their world.
9
What does matter the most to you?
People, enthusiasm and courage, because these will always get you out of bed
in the morning to go out and achieve great things.

Womens
path to
Leadership
The barriers faced every day from

gender inequality around the
world are vastly compromising
women advancement in leadership
positions. The role of women
in organizations is creating
tremendous value through the
balance imposed in diversity of
thinking and business solutions.

Women Leadership and are not as flexible in practice,
as they appear to be in theory.
Stereotypes and
Underrepresentation
Though, if we question the Gender Bias
Leadership comes in various difference between women and
forms and ways and leaders men leadership, we should first Stereotypes present a very
can be defined based on their draw a line to where peoples powerful obstacle for women
personality, charisma, moral perceptions end and leadership aiming or obtaining leadership
authority, and intellectual values begin. Naturally, we may positions in all types of
contributions among others. say that men are more directive, organizations. Demographically
The power of leaders though, competitive, and autocratic dependent, these obstacles are
by definition, may be easily while women are collaborative, more visible in some countries
determined by the willingness cooperative, and democratic and less visible in others. Still,
of people to follow them. This is when they lead. However, they remain and are very difficult
merely the point where women interpersonal skills should break to change. As the most common
leaders have a downturn in many through this division of authority form of stereotyping, gender
countries around the globe. lines between genders. is hampering the efforts of
Their capabilities to drive an female authority in relation to
organization towards success To clarify, we should mention many individuals. Judging that
and people forward are often that leadership positions greatly females have a more nurturing
wrongly perceived, for this vary from one industry to the character and that this may
reason women in leadership is other. Categorizing between affect responsibility distribution
becoming an increasing issue for service industries and more upon employees, is a severely
discussion. traditional primary industries, discriminatory mindset in the women have faced many activities. Prejudices resulting from ability of being a strong leader
we may clearly notice women workplace. Even though in many barriers to climb up the ladder in bias to which female leaders face and presenting a domineering
Even though women have governing healthcare, hospitality, cases these opinions are not organizations they have worked nowadays have most commonly behavior. As far as illegal
moved towards greater equality and education institutions. On revealed publicly, they can create for. With uneven advancement to do with their drive to family discrimination against women
in both their home and the the other hand, manufacturing, bias in the decision making of opportunities for women, care-taking responsibilities, and goes, companies still continue
workplace, social etiquettes transport, and construction are both men and women leaders. businesses have had lack of their feminine attitude which is stating their gender preference for
led by male individuals. It is not a secret that historically, representation in a wide scope of perceived as a trait disabling the various positions.
The Gender
22%
Leadership Gap Even though these changes 19%
have been very slight, we shall
Efforts to reduce the Gender- note that top positions held by
Leadership gap have been
immense in the last few years. women have increased from 2004 2015
Contributing to close this
gap in particular, all must be
willing to take a step further
and remain open in terms of
the abovementioned issues. Businesses with no women in top
Adding to it, employers must positions have decreased from
38% to 32%
also focus on fair appraisals
as well as base promotions
in productivity rather than
hard work. When evaluating
leaders, organizations often
take into account leadership
Leading positions held by women
characteristics rather than
effectivity. CANADA UNITED STATES
With truly great benefits,

balancing between male
and female leaders in the
organization does not only 25% 21%
ensure diversity in the
organizational culture but also
LATIN AMERICA
encourages analysis from very In Latin America, businesses
different perspectives, directly with no women in top
affecting organizational positions have decreased
decision making. As leadership from 28% to 18%
styles are evolving, we are
indeed moving towards
new communication and
governance ways. Moving
away from top-down to
Senior roles held by women
bottom-up communication,
leadership has been shaping WESTERN EUROPE EASTERN EUROPE
around individuals with better

listening and comparison
activities, rather than directive
26% 35%
and narrative abilities.
Leading Role Models

Regardless of the obstacles,
women have begun to take
over leadership positions
In the European Union,
in both public or private 26% of top positions
organizations, conveying are held by women
that many parts of the world
have not just identified but
42 | PECB Insights / June, 2017 Source: Grant Thornton 2015 PECB Insights / June, 2017 | 43
have started working towards
eliminating this problem.
However, women are still

struggling to retain leading
positions and are rather
performing supportive
leadership roles in todays
organizations. Again, depending
on the industry and the region,
women leaders shall begin to
continue their challenge on
breaking through discriminatory
perceptions among them.
Mentors and role models are
having a vast impact on this
aspect. Following the success
of female leaders is positively
influencing women and
motivating them to achieve top
positions.
Some of the most powerful

women in the world, followed as
role models are:
Sheryl Sandberg Indra Nooyi Debra Hay Hampton

COO of Facebook CEO and Chairperson President of Cornerstone
of PepsiCo Engineering, Training and
Consulting
Rinske Geerlings Michael C. Redmond Mary Barra

Founder, MD and Principal CEO of Redmond Worldwide CEO of General Motors
Consultant at Business As Usual
Christine Lagarde Barbro Thyr Marissa Mayer

Managing Director of the CEO and Consultant at CEO of Yahoo
International Monetary Fund CeBeLOT
social norms set historically identify the necessary changes

Recommendations to emphasize upon gender to be made and act resiliently.
differences should serve as In the meantime, speaking
Leaving aside prejudice, a starting point to challenge from the organizations side of
we shall emphasize upon the current perceptions of things, investing towards the
the abolishment of gender leadership qualities and attractiveness and favorability of
differences and social etiquettes differences between men and pursuing leading positions in the
we conduct every day towards women. While our priorities organizations should remain a
both women and men. and business environments are primary condition to achieve the
Working in contrary to the constantly evolving, we must desired diversity.

KEYNOTE SPEAKERS
ROBERT MAZUR
THE INFILTRATOR
B E H I N D T H E D R U G C A R T E L O F M E D E L LI N
PECB
INSIGHTS
CONFERENCE 2017 KEVIN MITNICK
STANDA RD S, S ECU R IT Y & A U D IT I N G THE WORLDS MOST FAMOUS HACKER
GEORGE KOHLRIESER
FORMER HOSTAGE NEGOTIATOR
IMD BUSINESS SCHOOL PROFESSOR OF
LEADERSHIP AND ORGANIZ ATION AL BEH AVIOR
FATON ALIU MILLER A. ROMERO C HENRI HAENNI CARLOS ALFONSO
General Manager Management
Co-Founder, President and Consultants & Auditors S.A.S
Founder and Senior Consultant RESTREPO ORAMAS
COO at PECB at Abilene Advisors CEO of Restrepo Oramas SAS
Bogota
Canada Switzerland Colombia
Colombia
ROBERT POULIOT LOUISE REN ST-GERMAIN

CHANTALE PINEAULT
Director and Head of Audit Director Consulting
CHAMPOUX-PAILL Chief Audit Ofcer
Director Sainte-Justine
Committee FAIR Canada Services at Victrix at PECB Europe
Hospital and CHUM
Canada Canada Luxembourg
Canada
JEAN-PHILLIPPE LUC POULIN

PIERRE DEWEZ RINSKE GEERLINGS
JOUAS CEO, Information / Application
Managing Director at
Founder of Mhari - Former CEO at PECB Europe Security Senior Advisor at
Business As Usual
President of Clusif Luxembourg Cogentas Canada
Australia
France Canada
MICHAEL C. VANESSA HENRI GRAEME PARKER ANDERS CARLSTEDT

REDMOND Legal Counsel at Managing Director CEO at Parabellum
Lead Strategic Consultant Above Security at Parker Solutions Group Cybersecurity Services
at EFPR Group A Hitachi Group Company United Kingdom Sweden
United States Canada
SBASTIEN GAMBS
JURIS PUCE MIKE GRAY MATHIEU LACHANE Security of Computer Systems
CEO at analytica.lv CEO at PIRII Australia Pty Ltd. Founder and CEO at Ubios Professor at Universit du
Latvia Australia Canada Qubec Montral (UQAM)
Canada
AYO OGUNKOYA KARSTEN DECKER SERGE BARBEAU

BEVAN LANE Senior Advisor and
Principal HSE & Risk Owner and CEO, Project Director at
Director Infosec Consulting
Management Consultant Decker Consulting GmbH Gestion Jean Bourdeau inc
South Africa
Canada Switzerland Canada
JACOB MCLEAN RENAUD LACHANCE SBASTIEN LAPOINTE

Principal Consultant and SCOTT PERRY Former general auditor of
Chief Information Security
Managing Director of Kaizen Principal at Scott S. Perry Quebec; Fellow of the CPA
Ofcer at Socit de transport
Training & Management CPA, PLLC (Chartered Professional
de Montral (STM)
Consultants Limited (KTMC) United States Accountants) Order
Canada
Jamaica Canada
SAMUEL ABDOUL KARIM GANAME DAVID ANDERS

DOMINIC JAAR
DUCKWORTH-ESSILFIE Canadian Clients &
Founder, Cyber Security CEO / President at
Founder/CEO Sophies Researcher & Consultant iCertWorks, SecuraStar
Markets Leader, Advisory at StreamScan inc.
Consulting Inc and ISO Manager Software
Canada Canada
Canada United States
GENEVIVE
JACQUES BERGERON GUSTAF STAWSEN MRIO LAVADO
Former Auditor General of BROUILLETTE
The City of Montreal Training Development ofcer CISO at CENTIRO Solutions AB Partner at INOSERV
Canada at TS Formation Sweden Portugal
Canada
MARIE-NOLLE REN W. VERG
Speakers
GODIN Information Security Ofcer
Techno- Pedagogue at at Bombardier Aerospace
Pardeux Co-Founder and CEO at VoD2
Canada Canada

ATTENDING
Pre-Conference
Training
Courses
There are many skills that
you can take advantage
of while attending a
conference. However, you
can take advantage of and
benefit from much more if
you choose to attend Pre-
conference Training Courses.
The value of effective representation of
company values through
build upon your analytical
approaches and reveal unknown
Pre-Conference employees in these events needs potential solutions to problems.
to definitely be considered.
Training
From the individual perspective, it Why should we
Conference organizers have
made a great effort to expand
is an exceptional benefit to expand
knowledge while adding different
attend?
the value of the pre-conference problem solving alternatives on Depending on how the Pre-
trainings by significantly your day-to-day activities and Conference Trainings match
focusing their efforts on concerns. Being able to gather first your interests, it will be a great
advancing the skills and hand exclusive information at an opportunity to work towards
competencies of participates. intensive learning environment expanding the knowledge base
The value of Pre-Conference is surely what makes the Pre- about one topic or another.
Training courses is multilateral. If Conference Training courses In terms of career goals, Pre-
we look at it from the employers great. Different from familiarizing Conference Trainings do provide
perspective, enabling attendance individuals to best practices, knowledge validation through
of employees to various Pre- this event also serves as a great certification. Hence, various
Conference Training sessions will opportunity to socialize with certifications through exams give
indeed represent an outstanding individuals sharing the same great advantage to ones career.
effort to develop their talent interests. Meeting with like- Moreover, learning in a new
within the organization. Also, minded individuals will certainly
environment will definitely bring

fresh thinking and new creative
What to expect? to mention as one of the
most productive aspects of
ideas that we sometimes be the training. Arguments from
As intensive as it may sound, the
missed in our daily 9-to-5 jobs. all sorts raise questions and
Pre-Conference environment
reveal a lot of actual problems
gathers a lot of professionals
New ways of working can also be for which you will have the
with various backgrounds but
figured out to increase efficiency possibility of either being
with the same interests in self-
on your daily activities. Also, you instructed with or directed to
development. More importantly,
will be exposed to hands-on and solutions. Consulting with other
it gives you the chance to meet
very specific information in your members of the group that
people in a very exciting mood
industry. This will unquestionably come from different industries,
and positive energy for business
be subject to facilitate your backgrounds, professions,
development and networking.
approaches and get greater focus and cultures, and with the
Interaction in such a professional
on how you can advance your instructor on excessive topics is
community becomes very
business. not something you are exposed
interesting in terms of the ways
to in your everyday lives. After
one can cooperate with another
Investing in your-self through all, focusing on getting the
to aid on business growth.
Pre-Conference Training courses most out of a specific topic
will be worth it in both the short for a few days will turn into a
and long run of your career In such an open setting, group great source of professional
development. discussions are also mandatory fulfillment.
solutions to complex problems. both organizational performance
Professional fulfillment is another and societal development in
Maximizing the very important aspect, helping a large scale, the skills and
benefits to pursue career development.
Getting expert knowledge
knowledge are certainly going
to be passed upon the other
With all these benefits lined- and obtaining professional members of your working group
up, we should really get the certifications is becoming a in the organization. From the
feeling of what will happen mandatory requirement in many employers side, the need to raise
next. Maximizing the benefits countries of the world for a performance bars is mandatory
delivered by a Pre-Conference wide range of industries. Many to establish a resilient culture in
Training can occur in numerous industry and governmental pursuit of the company's vision.
ways. Again, lets take a look regulations have been
at this scenario from two emphasizing upon the necessity In the meantime, let's
sides. Individually, apart from of validated professional experience an entertaining and
professional development and competencies to carry on distinguished event. Attendance
certification, we will have a spark with compliance to numerous to such trainings is very
of creativity leading to incredible frameworks. Directly affecting adventurous.

PECB INSIGHTS CONFERENCE
Pre-Conference Training Sessions
Graeme Parker Anders Carlstedt

Managing Director at Parker Solutions Group CEO at Parabellum Cybersecurity Services
ISO 37001 Foundation Anti-Bribery Cyber Security Audit Foundation
Management Systems
Delivered in English
Delivered in English
Jean-Philippe Jouas Serge Barbeau

Founder of Mhari - Former President of Clusif Senior Advisor and Project Director
at Gestion Jean Bourdeau inc.
Risk Assessment with MEHARI Method
ISO 37001 Foundation Anti-Bribery Management Systems
Delivered in French
Delivered in French
Montreal, Canada June 27th & 28th,2017

EXPERTISE
itcoin
A Revolution of
the Conventional
Payment System
The Rise of Bitcoin in a different way. This system
maintains the identity of its
party to another without the
involvement of a financial
in the database permanently. A
hash is simply a mathematical
anonymously and not be
backed by any governmental
many countries have passed
laws which limit the use of
users anonymous or shielded institution. The users can make algorithm that takes an input authority, bitcoin has proven bitcoin under a certain legal
Bitcoin is a digital payment
by pseudonyms under a transactions via a bitcoin wallet, and converts it into an output. to be a major concern for many framework. In 2013, Silk Road,
system, which was developed
decentralized system where which is a downloadable app Bitcoin miners will compete law enforcers and regulators. a secret marketplace for illegal
by an anonymous programmer
no one is in charge, neither the on both computers and mobile to solve these mathematical The primary concern related products and services in the
or group of programmers who
governments nor the banks, nor devices. These transactions are problems and whoever solves to bitcoin is its potential for deep web, was targeted and
identify under the name of
Nakamoto. stored in a public ledger known the puzzle first, gets to put the money laundering and other shut down by the FBI. One
Satoshi Nakamoto. Even though
as a blockchain, where the block on the block chain, and illicit activities. Due to the could purchase anything from
the origin of bitcoins remains
Bitcoin is a system of peer-to- entire bitcoin network relies. earns bitcoins as a reward. ease of transferring money drugs to firearms without
ambiguous, bitcoin emerged
peer networking which uses Blockchain can either be private between countries without being traced. Bitcoin was the
as a cryptocurrency, in which
instant and private transactions. with restricted membership any prior monitoring, money only acceptable payment on
strong algorithm encryptions
were used to secure transactions This enables users to make or public, thus reachable to Legality laundering presents a key legal Silk Road. After the FBI shut
direct payments from one anyone. issue. Provided that bitcoin down their website, they seized
Bitcoin has been a offers the simplicity of moving around $3,6 million worth of
MINERS revolutionary internet-wide money without having to go bitcoins, which is considered
payment system, which has through a central authority, as the largest seizure of bitcoin
become a matter of great it has been highly praised by to date. Stories like that of
TRANSACTIONS public interest and as its criminals who perform illegal Silk Road associate bitcoins
BLOCK
popularity increased, the transactions without leaving with illegal activity. However,
Transactions Are
Broadcast to the Network Miners Create a Block and debate as to whether it is any trace. However, given the whether illegal or not, bitcoins
Include Transactions
legal or not has intensified. bitcoins popularity among have grabbed the publics
Given its ability to be used these notorious groups, attention so far.
PROCESS BLOCK
STARTS OVER PUZZLE
HOW THE BITCOIN
BLOCKCHAIN WORKS Miner Solves Puzzle And
Creates A Proof of Work
VERIFICATION PROOF
OF WORK
Miners Verify The Miner Solves Puzzle And Gets A
Proof Of Work Proof Of Work in which miners use
their computing power to validate
and record transactions into a
PROOF OF WORK MINERS
public ledger
Successful Miner Broadcasts

Its Proof Of Work To The
Other Miners
The Bitcoin Game common analogies that can be

related to bitcoin mining is gold
known as block chain.
To begin the mining process,
mining. Similar to other metal the computers are given a
In the traditional banking supplies in the world, there is complex mathematical problem
system, central banks print a limited amount of bitcoins to solve every ten minutes,
or issue money based on the available for the potential which results in generating
corresponding economic users, namely 21 million. a block that contains the
needs. However, this is not the Bitcoin mining is the process of latest transaction data. Each
case with bitcoins. Bitcoins validating the current bitcoin one of these created blocks,
are generated through a transactions, known as blocks, contains a hash of the previous
more complex system known and adding them to the record block and is placed in a linear
as mining. One of the most of previous block transactions, chronological order and stored
stages of bitcoin evolution. In Bitcoin Ups and Downs
addition, bitcoins are highly
volatile because there is a limited The price of bitcoins is highly volatile and there is no centralized
amount of bitcoin supply, while exchange for it. Since its conception in 2009, bitcoins price has
the demand increases on a daily increased tremendously compared to its initial price of below $0.14.
basis. As the currency gained a viral traction, its high demand relative to
its limited supply, caused an upward shift in its price until it reached
The bitcoin governance is dollar parity, meaning it hit a $1.06 per bitcoin.
mainly based on the blockchain;
whereby the interaction Market Price (USD)
between technology, computers 2,500
source: blockchain.info
and people involved in the

2,000
communication network
occurs. The public blockchain 1,500
Bitcoin Governing
USD
financial system with the currency that undermines is an independent system
purpose of increasing efficiency, the consolidated behavior of communication, where
1,000
without direct state control and of government and central the rules and incentives are 500
governance consistency with governmental banks. Further, bitcoin provides established on the general
planning. However, the an antagonist standpoint of agreements among users in Jul 15 Sep 15 Nov 15 Jan 16 Mar 16 May 16 Jul 16 Sep 16 Nov 16 Jan 17 Mar 17 May 17
Ever since the payment system appearance of a digital currency, the centralized system, in the bitcoin network. There is
has taken the lead in the world particularly bitcoins in 2009, has terms of governing without no intermediary in the chain Seeing its growth potential, numerous magazines wrote about this
financial system as a medium revolutionized the traditional governments, indicating a network of communication new cryptocurrency causing its price to rise up to $9 per bitcoin. In
of exchange, it has undergone economic philosophy of shift of political resources between bitcoin users. 2011, the market value for all bitcoins in circulation was around $130
major challenges in regards centralized financial systems, while relying heavily on In November 2016, the Bank of million. However, as bitcoins price was constantly rising, disturbing
to the government economic whereby the central bank i.e., technology. Indeed, bitcoins are International Settlements (BIS) events began to bedevil its popularity. Some users started claiming
policies and other financial the US Federal Reserve Bank, not controlled by any central has questioned the ability of that substantial amounts of bitcoins had been stolen from their
institutions requirements. has direct control over other authority institution; they are banks to exert control over the computers stimulating a massive sell-off, thus lowering the price of
Generally speaking, the financial institutions. Thus, the rather defined by the bitcoin world economy, considering that bitcoin. Provided this massive fall, the market forces conspired to
payment system has taken bitcoin falls under the right wing protocol, implying the fixed this may put the power of central prevent the scheme. The speculators flocked to take advantage of
different forms from large of libertarianism values, which rate of money supply in the bank institutions at risk. such low prices causing an immediate increase in the price of bitcoin.
circle stones, cattle, metal aim at downsizing the control market. In addition, bitcoins
coins, and leather money of governments on the state do not serve as the lender of In addition, the decentralized Bitcoins in circulation
to modern coins, paper economy. last resort or pose any future system of bitcoins has source: blockchain.info
16,500,000
currency, credit cards and risk of hyperinflation in the transformed the conventional
digital currency. Considering In other words, Bitcoin represents market; however, there is a risk structure of centralized
16,000,000
the latest financial crises, it a modern decentralized digital of hyper deflation at the later systems regarding the lack of 15,500,000
BTC
is not unusual to witness the restrictions in international 15,000,000
emergence of alternative money transactions, inexistent

14,500,000
payment systems, aimed transaction fees, completely
to facilitate the exchange transparent and quick transfers Jul 15 Sep 15 Nov 15 Jan 16 Mar 16 May 16 Jul 16 Sep 16 Nov 16 Jan 17 Mar 17 May 17
of goods and services and at the users convenience. In

establish a payment system terms of security, bitcoin is The price of bitcoin has been subject to major ups and downs and
that is acceptable by the based on the premises of an as its supply is being soared, the demand for bitcoin is constantly
society. encrypted structure aimed exceeding its supply. Analyzing bitcoin trends throughout years,
at emphasizing the role of it can be noticed that bitcoin has moved from a stage of sin
The principles of governments cryptocurrencies in the world enterprises to a steeper progression of legitimate enterprises. The
and financial institutions financial system and ensuring increase in the number of bitcoin ATMs from 538 in January to 838
are tightly linked with the a safety economic culture. in November 2016, shows that the price of bitcoin is expected to
centralized concepts and Nevertheless, it is to be seen increase to $3000, a peak that has not been reached so far.
approaches. Since the how governments and central
medieval times, governments bank institutions cope with
have supported and reinforced cryptocurrencies in the near
the idea of a centralized future.

The impact of Bitcoins in the reduction of financial instabilities and inflation risks.
Recently, the Prime Minister of Malta, Joseph Muscat
Unlike, the conventional pull payment system,
bitcoins denote to the push payment system
first quarter of 2017, the transaction volume
of bitcoins was $260 million or $180,000 per
Global Economy has stated for Malta Profile that other European where the transaction is initiated from the minute according to the Blockchain Luxembourg
regulators may be wary of the new technology, payers side to the payees side. Moreover, S.A.R.L. This volume of transactions indicates a
Is the current global economy moving towards a but the fact is that its coming. We must be on the the high interest rates of 9% in international growth in international financial transactions,
digital-based economy? Truly, thats uncertain. There frontline in embracing this crucial innovation. We banking transactions have affected most of and an increase in interactions and usability
is an ongoing debate between the supporters and must be the ones that others copy, and Europe the business and individuals involved in the among different profile users. More than 75,000
opponents of the digital-based economy, in regards should be the bitcoin Continent. working force. However, bitcoin generates lower merchants, including Etsy, Dell Computers,
to the role and impact of cryptocurrencies in the transaction fees, rarely to 1% of its transaction Expedia, Zynga, WordPress, Overstock, Amazon
world economy. The supporters of the digital-based The direct impact of bitcoins in the global economy value; providing a signal of improvement in the and Microsoft have started to accept bitcoins in
economy argue that cryptocurrency is the greatest is related to the payment system, in regards to transaction system, while encouraging individuals exchange for their goods and services. Perhaps,
innovation in the economic system because of the improvement of efficiency in the international to embrace digital currencies. in the near future bitcoins could become a
its decentralized nature of operation that implies transaction system, emphasizing self-independence, Nowadays, the trend of bitcoins has surpassed genuine payment system that will be accepted by
profound changes in the state economic policies, built-in scarcity and increased security. its planned limits of expansion, whereby in the business, customers and the society.

SUN, SEA
AND A TRAINING
OPPORTUNITY Miami Beach, Florida
More than ever, leading need to be certified against measured independently using
organizations are constantly internationally recognized capable auditors with experience
improving their business standards and comply with and knowledge regarding the
ADVANCED AUDITING TECHNIQUES processes and operations
through the implementation
its requirements. Not only to
distinguish themselves from
benefits and advantages that
business can achieve through
TRAINING COURSE EVENT NORTH AMERICA of internationally recognized competitors, improve their proper implementation of
standards to achieve their operational performance standards.
objectives and enhance or to assure clients of their
customer satisfaction. Businesses credibility; but in many highly Auditing ensures that businesses
today need comprehensive regulated sectors Management manage their key processes
controls in order to accomplish Systems Certification are not in a comprehensive and
their legal responsibilities, meet optional anymore but extremely effective way through analysis,
In the last years, our world has developing world, organizations their ambitions for growth in demanding. However, gaining a evaluation and review. As
profitability and quality, or certification alone is not enough. a fast growing field, thanks
changed a lot. Somehow, this are facing significant difficulties demonstrate discipline across An essential part of the to rigorous governance and
strongly globalized modern in managing efficiently their an organization. Being that our management system is the audit, regulatory requirements,
society is moving towards a which enables the company or auditing offers a surprising
world with rapid economic and businesses and the struggle zero risk tolerance, benefits of organization to demonstrate its variety of job opportunities.
social changes is creating new to become more successful is international standards extend achievements, the competence Working independently and
from organizations internal of management and how they traveling around the world
challenges in our lives. In this increasing every day. benefits to the socio-economic meet their objectives while while conducting audits against
global development. showing conformity to the nationally and internationally
standards. To ensure that a recognized standards is just one
Regardless the size or company is operating correctly, of many extraordinary benefits
complexity, organizations today Management Systems are best of being an auditor.

LOOKING FOR SIMILAR EVENTS?
ENJOY SPLENDID PLACES AND GET A THOROUGH
UNDERSTANDING OF ADVANCED AUDITING TECHNIQUES
Upcoming Events
As the demands for Management This remarkable event experience and programs for conducting MS
Systems Certification are in empowers professionals and audits based on with best-known
place, PECB has established an leaders from around the world practices including ISO 19011, ISO
excellent detailed Management to unfold their full professional 17021-1 as well as the Generally
Systems Certification program potential and achieve worldwide Accepted Audit Standards (GAAS).
so companies can reach the recognized certification. Likewise, Not only did attendees learn how
highest level of performance, the event allowed participates to enhance, plan and execute
meet customer expectations to gain the confidence to start audits across organizations, they
and emphasize continual or advance a career in auditing also had the chance to share their
improvement. Following the management systems, develop knowledge, ideas and experience Lagos, Nigeria Dubai, United Arab Emirates
September 18 to 20, 2017 October 30 to November 1, 2017
necessary changes in improving risk-based thinking and create with one another while relaxing in events@pecb.com events@pecb.com
the certification process, PECB network opportunities with a beautiful environment.
has decided that the minimal successful experts. During this
requirement for someone to event, the participants had the It is the overall objective of PECB
perform Accredited Management chance to explore the beauty of an to help professionals expand their
Systems Audits for PECB is to amazing tropical city like Miami, educational capacity in various
successfully pass the Advanced its exclusive beaches, amazing fields and provide them with the
Audit Techniques exam, which cuisine options, classy culture, and knowledge to build an outstanding
is a requirement to obtain the fascinating sunset which happens career while having fun traveling
formal certification. The aim to be one of the most magical to different places. The ticket to a
of requiring this additional experiences, known as the golden successful career is being part of
certification is to make sure that hour. the PECB Certified MS auditors
PECB MS Auditors sharpen their network as it will open a world
auditing techniques to effectively Spread over several days, this of opportunity for individuals San Francisco, California Petaling Jaya, Malaysia
October, 2017 November 13 to 16, 2017
perform audits and not only to intensive training course event and allow them to demonstrate support@pecbnorthamerica.com southeast-asia@pecb.com
meet minimal requirements, but improves the auditors knowledge credibility and professionalism
exceed them. on how to manage audit teams within the business world.
TRAINER INTERVIEW WITH
ANDERS CARLSTEDT
Managing Director at PECB Nordics
What methodologies do you use to prepare and teach a curriculum?
To prepare I try to look at the material and ask myself is this something that can be
applied or of use if I was a student participating in this course? I then address this by
making sure I can explain in detail any area from a practitioners perspective.
Which subject do you teach more often? What are the advantages of the
mentioned training course?
I teach primarily risk, information and IT-security courses as well as MS Audit courses.
It provides the participant with a solution Platform and help students both get the
whole picture as well as detailed info on activities paired with the input on hands-on
experience from an internationally recognized expert in these areas.
Can you tell us about a time your training didnt have the good results you
expected. What happened and what did you learn?
This was a long time ago, about twenty years or so. A consulting company hired me to do a
course on a specific subject and then sold it as a different product to their clients. Needless
to say not all students were entirely happy... To make it work with the right partners.
If your students were asking you irrelevant questions, what would you do to
keep the training course on topic?
I simply tell them that it's unfortunately off topic but that I am happy to discuss it in the
next break.
People learn in different ways and with varying speeds. How would you ensure
everyone in your program develops their skills?
By always asking for feedback on speed, tone, focus, technique etc. and also using
various approaches to addressing the topic. Some people learn well by simply attending
lectures, other by participating in group exercises or by asking questions.
How do you engage students in a training course?
For example by trying to relate to the real world by relating to examples and war stories
and asking them about their experiences.
What advice would you give to new trainers in enhancing their training
dynamics?
Prepare before and make time to have students have their say on relevant topics.
LOCATIONS
LIFESTYLE
was for an Archaeological dig
The
in Trujillo, in the North of Peru.
I spent one month digging a
Dream
buried city located in the desert
between two pyramids. The
second time was to discover
the archaeological wonders of
the South of Peru. This is when
I discovered Machu Pichu, one
of the most photogenic sites
Spot in the world. Located in the

mountains, the spectacular
site offers you the luxury of
leaving all the beliefs and
certainties home, and viewing
First as an Anthropology part of traveling that makes all a bit, discover great places all you assumed you knew, in
student, then later as the CEO of the less pleasant sides worth it: through the words of someone a different light. We walked for
PECB, my functions took me to discovering new food, meeting else, and perhaps find our next three days in the mountains of
travel all over the world. While in fantastic people, visiting vacation spot. So I will begin. Peru to get there, but next time
the eyes of some, the unknown majestic sites. These are the in Tuscany surrounded by a a bus to take us to some local Ill take the train.
is what gives value to traveling, three reasons (not necessarily in Favorite Hotels countryside road and medieval restaurants. One of these
theres always a part of it that I order) why I travel: food, people villages. restaurants was Scacciaguai in Im going to Peru a third time,
hate: the scrutiny of customs, the and sites. Barga, a village near the hotel. in January 2018. Im delighted
I cant say that this is the
uncertainty of flight schedules It was January, and thus a bit The food was spectacular, both to inform you all that PECB will
best hotel Ive visited, but it
and connections, airplane food, Im delighted to introduce this chilly, but the morning fog in quality and quantity. We ate be hosting its annual winter
is definitely one of the most
not being able to bring all my new PECB Insights chronic. We over the Tuscan hills made the and drank for three hours, and, event in Cuzco, Peru. Cuzco was
memorable stay I had: the
personal items There are many invite a PECB partner, trainer, view look magical and surreal. indeed, this remains one of the the sacred capital of the Inca
Renaissance Tuscany il Ciocco
uncontrollable factors that can auditor, client or friend, to write The service was exceptional most memorable meals I ever Empire. It is a UNESCO World
Resort & Spa. In January
destroy even the best laid plans: about some of the best hotels as staff went over their heads had in my life. Very few of us Heritage Site and a good base
2015, PECB organized its
an overzealous custom agent, he or she has visited, and their to help us. The food was very could walk straight afterwards. to visit Machu Pichu.
annual partner event at this
a distant storm, a computer favorite spots or countries. The impressive as well. We had The Renaissance Tuscany is,
location. This hotel is located
glitch And then, there is that goal of this chronic is to relax an unforgettable event there. therefore, one of those places So I hope to see you in Cuzco.
in the Serchio Valley, a valley
During the evening, we rented where I know I will go back. Were going to have a great
time!
Favorite Country
Ive had the privilege of

discovering many countries
and many realities, but Peru
will always hold a special place
in my heart: exquisite cuisine,
spectacular archaeological
sites and amazing people.
Peru is one of those rare places
where you can eat well in any
restaurant. Peruvian cuisine is
one of the unknown wonders
of the world, both delicious and
extremely varied.
Ive been to Peru twice while I Eric Lachapelle

was an Anthropology student. Co-Founder, Chief Executive Officer
The first time Ive been there at PECB
Doing
Business
in Peru
With Lima as its capital, Peru is located in South America and
inhibits 32 million people. It is an undeniable fact that its historical
and cultural values have added much to the picturesque views
while attracting many tourists from all over the world. In terms of
business, this makes the country even more attractive. However,
we all can agree that we shall also take a look at the other side of
the story.

Country Overview
Peru is governed by a democratic republic
through a multi-party system. According to their
constitution, their president is the Head of State
and Government. Being one of the regions fastest
growing economies, Peru has managed to decrease
its poverty rates from 45.5% in 2005 to 19.3% in
2015. Their large mining exports have succeeded
to increase the countrys GDP levels and contribute
vastly to their economic growth during 2016. In
fact, Peru is considered to have one of the fastest
growing economies in the world. Rich in copper,
silver, lead, zinc, oil and gold, the government
encourages their exploitation by foreign investors.
Currently, the president of Peru Is Pedro Pablo
Kuczynski, and has been elected in 2016.
Perus Specific Advantages
Having a territory of 128 million hectares, its

territory ranks second across South America.
Succeeding in business in Peru, we must first try to understand some aspects of the country and how people Dividing this land in terms of resources, 8 million
actually behave in their daily routines. Typically, Peruvians are not very prone to accepting new ways of doing of these hectares have the potential to grow
things and known to be as aggressive negotiators. Business there has to be done in person. agricultural crops, 18 million are filled with
pastures, 19 million hectares count for sustainable
forestry activities, whereas, 54 other million
Population Religion hectares accommodate Perus natural resources.
30.9 million Freedom of religion The highlands of Peru, more specifically the Andes,
are very rich in minerals. Peru is also the country
Urban: 75.7% Principally Roman Catholic where the Amazon, the longest and mightiest river
Rural: 24.3% in the world, is.
Climate
Area Rangers from tropical in the Amazon Region to
1,285,215.60 km2 dry along the Coast. Temperate to very cold in the
Highlands
Time Zone
Currency*
GMT-5 (five hours behind Greenwich Mean Time).
Nueco Sol (S/.)
There is no daylight saving time, and there is only
S/.1 = US$ 0.357 one time zone throughout the entire country.
US$1 = S/. 2.80
Natural Resources
Principal Languages Gold, copper, silver, zinc, lead, hydrocarbons,
Spanish / Quechua / Aymara fishing, phosphates, and agricultural products
* Interbank exchange rate as of december 31, 2013

Source: Central Reserve Bank of Peru (BCRP) / International monetary Fund (IMF)
Switzerland 8%, Spain 3.3%, Germany 2.8% and Lucrative Business Environment
Netherlands 2.5%. Certainly, part of their exports Peru has a very lucrative business environment in
goes to their neighboring countries such as; terms of Mining and Manufacturing sectors of the
Brazil (3.4%), Chile (3.1%), Colombia 2.6%. economy. However, these being the main sectors
of economic development expose Peru to risk
Importing from Peru because of the fluctuation of demand and prices
of commodities. Ease of doing business in Latin
In contrary, Peru imports more expensive America, according to the World Bank (http://
and advanced products such as Electronic www.doingbusiness.org/rankings), ranks Peru as
and Broadcasting equipment, Computers, the third country with a great environment to start
Video Displays, Construction Vehicles, Refined up a business and operate it as a local firm. Yet,
Petroleum, Crude Petroleum, Cars, Delivery this has not contributed much towards attracting
Trucks, Medicaments, and Rubber Tires among Foreign Direct Investment to the country.
others. Hence, there is a great opportunity However, with its great development and
for exporting these goods from your country increasing income of Peruvians, marketing and
to Peru. With their GDP rising, and economy exporting various products to Peru should fulfill
blooming, Peru shall also be prone to accept the need for various technological products.
investments on luxury goods in the near future. Besides, most of the Peruvians are young. The
Following trade agreements, Peru accepts their median age in Peru, being 28 years old, leaves
goods mostly from China, United States, Brazil, us to think that Peruvians may be very prone to
Mexico, Canada, South Korea, Chile, Colombia, professional and career development; opening
Germany, and India among others. opportunities for various training and educational
The Amazon rainforest, counts for 59% of their Bilateral agreements: institutions to enter Peru.
national territory while inhibiting 12% of their
population. In this part of the country, you will Canada
find hot tropical weather with plenty of rain. The Chile
highlands are characterized as having a dry weather China
with huge variations during the day. Though, Perus Costa Rica
coast, counts for 11% of their national territory Cuba
while accommodating 52% of the population, European Union
concentrating the population density across the Japan
coastal line. Mexico
Panama
Free Trade Agreements (FTAs) Signed by Peru Singapore
include: South Korea
Thailand
Andean Community of Nations (CAN) United States
Asia Pacific Economic Cooperation (APEC) Venezuela
Forum
Peru Chile Free Trade Agreement (FTA) Perus Export Goods
Peru China Free Trade Agreement (FTA)
Peru - European Union (EU) Free Trade Known for their mineral richness, Peru is a very
Agreement (FTA) large exporter of Copper Ore, Gold, Refined
Peru Japan Free Trade Agreement (FTA) Petroleum, Zinc, Lead Ore, and Refined Copper;
Peru MERCOSUR Economic Complementation finding application in a variety of industries
Agreement (ACE) across the world. Besides, Peru exports a
Peru - Mexico Trade Integration Agreement substantial amount of grapes, coffee, and pellets,
Peru - Singapore and Peru Thailand Free Trade tropical fruits, and mollusks.
Agreements (FTAs) Peru exports its products in a variety of countries.
Peru - South Korea Free Trade Agreement (FTA) Specifically, 21% of their exports go to China,
Peru - United States Trade Promotion Act while 15% shipped to the United States, and 7%
World Trade Organization (WTO) freight to Canada. Made possible from their free
Future Agreements (Between Turkey and Peru) trade agreements, Peru also exports to Europe;
HAS DESIGNED A NEW WEBSITE!
Check out our new and improved www.pecb.com to find the information you Available in: Faster
are looking for.
We have created a modern new-look design with new functionalities, technical English User-Friendly Navigation
improvements to provide our visitors an easier way to find useful information
about our services. French Aesthetically Pleasing
SPECIAL THANKS TO OUR PLATINUM PARTNERS
OUR EXCLUSIVE DISTRIBUTORS
NORTH AMERICA O C E A N I A SOUTH EAST ASIA
A S I A
OUR GOLD PARTNERS
L A T A M
PECB AUTHORIZED
PARTNER
OUR INSTITUTIONAL PARTNERS

INSTITUTIONAL
PARTNER

WHATS BEEN
The latest courses offered by PECB are
developed to push forward the high
quality of education provided. In this
GOING ON IN
respect, we assure the continuity of
efforts to developing new courses and
maintain a continuous improvement
APRIL AND attitude. Facilitating the distinct materials

of study, this spring, we have promoted
MAY
numerous changes and will continue on
our personalization voyage.
APRIL MAY
New Courses Updated Courses
ISO 31000 Lead Risk Manager
New Courses ISO 22222 Lead Manager
ISO 9001 Lead Auditor

ISO 45001 Foundation Updated Courses Six Sigma Yellow Belt
ISO 9001 Lead Implementer

Certied Data Protection Ofcer ISO 21500 Lead Project Manager ISO 27005 Lead Risk Manager
PECB Certied ISO 27799 ISO 27001 Lead Implementer

ISO 17025 Lead Implementer ISO 45001 Lead Implementer
Foundation
PECB Certied ISO 19600 ISO 22301 Lead Implementer
Foundation
ISO 14001 Lead Implementer

Supervise Compliance with
GDPR - General Data
Be a PECB Certified
Data Protection Officer
Contact us at
customer@pecb.com
Connect the dots, capture
the bigger picture!
insights.pecb.com
When Standards Matter...

PECB Insights Issue 08 June 2017

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

PECB Insights Issue 08 June 2017

Загружено:

Авторское право:

Доступные форматы

Insights

ISSUE 08 / June 2017 When Standards Matter

86% 83% More than 85% of executives

Approximately 10% have

An effective ERM Strategy mitigates:

Financial Risks Operational Risks Compliance Risks Supply Chain Compliance

and its Revision

The ability to respond faster to unforeseen events

John Roos a Project, Program and Quality

12 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 13

Design of available Inclusive

f) Based on the best managing risk and

responsive to change Monitoring and Leadership

14 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 15

16 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 17

GDPR - General Data

A new regulation, a new

18 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 19

22 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 23

28 | PECB Insights / June, 2017

The Caridon Group is a company offering business

PECB Insights / June, 2017 | 33

36 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 37

The barriers faced every day from

38 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 39

With truly great benefits,

around individuals with better

Leading Role Models

However, women are still

Some of the most powerful

Sheryl Sandberg Indra Nooyi Debra Hay Hampton

Rinske Geerlings Michael C. Redmond Mary Barra

Christine Lagarde Barbro Thyr Marissa Mayer

social norms set historically identify the necessary changes

44 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 45

ROBERT POULIOT LOUISE REN ST-GERMAIN

JEAN-PHILLIPPE LUC POULIN

MICHAEL C. VANESSA HENRI GRAEME PARKER ANDERS CARLSTEDT

AYO OGUNKOYA KARSTEN DECKER SERGE BARBEAU

JACOB MCLEAN RENAUD LACHANCE SBASTIEN LAPOINTE

SAMUEL ABDOUL KARIM GANAME DAVID ANDERS

MARIE-NOLLE REN W. VERG

48 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 49

environment will definitely bring

54 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 55

Graeme Parker Anders Carlstedt

Jean-Philippe Jouas Serge Barbeau

Montreal, Canada June 27th & 28th,2017

Successful Miner Broadcasts

The Bitcoin Game common analogies that can be

and people involved in the

emergence of alternative money transactions, inexistent

of goods and services and at the users convenience. In

64 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 65

66 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 67

68 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 69

What methodologies do you use to prepare and teach a curriculum?

How do you engage students in a training course?

Spot in the world. Located in the

Ive had the privilege of

Ive been to Peru twice while I Eric Lachapelle

78 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 79

Perus Specific Advantages

Having a territory of 128 million hectares, its