Vous êtes sur la page 1sur 92


Taking Action!
There is always a risk

ISSUE 08 / June 2017 When Standards Matter

of Risk
The latest ambiguous economic developments during the last few years have
played a key role in terms of how organizations operate these days. Organizations
that used to function easily with the help of estimates and forecasts now reject to
make business decisions that are set in stone. At this present day, organizations are
seeking for a new focus: managing risk.

Why risk? Risk is the leading origin of uncertainty in every organization. As a result,
companies attention has shifted towards mitigating risks and managing them
before they have a disastrous impact on the organization. The ability to anticipate
risk will guide organizations towards acting more assertively on forthcoming
business decisions. An organizations knowledge of the risks that is facing will have
a majorly positive effect in terms of giving numerous possibilities on how to deal
with probable complications and problems.
COMPANIES IMPLEMENTING Enterprise Risk Management (ERM)

86% 83%
Have greater
Make better

79% 16%
Have greater Implemented ERM
management in their strategic
accountability planning

An effective ERM Strategy mitigates:

Financial Risks Operational Risks


More than 85% of executives

want to build ERM Processes

Approximately 10% have

completed their implementation

Organizations spend 12% of

total revenue on GRC activities

Compliance Risks Supply Chain Compliance

10 18 32

38 50 60

68 72 76

78 88 90
10 18 32
The Standard: The Expert Interview
ISO 31000 and its GDPR - General Data Brian Henry - CEO AT
Revision Protection Regulation THE CARIDON GROUP

38 50
Womens path to Attending
Leadership Pre-Conference
Training Courses

60 68 72
Bitcoin Sun, Sea and a Trainer Interview
A Revolution of the Training Anders Carlstedt
Conventional Payment Miami Beach, Florida

76 78
The Dream Spot Doing Business
in Peru

The Standard:
ISO 31000
and its Revision
10 | PECB Insights / June, 2017
In a world of constant change,
risk management is increasingly
viewed as a means of improving
the likelihood of success in the
challenging task of managing
the organizations reputation
and stakeholders interest. The
unmanaged risk is the greatest
source of waste, where as a result
thousands of jobs and expertise get
lost, and many great companies fail
to survive; consequently, standards
are considered to be very beneficial
since their implementation allows
the organizations to compare
their existing risk management
practices with internationally
recognized benchmarks. The ISO
31000 standard should be the first
step that shows organizations
commitment to ensuring the
evolvement of risk management.
Therefore, it serves as a guide
for identifying and prioritizing
important risks. Risk management
process is applicable to
organizations of all sizes and types,
and it is intended to be tailored
to meet the varying needs of the
PECB Insights / June, 2017 | 11
Key Points for an Effective The Purpose of ISO 31000
Risk Management Plan ISO 31000 specifies principles and guidelines of
risk management to identify, assess and mitigate
Understanding the value of risk management risks faced by organizations. It is designed to
helps organizations to achieve higher levels of help organizations ensure conformity with legal
efficiency, flexibility and transparency. and regulatory requirements and international
norms. In addition, it increases the possibility of
An effective Risk Management includes the achieving organizational objectives, improves the
following: identification of threats and opportunities, and
helps an organization in treating the risks and
Creates shareholders value by linking risk with minimizing the negative impact.
organizational performance;
Established common objectives and clear The standard consists of two related documents:
understanding of the effect of the potential ISO Guide 73 and ISO/IEC 31010. The ISO Guide 73
risks; provides definitions and terms that are linked to
Involvement of organizations members in Risk Management while ISO/IEC 31010 entails risk
crucial decision-making processes; assessment techniques. This standard provides
guidance on how to appropriately identify and
Effective risk assessment process and manage risks in order to minimize losses and
continuous improvement; maximize the opportunities. It outlines the
Increased risk awareness, and incorporation of principles for effective risk management and a
risk into the organizations culture; framework for supporting the implementation of
Appropriate risk management measures that continual improvement.
continuously facilitate the detection and
updating process of the risks and relevant Risk management capabilities can directly affect
actions to treat such risks. the costs incurred by the organization, as well
as the customer value creation. By effectively
managing the uncertainties which occur in the
business environment, those capabilities can turn
into a source of competitive advantage.

The ability to respond faster to unforeseen events

and the willingness to seek greater risks which
competitors are not capable of undertaking,
gives the organization the opportunity to
enhance future profits. Furthermore, risk
management is considered as a core aspect of
project management process, as it is viewed as
a promising tool for protecting organizations
reputation and brand, and improving the
sustainability and resilience of the organization.

John Roos a Project, Program and Quality

specialist stated ISO benefits exceed the simple
satisfaction of having just another certificate on
your wall. If such benefits are recognized and
acknowledged, the management will provide
approval and support to ISO as this ensures the
use of professional methods and techniques, and
simultaneously a high quality standard.

12 | PECB Insights / June, 2017

PECB Insights / June, 2017 | 13
A structure preview of the ISO 31000 8. Risk management takes human and cultural
factors into account
ISO 31000 consists of principles that may be 9. Risk management is transparent and inclusive
considered as the cornerstone based on which
10. Risk management is dynamic, iterative and
organizations success is built upon; a Risk
responsive to change
Management framework comprising 5 components
which ensure that the process for managing 11. Risk management facilitates continual
risk is fully integrated into the organization; and improvement of the organization
Risk Management processes that emphasize the
necessity for active communication and consultation Risk Management Framework
with internal and external stakeholders, and the
continuous monitoring and review. Policy and Governance
Program Design
The detailed components of the ISO 31000
11 Principles of Risk Management Monitoring and Review
Continual Improvement
1. Risk management creates and protects value
2. Risk management is an integral part of all Risk Management Process
organizational processes
3. Risk management is part of decision making Communication and consultation
4. Risk management explicitly addresses Establishing the context
uncertainty Risk identification
5. Risk management is systematic, structured and Risk analysis
Risk evaluation
6. Risk management is based on the best
Risk treatment
available information
Monitoring and review
7. Risk management is tailored

a) Creates Value
b) Integral part of
organizational processes
c) Part of decision making Mandate and
commitment Establishing the context
d) Explicitly addresses
e) Systematic, structured Risk Assessment
Communication and consultation

Design of
and timely
framework for Risk Identification
Monitoring and review

f) Based on the best managing risk

available information
g) Tailored Risk Analysis
h) Takes human and cultural Continual
Implementing risk
factors into account improvement of
the framework Risk Evaluation
i) Transparent and inclusive
j) Dynamic, iterative and
responsive to change Monitoring and
k) Facilitates continual review of the
improvement and framework Risk Treatment
enhancement of the


14 | PECB Insights / June, 2017

The ISO 31000 Revision
The ISO 31000 Revision has a
clearer objective: make things
easier and simpler for the user.
ISO/DIS 31000:2017 uses plain
language to define the basics
of risk management with the
expectation that the reader will
find it easier to understand. The
standard is intended to be more
concise, understandable and
comprehensible for the user. To
avoid potential complications,
it has been decided to reduce
the terminology in ISO/DIS
31000:2017 to the basic concepts
which are closely related to risk
management, which appears in
ISO Guide 73 - Risk management
- Vocabulary. An important
aspect of the progress within
the standard is the value of
human and cultural elements,
which facilitates attainment of
the organization's objectives.
Nevertheless, the main objective
set by the ISO 31000 standard
remains the same - to integrate
risk management into a strategic
and operational management Integrated
system. Continual

Human and
Value creation
cultural Customized
and protection

available Inclusive
Framework information
Dynamic Process

External context

Design Recording Communication

& Establishing &
Reporting the context Consultation

Commitment Risk Risk
Treatment Assessment


Internal context &

PECB Insights / June, 2017 | 15

It is important to note that the ISO/DIS 31000 The Value of ISO 31000
has been approved by the majority, and the next
meeting will take place in Sunnyvale, California ISO 31000 principles and guidelines may not only
from July 10th to July 14th. be employed to catalyze the professionalization
of project risk management, but also to enable
Carlos Horna Vallejos committee member at organizations to conduct coordinated research on
ISO/TC 262 stated: In my opinion, the main the effectiveness of risk management measures
change is the simplicity, an easier to understand and practices; thus, in so doing provide the
wording to extend the use of the standard. We necessary protection for the organization.
have new management systems with a focus on
risk management (all ISO requirements), greater ISO 31000 adoption will trigger the following
impact on GRC and compliance, and this standard benefits:
will help us to understand how to deal with
uncertainty to adequately address risks (positive, Increased probability of reaching organizations
negative or both) for achieving our objectives. objectives
Enhancement of proactive activities
Improved ability to identify and treat risks
within an organization
Enhanced capacity to identify opportunities
and threats
Higher conformity with legal and regulatory
requirements and international norms
Improved shareholders confidence and
Improved financial reporting
Improved governance
Consistent basis for decision-making and
Successful allocation of resources for risk
Improved coherence, effectiveness, and
efficiency of operations within organizations
Improved environmental protection as well as
health and safety performance
Lower financial volatility
Establishment of a resilient organizational

16 | PECB Insights / June, 2017

Having recognized risk management as a promising tool for improved economic performance and
professional reputation, it is of crucial importance to adhere to principles of standards such as ISO 31000.
This standard is viewed as an impactful body of knowledge for the project risk-management community.
PECB offers its expertise in multiple fields, including ISO 31000 courses, where it provides a shared
understanding of best practices with the ultimate goal of enhancing risk management effectiveness.

For further information, please visit PECB Certified ISO 31000 training courses.

PECB Insights / June, 2017 | 17


GDPR - General Data

Protection Regulation

A new regulation, a new

framework for better coping
with privacy issues in EU

18 | PECB Insights / June, 2017

PECB Insights / June, 2017 | 19
During the last years, an
enhanced attention has been
placed on the several studies
that aim to point out the
major costs on the existence of
different legal realities in the
State Members. For instance,
the annual estimated cost for
businesses was approximately
2.5 Billion. In addition, the
Commission itself drafted,
within the reflection process,
the need to draft a new
regulation on data protection,
several analyses on the cost of
the existing diverse legislation
amongst the State Members in
regards to international trade,
international data transfers,
etc. The rapid technological
development and globalization
have brought forward new data
protection challenges, where
due to such technological
advancement the economy and
social life have been subject
to systematic transformation;
thus, technology has further
facilitated the free circulation
of personal data within the EU,
as well as its transfer to third
countries and international

On top of this, EU companies

currently shall deal with
27 different national data
protection laws. This lack of
rule harmonization between
EU countries is an expensive Attitude towards data expressed the belief that their
administrative burden which protection - Some personal data can be used by
enhances the difficulty for companies for purposes different
figures from what the information has
many enterprises, especially
small and medium-sized been initially collected for.
Authorities and institutions
ones to enter new markets.
are more trustworthy than Most Europeans believe that
Trust is considered the core
European companies (especially companies that violate data
foundation of successful
online businesses), 88% of protection rules should:
businesses, and as such data
the respondents felt that their
protection shortcomings can
personal data would be better Receive fines (51%)
do irreparable damage to
protected in large companies Be prohibited from using
companies credibility, as it takes
if they were obliged to comply such data in the future (40%)
years to gain a customers trust,
with data protection laws. In Be forced to compensate
but only an instant to lose it.
addition, 70% of Europeans victims (39%)
20 | PECB Insights / June, 2017
These factors may form an electronically, GDPR aims to
obstacle for the exercise of update and harmonize laws to
economic activities at the EU better address the contemporary
level, prevent the free circulation privacy challenges posed by the
of personal data within the EU, internet, social media, mobile
and prevent the authorities from apps, cloud computing etc.
meeting their correspondent Additionally, GDPR proves to
functions and responsibilities to be efficient and necessary as it
conform to the European Law. lowers the administrative burden
for companies that previously
The importance of customer trust dealt with multiple data
in the development of digital protection authorities.
economy triggers the necessity
for the establishment of a more What are its objectives?
solid and coherent framework for
data protection in the European The objective of EU data
Union that is backed by the strict protection reform is to
implementation. modernize, simplify and
strengthen the data protection
Usually, people must have framework that facilitates
control of their own personal the implementation of the
data while obtaining a certain Single Market Strategy. This
level of legal and practical will foster economic growth,
security which shall be reinforced innovation and job creation.
by economic operators and The reform will considerably
public authorities. reduce administrative burdens,
especially for SMEs, including
Why is GDPR so the current obligation to notify
data processing, which amounts
necessary, then? to a 130 million/year cost for
businesses, or prior authorization
Considering that currently the
for international transfers Data
vast majority of information
based on mandatory rules or
is produced and consumed
standard contractual clauses.

The Directive 95/46/EC did

not meet its objective to
homogenize data protection
across the Member States, as:

Data protection has been

applied in a fragmented
Risks for natural persons in
online activities continue to
There are divergences
on the execution and
application across the
Member States
PECB Insights / June, 2017 | 21
The statement above can be A unique framework for have to be more accountable
easily summarized in three a unique market with for their data processing.
simple aspects: Companies employing more
some obligations for than 250 employees, as well as
1. This Regulation lays organizations the companies whose processing
down rules relating to of personal data may result in a
the protection of natural After years of wrangling, the potential risk to the rights and
persons regarding the GDPR is now a fact, and finally, freedoms of data subjects, shall
processing of personal data companies will only have to deal maintain a record of processing
and rules relating to the free with a set of data protection activities.
movement of personal data. rules and be accountable to a
2. This Regulation protects single data protection authority Core activities of companies
fundamental rights and - the national authority in that consist of data processing
freedoms of natural persons the EU country where their operations and require
and their right to the main establishment is located. systematic monitoring on a
protection of personal data. This single window for data large scale must appoint a DPO
3. The free movement of protection will greatly simplify (Data Protection Officer). Core
personal data within the the way companies interact activities refer to operations
Union shall be neither with data protection laws and that are rather necessary to
restricted nor prohibited encourage cross-border trade reach processors goals. Even if
for reasons connected with and investment in the internal a businesss core activities do
personal data processing. market. In return, companies will not require regular monitoring,

22 | PECB Insights / June, 2017

appointing a Data Protection One of the most effective ways
Officer will be considered a good to implement these principles of and possible
practice and will help in proving privacy by design and privacy by
accountability. default is with the help of a Data penalties
Protection Impact Assessment
"Privacy by design" and "Privacy (DPIA). This assessment will Amongst the many changes that
by default" are principles that allow the identification of risks the new regulation involves,
should be integrated into involved in each process of the increased compliance
business processes. Privacy personal data processing, the that is backed by the threat of
by design implies that data possible impact on the rights substantial fees is one aspect
protection safeguards should and freedoms of the data that reflects the importance of
be incorporated into products subjects and finally determine the regulation. Organizations
and services from the design the measures envisaged to found to be in breach of the
stage, rather than adapt such be aligned with the GDPR. regulation, can be fined up
privacy features at later stages. Following article 35 (Data to 20 million or 4% of total
Privacy by default, on the other Protection Impact Assessment") turnover. As there are few
hand, means that in the default from the GDPR, such a DPIA will companies that would be willing
setting the user is already be mandatory when the process to take a hit of that magnitude,
protected from potential risks; of personal data may likely result this enforcement instrument
thus, default settings for privacy in a high risk for the rights and is to be employed to ensure
protection should be the norm. freedoms of the data subjects. compliance.

PECB Insights / June, 2017 | 23

To what does it apply? Key Changes by the Accountability: Companies
GDPR processing personal data
This Regulation applies to the from EU residents should
processing of personal data, Equity: A fair playing field not only follow all the
wholly or partly, by automated for companies through a requirements envisaged
means and to the processing single law applicable to any on the regulation for the
other than by automated means company throughout the EU. protection of personal data,
of personal data which form This harmonization should but also shall be able to
part of a filing system or are allow businesses to save up prove their implementation.
intended to form part of a filing to 2.3 billion euros per year.
system, but does not apply to the Simplification: Simplified Glossary of main
processing of personal data: regulatory environment concepts introduced by
by the drastic reduction of GDPR:
during an activity which falls red tape and bureaucratic
outside the scope of Union requirements that impose
law; Personal Data: Any
unnecessary costs on information relating to an
by the Member States when businesses.
carrying out activities which identified or identifiable
Unity of control: A "one- natural person (data
fall within the scope of stop shop" - EU companies
Chapter 2 of Title V of the subject); an identifiable
will report to a single data natural person is one who
TEU; protection authority (DPA),
by a natural person during a can be identified, directly
regardless of the number or indirectly, by reference
purely personal or household of countries in which they
activity; to an identifier such as a
operate. name, an identification
by competent authorities Cooperation: Enhanced
for the purposes of the number, location data, an
cooperation between online identifier or to one
prevention, investigation, ODAs to ensure coherent
detection or prosecution or more factors specific to
application of rules across the the physical, physiological,
of criminal offences or EU.
the execution of criminal genetic, mental, economic,
penalties, including the cultural or social identity of
safeguarding against threats that natural person.
and the prevention of such
threats to public security.

Advantages of this
A single
implementation control
More authority
confidence in
between A single
citizens and regulation

European Framework
companies providing
Trustworthy in
the global
Advantages reasonable
assurance of
market privacy

24 | PECB Insights / June, 2017

Processing: Any operation the use of personal data to data are not attributed to
or set of operations which evaluate certain personal an identified or identifiable
is performed on personal aspects relating to a natural natural person.
data or on sets of personal person, to analyze or predict Filing system: any structured
data, whether by automated aspects concerning that set of personal data which
means, such as collection, natural person's performance are accessible according to
recording, organization, at work, economic situation, specific criteria, whether
structuring, storage, health, personal preferences, centralized, decentralized or
adaptation or alteration, interests, reliability, dispersed on a functional or
retrieval, consultation, use, behaviour, location or geographical basis.
disclosure by transmission, movements. Controller: the natural or
dissemination or otherwise Pseudonymisation: the legal person, public authority,
making available, alignment processing of personal data agency or other body which,
or combination, restriction, in such a manner that the alone or jointly with others,
erasure or destruction. personal data can no longer determines the purposes
Restrictions of processing: be attributed to a specific and means of the processing
The marking of stored data subject without the use of personal data; where the
personal data with the aim of additional information, purposes and means of such
of limiting their processing in provided that such additional processing are determined by
the future. information is kept separately Union or Member State law,
Profiling: any form of and is subject to technical the controller or the specific
automated processing of and organizational measures criteria for its nomination
personal data consisting of to ensure that the personal may be provided for by Union
PECB Insights / June, 2017 | 25
or Member State law. of those data by those signifies agreement to the
Processor: a natural or legal public authorities shall be processing of personal data
person, public authority, following the applicable data relating to him or her.
agency or another body protection rules according Personal data breach: a
which processes personal to the purposes of the breach of security leading to
data on behalf of the processing. the accidental or unlawful
controller. Third party: a natural or destruction, loss, alteration,
Recipient: a natural or legal legal person, public authority, unauthorized disclosure
person, public authority, agency or body other than of, or access to, personal
agency or another body, to the data subject, controller, data transmitted, stored or
which the personal data are processor and persons who, otherwise processed.
disclosed, whether a third under the direct authority of Genetic data: personal data
party or not. However, public the controller or processor, relating to the inherited
authorities which may receive are authorized to process or acquired genetic
personal data in the 4.5.2016 personal data. characteristics of a natural
EN Official Journal of the Consent of the data subject: person which give unique
European Union L 119/33 any freely given, specific, information about the
framework of an inquiry in informed and unambiguous physiology or the health of
accordance with the Union indication of the data that natural person and which
or one of its Member State subject's wishes by which result from an analysis of a
law shall not be regarded as he or she, by a statement or biological sample from the
recipients; the processing by a clear affirmative action, natural person in question.

26 | PECB Insights / June, 2017

Biometric data: personal in the Union, unless the in the context of the activities
data resulting from specific decisions on the purposes of an establishment of the
technical processing relating and means of the processing processor take place to the
to the physical, physiological of personal data are taken extent that the processor is
or behavioral characteristics in another establishment of subject to specific obligations
of a natural person, which the controller in the Union under this Regulation.
allow or confirm the unique and the latter establishment Representative: a natural or
identification of that natural has the power to have such legal person established in
person, such as facial images decisions implemented, in the Union who, designated
or dactyloscopic data. which case the establishment by the controller or processor
Health data: personal data having taken such in writing pursuant to Article
related to the physical or decisions is to be the main 27, represents the controller
mental health of a natural establishment. or processor regarding their
person, including the About a processor with respective obligations under
provision of health care establishments in more than this Regulation.
services, which reveal one Member State, the place Enterprise: a natural or
information about his or her of its central administration legal person engaged
health status. in the Union, or, if the in an economic activity,
Main Establishment: processor has no central irrespective of its legal form,
About a controller with administration in the Union, including partnerships
establishments in more than the establishment of the or associations regularly
one Member State, the place processor in the Union where engaged in an economic
of its central administration the main processing activities activity.
PECB Insights / June, 2017 | 27
Group of undertakings: a Cross-border Processing: Relevant and reasoned
controlling undertaking and Processing of personal data objection: an objection to a
its controlled undertakings. which takes place in the draft decision as to whether
Binding corporate rules: context of the activities of there is an infringement
Personal data protection establishments in more of this Regulation, or
policies which are adhered to than one Member State of a whether envisaged action
by a controller or processor controller or processor in the in relation to the controller
established on the territory of Union where the controller or processor complies with
a Member State for transfers or processor is established in this Regulation, which
or a set of transfers of more than one Member State clearly demonstrates the
personal data to a controller Processing of personal data significance of the risks posed
or processor in one or more which takes place in the by the draft decision about
third countries within a context of the activities of the fundamental rights and
group of undertakings, or a single establishment of freedoms of data subjects
group of enterprises engaged a controller or processor and, where applicable, the
in a joint economic activity. in the Union but which free flow of personal data
substantially affects or is within the Union.
likely to substantially affect
data subjects in more than
one Member State.

Pierre Dewez

With 18 years of extensive experience in the field of information technologies, the CEO of PECB Europe
and Altirian, Pierre is an acknowledged senior expert in Information Security, Compliance, and IT Risk
Management and an active member in the JTC1/sc27 committee in Luxembourg. He is the Lead Auditor for
Management Systems about Quality, Information Security, IT Service Management, and Business Continuity,
an advisor in IT Risk Management for many Financial, Insurance and Service Delivery companies in Belgium,
Germany, France, Luxembourg, Switzerland, The Netherlands, and Canada.

A trainer and author of various articles in Information Security Audits, Business Continuity Governance,
and IT Service Management, Pierre is also an international ISMS and risk management expert extending his
contribution to the elaboration of recommendations intended to improve the contents and the relevance of
international standards in the current market.

Kirian Bosch Moline

With a master degree in Auditing, Security, Governance and ICT Law in The Autonomous University of
Madrid and experience in the Institute of Audit & IT-Governance as a Consultant in providing assurance and
consulting services related to IT governance, risk management, compliance and information security, today he
shares his knowledge and passion as a co-author at PECB Insights.

28 | PECB Insights / June, 2017

Your companys
Data security for
your company
and GDPR
What are the
Be.wan invites you for a quick,
understandable and pragmatic
presentation on: General Data
Protection Regulation (GDPR) issues.

Solutions that are field-proven

to secure sensitive data within

June 22, 2017.

Ferme de Mont-Saint-Jean -
Chausse de 
Charleroi, 591- 1410 Waterloo.

Due to limited availability of places,

early registration by e-mail to
advice@bewan.be is highly
encouraged to ensure your
Interview with
Brian Henry

The Caridon Group is a company offering business

solutions in Governance, Risk and Compliance
Business Continuity Management, Contract
Lifecycle and Risk Management, Project
Management, Knowledge Management,
Change Management, Training, Certification,
Mentoring and Coaching. Headquartered
in Bicton, Austraila, The Caridon Group has
been founded in 1986. As a community
of skilled and experienced consultants,
they guide business owners from
conception to completion.
PECB Insights / June, 2017 | 33
You are the CEO & Owner at Caridon Business Solutions.
It must have been quite the challenge to remain there for
more than 15 years?
No not at all. Ive always wanted to have my own business and took the
plunge when I was faced with my 7th Merger / Acquisition in less than 10
years, I knew I had to take my own services and ideas to market and not
someone elses.

How do you encourage creative thinking within your
We work on an informal structure to ensure that all members of our team are
free to do what they really enjoy, provided of course it adds to the companys
values and goals. There are no limitations except that it must add value to
the services we offer -and thats a fairly wide list. I may be the CEO and owner
of the company, but in truth there are no bosses. We encourage our team
members to participate fully in setting the direction of the organisation, and
share ideas as often as we can.
We expect everyone to express their opinions and ideas with everyone for two
to ensure that we support one another, and
to get opinions and suggestions from the rest of the team and that way
the idea has always been improved.
I would encourage anyone to read the books Maverick and The Seven Day
Weekend, by Ricardo Semler. The methods they describe turn accepted
corporate business models and governance upside down in favour of the
human spirit.

How do you manage Risk in your organization?
We minimize risk through our operating model -which has until now served
us well.
As a small select group, we limit the risk by keeping everything as simple as
possible. As a consulting and training organisation, the main risks would be
financial, reputational and contractual.
Our Personnel risks are also key, but our team members are with us mainly
because they like to work with us. As the alternative saying goes: Your
34 | PECB Insights / June, 2017
company is judged by the people you keep.
We also use a self-actualization principle in that remuneration is voluntary.
That means earning are based on revenue generated. If one person acts in a
way that compromises a project then revenue is forfeit and remuneration is
lost. So, its a conscious decision by each of us to contribute.
This also applies to revenue and expenditure. Each team member is actively
involved in the invoicing and collections process.
We work from various locations so we must use collaborative tools to stay in
touch and provide information access. The cloud is excellent for storing and
sharing information, but we still must guard against the risks of the cloud,
such as hacking, data integrity and accessibility.

What is the biggest challenge facing leaders today?
Ive just heard a conversation about how traditional leadership is now so
out of touch with the knowledge, opinions and interests of the next two
generations, that there is a fatal communications failure between over-55
leaders and the Millennials for example.
Add to this the extreme almost seismic shifts in global technology that
happen every couple of months, like self-flying Uber cars, AI, Blockchain,
Brexit, The list is growing.
Keeping up with all this means having to review your paradigms almost daily.

What is the worst professional mistake you made and
what did you learn from it?
No excuses -Ive made quite a few, but perhaps the biggest was introducing
people with the wrong set of principles. It caused reputational damage, and
hard earned cash with nothing to show for it. It set us back 18 months.

What is the best professional move you made and why?
I guess taking the plunge to start my own business. Its was the kind of
growth step that challenges you to find out what you are truly capable of, and
failure cant be blamed on anyone else but yourself. Conversely, one of the
most exciting events is seeing money come into your account however small
the amount, when a client agrees to pay your first invoice.

PECB Insights / June, 2017 | 35

What are the three top values/characteristics for success
and why?
Personal and corporate Integrity, because your integrity is all you have.
Compromise that and you lose everything.
Mutually beneficial relationships with interested parties -customers and
suppliers included. People dont like to do business with people they dont
trust and if they do then it becomes a win-lose relationship.
Team mutual respect and collaboration between team members. This must
be in the DNA of the organisation. There is no room for destructive politics,
gossip or brinkmanship. Its costly, slows down projects and damages, scars or
even disables relationships for a very long time afterwards.

What advice would you give someone going into a
leadership position for the first time?
Leave your EGO at home.
Have the humility to respect that your team trusts you to lead them, and you
are a leader because they chose you, not because you're superior in any way.
Your job is to encourage and enable your team to enjoy what they do and feel
that they have contributed something meaningful to their world.

What does matter the most to you?
People, enthusiasm and courage, because these will always get you out of bed
in the morning to go out and achieve great things.

36 | PECB Insights / June, 2017

PECB Insights / June, 2017 | 37
path to

The barriers faced every day from

gender inequality around the
world are vastly compromising
women advancement in leadership
positions. The role of women
in organizations is creating
tremendous value through the
balance imposed in diversity of
thinking and business solutions.

38 | PECB Insights / June, 2017

PECB Insights / June, 2017 | 39
Women Leadership and are not as flexible in practice,
as they appear to be in theory.
Stereotypes and
Though, if we question the Gender Bias
Leadership comes in various difference between women and
forms and ways and leaders men leadership, we should first Stereotypes present a very
can be defined based on their draw a line to where peoples powerful obstacle for women
personality, charisma, moral perceptions end and leadership aiming or obtaining leadership
authority, and intellectual values begin. Naturally, we may positions in all types of
contributions among others. say that men are more directive, organizations. Demographically
The power of leaders though, competitive, and autocratic dependent, these obstacles are
by definition, may be easily while women are collaborative, more visible in some countries
determined by the willingness cooperative, and democratic and less visible in others. Still,
of people to follow them. This is when they lead. However, they remain and are very difficult
merely the point where women interpersonal skills should break to change. As the most common
leaders have a downturn in many through this division of authority form of stereotyping, gender
countries around the globe. lines between genders. is hampering the efforts of
Their capabilities to drive an female authority in relation to
organization towards success To clarify, we should mention many individuals. Judging that
and people forward are often that leadership positions greatly females have a more nurturing
wrongly perceived, for this vary from one industry to the character and that this may
reason women in leadership is other. Categorizing between affect responsibility distribution
becoming an increasing issue for service industries and more upon employees, is a severely
discussion. traditional primary industries, discriminatory mindset in the
we may clearly notice women workplace. Even though in many
Even though women have governing healthcare, hospitality, cases these opinions are not
moved towards greater equality and education institutions. On revealed publicly, they can create
in both their home and the the other hand, manufacturing, bias in the decision making of
workplace, social etiquettes transport, and construction are both men and women leaders.
led by male individuals. It is not a secret that historically,
40 | PECB Insights / June, 2017
women have faced many activities. Prejudices resulting from ability of being a strong leader
barriers to climb up the ladder in bias to which female leaders face and presenting a domineering
organizations they have worked nowadays have most commonly behavior. As far as illegal
for. With uneven advancement to do with their drive to family discrimination against women
opportunities for women, care-taking responsibilities, and goes, companies still continue
businesses have had lack of their feminine attitude which is stating their gender preference for
representation in a wide scope of perceived as a trait disabling the various positions.
PECB Insights / June, 2017 | 41
The Gender
Leadership Gap Even though these changes 19%
have been very slight, we shall
Efforts to reduce the Gender- note that top positions held by
Leadership gap have been
immense in the last few years. women have increased from 2004 2015
Contributing to close this
gap in particular, all must be
willing to take a step further
and remain open in terms of
the abovementioned issues. Businesses with no women in top
Adding to it, employers must positions have decreased from

38% to 32%
also focus on fair appraisals
as well as base promotions
in productivity rather than
hard work. When evaluating
leaders, organizations often
take into account leadership
Leading positions held by women
characteristics rather than

With truly great benefits,

balancing between male
and female leaders in the
organization does not only 25% 21%
ensure diversity in the
organizational culture but also
encourages analysis from very In Latin America, businesses
different perspectives, directly with no women in top
affecting organizational positions have decreased
decision making. As leadership from 28% to 18%
styles are evolving, we are
indeed moving towards
new communication and
governance ways. Moving
away from top-down to
Senior roles held by women
bottom-up communication,
leadership has been shaping WESTERN EUROPE EASTERN EUROPE

around individuals with better

listening and comparison
activities, rather than directive

26% 35%
and narrative abilities.

Leading Role Models

Regardless of the obstacles,
women have begun to take
over leadership positions
In the European Union,
in both public or private 26% of top positions
organizations, conveying are held by women
that many parts of the world
have not just identified but

42 | PECB Insights / June, 2017 Source: Grant Thornton 2015

PECB Insights / June, 2017 | 43
have started working towards
eliminating this problem.

However, women are still

struggling to retain leading
positions and are rather
performing supportive
leadership roles in todays
organizations. Again, depending
on the industry and the region,
women leaders shall begin to
continue their challenge on
breaking through discriminatory
perceptions among them.
Mentors and role models are
having a vast impact on this
aspect. Following the success
of female leaders is positively
influencing women and
motivating them to achieve top

Some of the most powerful

women in the world, followed as
role models are:

Sheryl Sandberg Indra Nooyi Debra Hay Hampton

COO of Facebook CEO and Chairperson President of Cornerstone
of PepsiCo Engineering, Training and

Rinske Geerlings Michael C. Redmond Mary Barra

Founder, MD and Principal CEO of Redmond Worldwide CEO of General Motors
Consultant at Business As Usual

Christine Lagarde Barbro Thyr Marissa Mayer

Managing Director of the CEO and Consultant at CEO of Yahoo
International Monetary Fund CeBeLOT

social norms set historically identify the necessary changes

Recommendations to emphasize upon gender to be made and act resiliently.
differences should serve as In the meantime, speaking
Leaving aside prejudice, a starting point to challenge from the organizations side of
we shall emphasize upon the current perceptions of things, investing towards the
the abolishment of gender leadership qualities and attractiveness and favorability of
differences and social etiquettes differences between men and pursuing leading positions in the
we conduct every day towards women. While our priorities organizations should remain a
both women and men. and business environments are primary condition to achieve the
Working in contrary to the constantly evolving, we must desired diversity.

44 | PECB Insights / June, 2017

PECB Insights / June, 2017 | 45



General Manager Management
Co-Founder, President and Consultants & Auditors S.A.S
COO at PECB Bogota
Canada Colombia


Director and Head of Audit Director Consulting
Committee FAIR Canada Services at Victrix
Canada Canada

Founder of Mhari - Former CEO at PECB Europe
President of Clusif Luxembourg


REDMOND Legal Counsel at
Lead Strategic Consultant Above Security
at EFPR Group A Hitachi Group Company
United States Canada


CEO at analytica.lv CEO at PIRII Australia Pty Ltd.
Latvia Australia

Principal HSE & Risk
Director Infosec Consulting
Management Consultant
South Africa

Principal Consultant and SCOTT PERRY
Managing Director of Kaizen Principal at Scott S. Perry
Training & Management CPA, PLLC
Consultants Limited (KTMC) United States

Founder/CEO Sophies
Markets Leader, Advisory
Consulting Inc

Former Auditor General of BROUILLETTE
The City of Montreal Training Development ofcer
Canada at TS Formation


GODIN Information Security Ofcer
Techno- Pedagogue at at Bombardier Aerospace
Pardeux Co-Founder and CEO at VoD2
Canada Canada

48 | PECB Insights / June, 2017

Founder and Senior Consultant RESTREPO ORAMAS
at Abilene Advisors CEO of Restrepo Oramas SAS
Switzerland Colombia


CHAMPOUX-PAILL Chief Audit Ofcer
Director Sainte-Justine
at PECB Europe
Hospital and CHUM


CEO, Information / Application
Managing Director at
Security Senior Advisor at
Business As Usual
Cogentas Canada


Managing Director CEO at Parabellum
at Parker Solutions Group Cybersecurity Services
United Kingdom Sweden

MATHIEU LACHANE Security of Computer Systems
Founder and CEO at Ubios Professor at Universit du
Canada Qubec Montral (UQAM)


Senior Advisor and
Owner and CEO, Project Director at
Decker Consulting GmbH Gestion Jean Bourdeau inc
Switzerland Canada


Former general auditor of
Chief Information Security
Quebec; Fellow of the CPA
Ofcer at Socit de transport
(Chartered Professional
de Montral (STM)
Accountants) Order


Founder, Cyber Security CEO / President at
Researcher & Consultant iCertWorks, SecuraStar
at StreamScan inc. and ISO Manager Software
Canada United States


CISO at CENTIRO Solutions AB Partner at INOSERV
Sweden Portugal

PECB Insights / June, 2017 | 49
There are many skills that
you can take advantage
of while attending a
conference. However, you
can take advantage of and
benefit from much more if
you choose to attend Pre-
conference Training Courses.
50 | PECB Insights / June, 2017
PECB Insights / June, 2017 | 51
The value of effective representation of
company values through
build upon your analytical
approaches and reveal unknown
Pre-Conference employees in these events needs potential solutions to problems.
to definitely be considered.
From the individual perspective, it Why should we
Conference organizers have
made a great effort to expand
is an exceptional benefit to expand
knowledge while adding different
the value of the pre-conference problem solving alternatives on Depending on how the Pre-
trainings by significantly your day-to-day activities and Conference Trainings match
focusing their efforts on concerns. Being able to gather first your interests, it will be a great
advancing the skills and hand exclusive information at an opportunity to work towards
competencies of participates. intensive learning environment expanding the knowledge base
The value of Pre-Conference is surely what makes the Pre- about one topic or another.
Training courses is multilateral. If Conference Training courses In terms of career goals, Pre-
we look at it from the employers great. Different from familiarizing Conference Trainings do provide
perspective, enabling attendance individuals to best practices, knowledge validation through
of employees to various Pre- this event also serves as a great certification. Hence, various
Conference Training sessions will opportunity to socialize with certifications through exams give
indeed represent an outstanding individuals sharing the same great advantage to ones career.
effort to develop their talent interests. Meeting with like- Moreover, learning in a new
within the organization. Also, minded individuals will certainly

52 | PECB Insights / June, 2017

environment will definitely bring
fresh thinking and new creative
What to expect? to mention as one of the
most productive aspects of
ideas that we sometimes be the training. Arguments from
As intensive as it may sound, the
missed in our daily 9-to-5 jobs. all sorts raise questions and
Pre-Conference environment
reveal a lot of actual problems
gathers a lot of professionals
New ways of working can also be for which you will have the
with various backgrounds but
figured out to increase efficiency possibility of either being
with the same interests in self-
on your daily activities. Also, you instructed with or directed to
development. More importantly,
will be exposed to hands-on and solutions. Consulting with other
it gives you the chance to meet
very specific information in your members of the group that
people in a very exciting mood
industry. This will unquestionably come from different industries,
and positive energy for business
be subject to facilitate your backgrounds, professions,
development and networking.
approaches and get greater focus and cultures, and with the
Interaction in such a professional
on how you can advance your instructor on excessive topics is
community becomes very
business. not something you are exposed
interesting in terms of the ways
to in your everyday lives. After
one can cooperate with another
Investing in your-self through all, focusing on getting the
to aid on business growth.
Pre-Conference Training courses most out of a specific topic
will be worth it in both the short for a few days will turn into a
and long run of your career In such an open setting, group great source of professional
development. discussions are also mandatory fulfillment.
PECB Insights / June, 2017 | 53
solutions to complex problems. both organizational performance
Professional fulfillment is another and societal development in
Maximizing the very important aspect, helping a large scale, the skills and
benefits to pursue career development.
Getting expert knowledge
knowledge are certainly going
to be passed upon the other
With all these benefits lined- and obtaining professional members of your working group
up, we should really get the certifications is becoming a in the organization. From the
feeling of what will happen mandatory requirement in many employers side, the need to raise
next. Maximizing the benefits countries of the world for a performance bars is mandatory
delivered by a Pre-Conference wide range of industries. Many to establish a resilient culture in
Training can occur in numerous industry and governmental pursuit of the company's vision.
ways. Again, lets take a look regulations have been
at this scenario from two emphasizing upon the necessity In the meantime, let's
sides. Individually, apart from of validated professional experience an entertaining and
professional development and competencies to carry on distinguished event. Attendance
certification, we will have a spark with compliance to numerous to such trainings is very
of creativity leading to incredible frameworks. Directly affecting adventurous.

54 | PECB Insights / June, 2017

PECB Insights / June, 2017 | 55
Pre-Conference T

Graeme Parker
Managing Director at Parker Solutions Group
ISO 37001 Foundation Anti-Bribery
Management Systems
Delivered in English

Jean-Philippe Jouas
Founder of Mhari - Former President of Clusif
Risk Assessment with MEHARI Method
Delivered in French

Montreal, Canada
56 | PECB Insights / June, 2017
Training Sessions

Anders Carlstedt
CEO at Parabellum Cybersecurity Services
Cyber Security Audit Foundation
Delivered in English

Serge Barbeau
Senior Advisor and Project Director
at Gestion Jean Bourdeau inc.
ISO 37001 Foundation Anti-Bribery Management Systems
Delivered in French

June 27th & 28th,2017

PECB Insights / June, 2017 | 57
60 | PECB Insights / June, 2017
A Revolution of
the Conventional
Payment System
PECB Insights / June, 2017 | 61
The Rise of Bitcoin in a different way. This system
maintains the identity of its
party to another without the
involvement of a financial
users anonymous or shielded institution. The users can make
Bitcoin is a digital payment
by pseudonyms under a transactions via a bitcoin wallet,
system, which was developed
decentralized system where which is a downloadable app
by an anonymous programmer
no one is in charge, neither the on both computers and mobile
or group of programmers who
governments nor the banks, nor devices. These transactions are
identify under the name of
Nakamoto. stored in a public ledger known
Satoshi Nakamoto. Even though
as a blockchain, where the
the origin of bitcoins remains
Bitcoin is a system of peer-to- entire bitcoin network relies.
ambiguous, bitcoin emerged
peer networking which uses Blockchain can either be private
as a cryptocurrency, in which
instant and private transactions. with restricted membership
strong algorithm encryptions
This enables users to make or public, thus reachable to
were used to secure transactions
direct payments from one anyone.



Transactions Are
Broadcast to the Network Miners Create a Block and
Include Transactions

BLOCKCHAIN WORKS Miner Solves Puzzle And
Creates A Proof of Work

Miners Verify The Miner Solves Puzzle And Gets A
Proof Of Work Proof Of Work in which miners use
their computing power to validate
and record transactions into a
public ledger

Successful Miner Broadcasts

Its Proof Of Work To The
Other Miners

The Bitcoin Game common analogies that can be

related to bitcoin mining is gold
known as block chain.
To begin the mining process,
mining. Similar to other metal the computers are given a
In the traditional banking supplies in the world, there is complex mathematical problem
system, central banks print a limited amount of bitcoins to solve every ten minutes,
or issue money based on the available for the potential which results in generating
corresponding economic users, namely 21 million. a block that contains the
needs. However, this is not the Bitcoin mining is the process of latest transaction data. Each
case with bitcoins. Bitcoins validating the current bitcoin one of these created blocks,
are generated through a transactions, known as blocks, contains a hash of the previous
more complex system known and adding them to the record block and is placed in a linear
as mining. One of the most of previous block transactions, chronological order and stored
62 | PECB Insights / June, 2017
in the database permanently. A anonymously and not be many countries have passed
hash is simply a mathematical backed by any governmental laws which limit the use of
algorithm that takes an input authority, bitcoin has proven bitcoin under a certain legal
and converts it into an output. to be a major concern for many framework. In 2013, Silk Road,
Bitcoin miners will compete law enforcers and regulators. a secret marketplace for illegal
to solve these mathematical The primary concern related products and services in the
problems and whoever solves to bitcoin is its potential for deep web, was targeted and
the puzzle first, gets to put the money laundering and other shut down by the FBI. One
block on the block chain, and illicit activities. Due to the could purchase anything from
earns bitcoins as a reward. ease of transferring money drugs to firearms without
between countries without being traced. Bitcoin was the
any prior monitoring, money only acceptable payment on
Legality laundering presents a key legal Silk Road. After the FBI shut
issue. Provided that bitcoin down their website, they seized
Bitcoin has been a offers the simplicity of moving around $3,6 million worth of
revolutionary internet-wide money without having to go bitcoins, which is considered
payment system, which has through a central authority, as the largest seizure of bitcoin
become a matter of great it has been highly praised by to date. Stories like that of
public interest and as its criminals who perform illegal Silk Road associate bitcoins
popularity increased, the transactions without leaving with illegal activity. However,
debate as to whether it is any trace. However, given the whether illegal or not, bitcoins
legal or not has intensified. bitcoins popularity among have grabbed the publics
Given its ability to be used these notorious groups, attention so far.

PECB Insights / June, 2017 | 63

Bitcoin Governing financial system with the currency that undermines
purpose of increasing efficiency, the consolidated behavior
without direct state control and of government and central
governance consistency with governmental banks. Further, bitcoin provides
planning. However, the an antagonist standpoint of
Ever since the payment system appearance of a digital currency, the centralized system, in
has taken the lead in the world particularly bitcoins in 2009, has terms of governing without
financial system as a medium revolutionized the traditional governments, indicating a
of exchange, it has undergone economic philosophy of shift of political resources
major challenges in regards centralized financial systems, while relying heavily on
to the government economic whereby the central bank i.e., technology. Indeed, bitcoins are
policies and other financial the US Federal Reserve Bank, not controlled by any central
institutions requirements. has direct control over other authority institution; they are
Generally speaking, the financial institutions. Thus, the rather defined by the bitcoin
payment system has taken bitcoin falls under the right wing protocol, implying the fixed
different forms from large of libertarianism values, which rate of money supply in the
circle stones, cattle, metal aim at downsizing the control market. In addition, bitcoins
coins, and leather money of governments on the state do not serve as the lender of
to modern coins, paper economy. last resort or pose any future
currency, credit cards and risk of hyperinflation in the
digital currency. Considering In other words, Bitcoin represents market; however, there is a risk
the latest financial crises, it a modern decentralized digital of hyper deflation at the later
is not unusual to witness the
emergence of alternative
payment systems, aimed
to facilitate the exchange
of goods and services and
establish a payment system
that is acceptable by the

The principles of governments

and financial institutions
are tightly linked with the
centralized concepts and
approaches. Since the
medieval times, governments
have supported and reinforced
the idea of a centralized

64 | PECB Insights / June, 2017

stages of bitcoin evolution. In Bitcoin Ups and Downs
addition, bitcoins are highly
volatile because there is a limited The price of bitcoins is highly volatile and there is no centralized
amount of bitcoin supply, while exchange for it. Since its conception in 2009, bitcoins price has
the demand increases on a daily increased tremendously compared to its initial price of below $0.14.
basis. As the currency gained a viral traction, its high demand relative to
its limited supply, caused an upward shift in its price until it reached
The bitcoin governance is dollar parity, meaning it hit a $1.06 per bitcoin.
mainly based on the blockchain;
whereby the interaction Market Price (USD)
between technology, computers 2,500
source: blockchain.info

and people involved in the

communication network
occurs. The public blockchain 1,500

is an independent system
of communication, where
the rules and incentives are 500

established on the general

Jul 15 Sep 15 Nov 15 Jan 16 Mar 16 May 16 Jul 16 Sep 16 Nov 16 Jan 17 Mar 17 May 17
agreements among users in
the bitcoin network. There is
no intermediary in the chain Seeing its growth potential, numerous magazines wrote about this
network of communication new cryptocurrency causing its price to rise up to $9 per bitcoin. In
between bitcoin users. 2011, the market value for all bitcoins in circulation was around $130
In November 2016, the Bank of million. However, as bitcoins price was constantly rising, disturbing
International Settlements (BIS) events began to bedevil its popularity. Some users started claiming
has questioned the ability of that substantial amounts of bitcoins had been stolen from their
banks to exert control over the computers stimulating a massive sell-off, thus lowering the price of
world economy, considering that bitcoin. Provided this massive fall, the market forces conspired to
this may put the power of central prevent the scheme. The speculators flocked to take advantage of
bank institutions at risk. such low prices causing an immediate increase in the price of bitcoin.

In addition, the decentralized Bitcoins in circulation

system of bitcoins has 16,500,000
source: blockchain.info

transformed the conventional

structure of centralized
systems regarding the lack of 15,500,000

restrictions in international 15,000,000

money transactions, inexistent

transaction fees, completely
transparent and quick transfers Jul 15 Sep 15 Nov 15 Jan 16 Mar 16 May 16 Jul 16 Sep 16 Nov 16 Jan 17 Mar 17 May 17

at the users convenience. In

terms of security, bitcoin is The price of bitcoin has been subject to major ups and downs and
based on the premises of an as its supply is being soared, the demand for bitcoin is constantly
encrypted structure aimed exceeding its supply. Analyzing bitcoin trends throughout years,
at emphasizing the role of it can be noticed that bitcoin has moved from a stage of sin
cryptocurrencies in the world enterprises to a steeper progression of legitimate enterprises. The
financial system and ensuring increase in the number of bitcoin ATMs from 538 in January to 838
a safety economic culture. in November 2016, shows that the price of bitcoin is expected to
Nevertheless, it is to be seen increase to $3000, a peak that has not been reached so far.
how governments and central
bank institutions cope with
cryptocurrencies in the near

PECB Insights / June, 2017 | 65

The impact of Bitcoins in the reduction of financial instabilities and inflation risks.
Recently, the Prime Minister of Malta, Joseph Muscat
Global Economy has stated for Malta Profile that other European
regulators may be wary of the new technology,
Is the current global economy moving towards a but the fact is that its coming. We must be on the
digital-based economy? Truly, thats uncertain. There frontline in embracing this crucial innovation. We
is an ongoing debate between the supporters and must be the ones that others copy, and Europe
opponents of the digital-based economy, in regards should be the bitcoin Continent.
to the role and impact of cryptocurrencies in the
world economy. The supporters of the digital-based The direct impact of bitcoins in the global economy
economy argue that cryptocurrency is the greatest is related to the payment system, in regards to
innovation in the economic system because of the improvement of efficiency in the international
its decentralized nature of operation that implies transaction system, emphasizing self-independence,
profound changes in the state economic policies, built-in scarcity and increased security.

66 | PECB Insights / June, 2017

Unlike, the conventional pull payment system, first quarter of 2017, the transaction volume
bitcoins denote to the push payment system of bitcoins was $260 million or $180,000 per
where the transaction is initiated from the minute according to the Blockchain Luxembourg
payers side to the payees side. Moreover, S.A.R.L. This volume of transactions indicates a
the high interest rates of 9% in international growth in international financial transactions,
banking transactions have affected most of and an increase in interactions and usability
the business and individuals involved in the among different profile users. More than 75,000
working force. However, bitcoin generates lower merchants, including Etsy, Dell Computers,
transaction fees, rarely to 1% of its transaction Expedia, Zynga, WordPress, Overstock, Amazon
value; providing a signal of improvement in the and Microsoft have started to accept bitcoins in
transaction system, while encouraging individuals exchange for their goods and services. Perhaps,
to embrace digital currencies. in the near future bitcoins could become a
Nowadays, the trend of bitcoins has surpassed genuine payment system that will be accepted by
its planned limits of expansion, whereby in the business, customers and the society.

PECB Insights / June, 2017 | 67




In the last years, our world has developing world, organizations

changed a lot. Somehow, this are facing significant difficulties
strongly globalized modern in managing efficiently their
world with rapid economic and businesses and the struggle
social changes is creating new to become more successful is
challenges in our lives. In this increasing every day.

68 | PECB Insights / June, 2017

Miami Beach, Florida

More than ever, leading need to be certified against measured independently using
organizations are constantly internationally recognized capable auditors with experience
improving their business standards and comply with and knowledge regarding the
processes and operations its requirements. Not only to benefits and advantages that
through the implementation distinguish themselves from business can achieve through
of internationally recognized competitors, improve their proper implementation of
standards to achieve their operational performance standards.
objectives and enhance or to assure clients of their
customer satisfaction. Businesses credibility; but in many highly Auditing ensures that businesses
today need comprehensive regulated sectors Management manage their key processes
controls in order to accomplish Systems Certification are not in a comprehensive and
their legal responsibilities, meet optional anymore but extremely effective way through analysis,
their ambitions for growth in demanding. However, gaining a evaluation and review. As
profitability and quality, or certification alone is not enough. a fast growing field, thanks
demonstrate discipline across An essential part of the to rigorous governance and
an organization. Being that our management system is the audit, regulatory requirements,
society is moving towards a which enables the company or auditing offers a surprising
zero risk tolerance, benefits of organization to demonstrate its variety of job opportunities.
international standards extend achievements, the competence Working independently and
from organizations internal of management and how they traveling around the world
benefits to the socio-economic meet their objectives while while conducting audits against
global development. showing conformity to the nationally and internationally
standards. To ensure that a recognized standards is just one
Regardless the size or company is operating correctly, of many extraordinary benefits
complexity, organizations today Management Systems are best of being an auditor.

PECB Insights / June, 2017 | 69

As the demands for Management This remarkable event experience and programs for conducting MS
Systems Certification are in empowers professionals and audits based on with best-known
place, PECB has established an leaders from around the world practices including ISO 19011, ISO
excellent detailed Management to unfold their full professional 17021-1 as well as the Generally
Systems Certification program potential and achieve worldwide Accepted Audit Standards (GAAS).
so companies can reach the recognized certification. Likewise, Not only did attendees learn how
highest level of performance, the event allowed participates to enhance, plan and execute
meet customer expectations to gain the confidence to start audits across organizations, they
and emphasize continual or advance a career in auditing also had the chance to share their
improvement. Following the management systems, develop knowledge, ideas and experience
necessary changes in improving risk-based thinking and create with one another while relaxing in
the certification process, PECB network opportunities with a beautiful environment.
has decided that the minimal successful experts. During this
requirement for someone to event, the participants had the It is the overall objective of PECB
perform Accredited Management chance to explore the beauty of an to help professionals expand their
Systems Audits for PECB is to amazing tropical city like Miami, educational capacity in various
successfully pass the Advanced its exclusive beaches, amazing fields and provide them with the
Audit Techniques exam, which cuisine options, classy culture, and knowledge to build an outstanding
is a requirement to obtain the fascinating sunset which happens career while having fun traveling
formal certification. The aim to be one of the most magical to different places. The ticket to a
of requiring this additional experiences, known as the golden successful career is being part of
certification is to make sure that hour. the PECB Certified MS auditors
PECB MS Auditors sharpen their network as it will open a world
auditing techniques to effectively Spread over several days, this of opportunity for individuals
perform audits and not only to intensive training course event and allow them to demonstrate
meet minimal requirements, but improves the auditors knowledge credibility and professionalism
exceed them. on how to manage audit teams within the business world.
70 | PECB Insights / June, 2017
Upcoming Events

Lagos, Nigeria Dubai, United Arab Emirates

September 18 to 20, 2017 October 30 to November 1, 2017
events@pecb.com events@pecb.com

San Francisco, California Petaling Jaya, Malaysia

October, 2017 November 13 to 16, 2017
support@pecbnorthamerica.com southeast-asia@pecb.com

PECB Insights / June, 2017 | 71

72 | PECB Insights / June, 2017
Managing Director at PECB Nordics

What methodologies do you use to prepare and teach a curriculum?

To prepare I try to look at the material and ask myself is this something that can be
applied or of use if I was a student participating in this course? I then address this by
making sure I can explain in detail any area from a practitioners perspective.

Which subject do you teach more often? What are the advantages of the
mentioned training course?

I teach primarily risk, information and IT-security courses as well as MS Audit courses.
It provides the participant with a solution Platform and help students both get the
whole picture as well as detailed info on activities paired with the input on hands-on
experience from an internationally recognized expert in these areas.

Can you tell us about a time your training didnt have the good results you
expected. What happened and what did you learn?

This was a long time ago, about twenty years or so. A consulting company hired me to do a
course on a specific subject and then sold it as a different product to their clients. Needless
to say not all students were entirely happy... To make it work with the right partners.

If your students were asking you irrelevant questions, what would you do to
keep the training course on topic?

I simply tell them that it's unfortunately off topic but that I am happy to discuss it in the
next break.

People learn in different ways and with varying speeds. How would you ensure
everyone in your program develops their skills?

By always asking for feedback on speed, tone, focus, technique etc. and also using
various approaches to addressing the topic. Some people learn well by simply attending
lectures, other by participating in group exercises or by asking questions.

How do you engage students in a training course?

For example by trying to relate to the real world by relating to examples and war stories
and asking them about their experiences.

What advice would you give to new trainers in enhancing their training

Prepare before and make time to have students have their say on relevant topics.
PECB Insights / June, 2017 | 73
First as an Anthropology part of traveling that makes all a bit, discover great places
student, then later as the CEO of the less pleasant sides worth it: through the words of someone
PECB, my functions took me to discovering new food, meeting else, and perhaps find our next
travel all over the world. While in fantastic people, visiting vacation spot. So I will begin.
the eyes of some, the unknown majestic sites. These are the
is what gives value to traveling, three reasons (not necessarily in Favorite Hotels
theres always a part of it that I order) why I travel: food, people
hate: the scrutiny of customs, the and sites.
I cant say that this is the
uncertainty of flight schedules
best hotel Ive visited, but it
and connections, airplane food, Im delighted to introduce this
is definitely one of the most
not being able to bring all my new PECB Insights chronic. We
memorable stay I had: the
personal items There are many invite a PECB partner, trainer,
Renaissance Tuscany il Ciocco
uncontrollable factors that can auditor, client or friend, to write
Resort & Spa. In January
destroy even the best laid plans: about some of the best hotels
2015, PECB organized its
an overzealous custom agent, he or she has visited, and their
annual partner event at this
a distant storm, a computer favorite spots or countries. The
location. This hotel is located
glitch And then, there is that goal of this chronic is to relax
in the Serchio Valley, a valley

76 | PECB Insights / June, 2017

was for an Archaeological dig
in Trujillo, in the North of Peru.
I spent one month digging a
buried city located in the desert
between two pyramids. The
second time was to discover
the archaeological wonders of
the South of Peru. This is when
I discovered Machu Pichu, one
of the most photogenic sites
in the world. Located in the
mountains, the spectacular
site offers you the luxury of
leaving all the beliefs and
certainties home, and viewing
all you assumed you knew, in
a different light. We walked for
three days in the mountains of
Peru to get there, but next time
in Tuscany surrounded by a a bus to take us to some local Ill take the train.
countryside road and medieval restaurants. One of these
villages. restaurants was Scacciaguai in Im going to Peru a third time,
Barga, a village near the hotel. in January 2018. Im delighted
It was January, and thus a bit The food was spectacular, both to inform you all that PECB will
chilly, but the morning fog in quality and quantity. We ate be hosting its annual winter
over the Tuscan hills made the and drank for three hours, and, event in Cuzco, Peru. Cuzco was
view look magical and surreal. indeed, this remains one of the the sacred capital of the Inca
The service was exceptional most memorable meals I ever Empire. It is a UNESCO World
as staff went over their heads had in my life. Very few of us Heritage Site and a good base
to help us. The food was very could walk straight afterwards. to visit Machu Pichu.
impressive as well. We had The Renaissance Tuscany is,
an unforgettable event there. therefore, one of those places So I hope to see you in Cuzco.
During the evening, we rented where I know I will go back. Were going to have a great
Favorite Country

Ive had the privilege of

discovering many countries
and many realities, but Peru
will always hold a special place
in my heart: exquisite cuisine,
spectacular archaeological
sites and amazing people.
Peru is one of those rare places
where you can eat well in any
restaurant. Peruvian cuisine is
one of the unknown wonders
of the world, both delicious and
extremely varied.

Ive been to Peru twice while I Eric Lachapelle

was an Anthropology student. Co-Founder, Chief Executive Officer
The first time Ive been there at PECB
PECB Insights / June, 2017 | 77
in Peru
With Lima as its capital, Peru is located in South America and
inhibits 32 million people. It is an undeniable fact that its historical
and cultural values have added much to the picturesque views
while attracting many tourists from all over the world. In terms of
business, this makes the country even more attractive. However,
we all can agree that we shall also take a look at the other side of
the story.

78 | PECB Insights / June, 2017

PECB Insights / June, 2017 | 79
Succeeding in business in Peru, we must first try to understand some aspects of the country and how people
actually behave in their daily routines. Typically, Peruvians are not very prone to accepting new ways of doing
things and known to be as aggressive negotiators. Business there has to be done in person.

Population Religion
30.9 million Freedom of religion
Urban: 75.7% Principally Roman Catholic
Rural: 24.3%
Area Rangers from tropical in the Amazon Region to
1,285,215.60 km2 dry along the Coast. Temperate to very cold in the

Time Zone
GMT-5 (five hours behind Greenwich Mean Time).
Nueco Sol (S/.)
There is no daylight saving time, and there is only
S/.1 = US$ 0.357 one time zone throughout the entire country.
US$1 = S/. 2.80
Natural Resources
Principal Languages Gold, copper, silver, zinc, lead, hydrocarbons,
Spanish / Quechua / Aymara fishing, phosphates, and agricultural products

* Interbank exchange rate as of december 31, 2013

Source: Central Reserve Bank of Peru (BCRP) / International monetary Fund (IMF)
80 | PECB Insights / June, 2017
Country Overview
Peru is governed by a democratic republic
through a multi-party system. According to their
constitution, their president is the Head of State
and Government. Being one of the regions fastest
growing economies, Peru has managed to decrease
its poverty rates from 45.5% in 2005 to 19.3% in
2015. Their large mining exports have succeeded
to increase the countrys GDP levels and contribute
vastly to their economic growth during 2016. In
fact, Peru is considered to have one of the fastest
growing economies in the world. Rich in copper,
silver, lead, zinc, oil and gold, the government
encourages their exploitation by foreign investors.
Currently, the president of Peru Is Pedro Pablo
Kuczynski, and has been elected in 2016.

Perus Specific Advantages

Having a territory of 128 million hectares, its

territory ranks second across South America.
Dividing this land in terms of resources, 8 million
of these hectares have the potential to grow
agricultural crops, 18 million are filled with
pastures, 19 million hectares count for sustainable
forestry activities, whereas, 54 other million
hectares accommodate Perus natural resources.
The highlands of Peru, more specifically the Andes,
are very rich in minerals. Peru is also the country
where the Amazon, the longest and mightiest river
in the world, is.

PECB Insights / June, 2017 | 81

The Amazon rainforest, counts for 59% of their Bilateral agreements:
national territory while inhibiting 12% of their
population. In this part of the country, you will Canada
find hot tropical weather with plenty of rain. The Chile
highlands are characterized as having a dry weather China
with huge variations during the day. Though, Perus Costa Rica
coast, counts for 11% of their national territory Cuba
while accommodating 52% of the population, European Union
concentrating the population density across the Japan
coastal line. Mexico
Free Trade Agreements (FTAs) Signed by Peru Singapore
include: South Korea
Andean Community of Nations (CAN) United States
Asia Pacific Economic Cooperation (APEC) Venezuela
Peru Chile Free Trade Agreement (FTA) Perus Export Goods
Peru China Free Trade Agreement (FTA)
Peru - European Union (EU) Free Trade Known for their mineral richness, Peru is a very
Agreement (FTA) large exporter of Copper Ore, Gold, Refined
Peru Japan Free Trade Agreement (FTA) Petroleum, Zinc, Lead Ore, and Refined Copper;
Peru MERCOSUR Economic Complementation finding application in a variety of industries
Agreement (ACE) across the world. Besides, Peru exports a
Peru - Mexico Trade Integration Agreement substantial amount of grapes, coffee, and pellets,
Peru - Singapore and Peru Thailand Free Trade tropical fruits, and mollusks.
Agreements (FTAs) Peru exports its products in a variety of countries.
Peru - South Korea Free Trade Agreement (FTA) Specifically, 21% of their exports go to China,
Peru - United States Trade Promotion Act while 15% shipped to the United States, and 7%
World Trade Organization (WTO) freight to Canada. Made possible from their free
Future Agreements (Between Turkey and Peru) trade agreements, Peru also exports to Europe;
82 | PECB Insights / June, 2017
Switzerland 8%, Spain 3.3%, Germany 2.8% and Lucrative Business Environment
Netherlands 2.5%. Certainly, part of their exports Peru has a very lucrative business environment in
goes to their neighboring countries such as; terms of Mining and Manufacturing sectors of the
Brazil (3.4%), Chile (3.1%), Colombia 2.6%. economy. However, these being the main sectors
of economic development expose Peru to risk
Importing from Peru because of the fluctuation of demand and prices
of commodities. Ease of doing business in Latin
In contrary, Peru imports more expensive America, according to the World Bank (http://
and advanced products such as Electronic www.doingbusiness.org/rankings), ranks Peru as
and Broadcasting equipment, Computers, the third country with a great environment to start
Video Displays, Construction Vehicles, Refined up a business and operate it as a local firm. Yet,
Petroleum, Crude Petroleum, Cars, Delivery this has not contributed much towards attracting
Trucks, Medicaments, and Rubber Tires among Foreign Direct Investment to the country.
others. Hence, there is a great opportunity However, with its great development and
for exporting these goods from your country increasing income of Peruvians, marketing and
to Peru. With their GDP rising, and economy exporting various products to Peru should fulfill
blooming, Peru shall also be prone to accept the need for various technological products.
investments on luxury goods in the near future. Besides, most of the Peruvians are young. The
Following trade agreements, Peru accepts their median age in Peru, being 28 years old, leaves
goods mostly from China, United States, Brazil, us to think that Peruvians may be very prone to
Mexico, Canada, South Korea, Chile, Colombia, professional and career development; opening
Germany, and India among others. opportunities for various training and educational
institutions to enter Peru.

PECB Insights / June, 2017 | 83


Check out our new and improved www.pecb.com to find the information you
are looking for.

We have created a modern new-look design with new functionalities, technical

improvements to provide our visitors an easier way to find useful information
about our services.

Available in: Faster

English User-Friendly Navigation

French Aesthetically Pleasing







86 | PECB Insights / June, 2017



PECB Insights / June, 2017 | 87



New Courses
ISO 45001 Foundation Updated Courses
Certied Data Protection Ofcer ISO 21500 Lead Project Manager

PECB Certied ISO 27799

ISO 17025 Lead Implementer
PECB Certied ISO 19600

88 | PECB Insights / June, 2017

The latest courses offered by PECB are
developed to push forward the high
quality of education provided. In this
respect, we assure the continuity of
efforts to developing new courses and
maintain a continuous improvement
attitude. Facilitating the distinct materials
of study, this spring, we have promoted
numerous changes and will continue on
our personalization voyage.

New Courses Updated Courses
ISO 31000 Lead Risk Manager
ISO 22222 Lead Manager

ISO 9001 Lead Auditor

Six Sigma Yellow Belt

ISO 9001 Lead Implementer

ISO 27001 Internal Auditor

ISO 27001 Lead Implementer

ISO 27005 Lead Risk Manager

ISO 22301 Lead Implementer

ISO 45001 Lead Implementer

ISO 45001 Lead Auditor ISO 14001 Lead Implementer

ISO 14001 Lead Auditor

PECB Insights / June, 2017 | 89

Supervise Compliance with
GDPR - General Data
Protection Regulation

Be a PECB Certified
Data Protection Officer

Contact us at
Connect the dots, capture
the bigger picture!

When Standards Matter...