Risk and Control Self-Assessment (RCSA)

Course Description

Risk and control self-assessment (RCSA) involves identifying, recording and assessing the risks that

an organisation may encounter, as well as the controls in place to contain them. It covers several steps, from identifying the risks to which an organisation or business may be exposed to escalating and taking follow-up action and identifying ongoing issues that affect risks. This course explains what an RCSA is and how to construct, use and report on it

Who is this training for?

You should complete this course if you are involved in a compliance or risk management function in your workplace

Course Outline

Module 1 : Defining Risk and Control Self-Assessment (RCSA)

   • Objectives of RCSA

    • Components used in an RCSA

    • How the RCSA fits into the risk management framework

Module 2 : RCSA Inputs – Risks, Control, Scales

    • Identifying and recording risks in a register

    • What are risk controls?

    • Recording controls and building a control library

    • Developing control effectiveness scales

Module 3 : RCSA Processes

   • Assessing risks

   • Assessing the effectiveness of risk controls

   • Approaches to self-assessing risk levels

Module 4 : RCSA Outputs – Reporting and Follow-up Process

   • Reporting risks

   • Notifying and escalating report information

   • Using reports and taking action

Proliferation Financing Awareness Training

Course Description

Stakeholders in the financial sector need to understand Proliferation Financing and its consequences

The proliferation of weapons of mass destruction (WMD), including their means of delivery, is a significant threat to global security. Proliferation and its financing are quickly evolving as threat actors find innovative ways of disguising the funding using complex web structures.

This single-module course introduces staff to the concept of Proliferation Financing (PF) and then develops their understanding of how PF works, how it is developing, and the threat it poses to the world. It makes clear how PF differs from money laundering, and how financial services businesses in all countries can be exposed to the risk of having their systems misused to facilitate PF. It contains details on the problems posed by dual use goods.

The lesson provides practical tips and examples to assist in identifying transactions that should be subjected to closer examination. These practical examples empower employees to act in line with their legal and ethical obligations.

Who should do this training?

This course is suitable for customer-facing staff, their managers, and other operational staff who deal with financial transactions.

Download the course outline here

Specialized Financial Economic Crime Training

GRC Solutions is thrilled to collaborate with leading financial crime advisory firm, i-KYC, pairing their premium content library with our award-winning Salt Learning technologies to improve your approach to addressing Financial Economic Crime (FEC).

Course Outline

  • What is Proliferation Financing?
  • Why is the prevention and detection of Proliferation Financing important?
  • What is the Proliferation Financing process?
  • What are the high risk countries for Proliferation Financing?
  • Red flags

Privacy – New Zealand

Course Description

This course provides training on dealing with personal information under the latest New Zealand Privacy law

Privacy is one of the biggest issues a business faces; it affects them when dealing with customers, suppliers and staff. Businesses need to ensure their staff understand what is required of them when dealing with individuals’ personal information. To ensure there are no flaws in your system, it is imperative that each and every employee understands what they can and cannot do with personal information.

In this course you and your Staff will learn all about the Information Privacy Principles. Learn what personal information is and how and when to handle, collect, retain and disclose it. Find out how to prevent a privacy or data breach from occurring and how to manage the incident if an event occurs.

Even if your business has no physical presence in New Zealand, the local privacy laws may still apply. Find out the process and regulations for managing crossborder data flows.

Scenario: Meredith is a sales representative at BargaiNZ, a national department store chain.

A customer, Roberta, has bought a stereo. Meredith offers to register Roberta’s details for the stereo warranty with the store, in case Roberta loses her receipt. Roberta seems reluctant.

Roberta: “I just think the fewer people who have my information, the better. If I give my details to an entity and they misuse it, or it gets stolen, there’s nothing I can do about it personally. Then my info is just out there and there’s nothing I can do.” 

If Roberta did give BargaiNZ her details and BargaiNZ breached privacy law with them, what could Roberta do?

Who should do this training?

The training is suitable for staff at any level of an organisation that collects, holds or uses personal information and does business in New Zealand.

It is designed to cater for a diverse audience and all levels of staff, addressing the legal content in plain language.

For more information on other GRC Solutions’ privacy training resources:

Australia

Privacy – Covering the Privacy Act and the Australian Privacy Principles

Privacy for Schools – Covering the Privacy Act and the Australian Privacy Principles as they apply to schools

Health Privacy – Health businesses collect and maintain sensitive personal information

Australia – Financial Services

Financial Services Privacy Training – covering the Privacy Act and the Australian Privacy Principles

Credit Reporting – covering the Credit Reporting Act

Health Privacy

Europe

General Data Protection Regulation – covering the GDPR – which has global implications

Singapore

Data Protection Singapore – covering the Personal Data Protection Act 2012 and also the implications of the GDPR

Malaysia

Data Protection Malaysia – covering the Personal Data Protection Act 2010 and also the implications of the GDPR

California

California Consumer Privacy Act

Course Outline

Module 1: Introducing privacy

·        What is personal information?

·        Describe the scope of privacy law in relation to New Zealand

·        Collection, storage access and correction of personal information

·        Obligations in relation to the use and disclosure of personal information

·        What to do when a data breach occurs and what penalties can be imposed for breaches of privacy law

Module 2: Collection

·        Identify when you can collect personal information

·        What sources you can use for personal information

·        Requirements for notifying individuals of collection

·        Exceptions to notification of collection

·        Describe the manner in which you can collect personal information

Module 3: Storage, access and correction

·        Explain the importance of keeping personal information secure in your role

·        Identify ways to protect and control access to personal information

·        How to handle requests for access to personal information

·        When you can refuse to grant individuals access to their personal information

·        Why and when agencies should correct personal information they hold

Module 4: Use and disclosure

·        Describe how to ensure personal information is accurate

·        Determine whether you should retain or dispose of personal information

·        Identify the limits on use and disclosure of personal information

·        In what situations you can use or disclose personal information for direct marketing

·        The prohibition on the assignment or use of unique identifiers

Module 5: Credit reporting

·        Identify the entities involved in credit reporting

·        The principles governing the management and collection of credit information

·        Circumstances in which credit reporters are permitted to use or disclose credit information

·        Your obligations relating to storing credit information, giving individuals access to personal information and making corrections

·        Outline the procedure for dealing with complaints

Privacy Compliance Training Course

Course Description

Training on privacy and recognising and dealing with information security risks and threats and the importance of a privacy policy

Product Description

Privacy breaches make headlines all the time. But while everyone thinks they know what privacy is, understanding the importance of a privacy policy and how the laws apply to our work, clients and customers is another matter

Who is this training for?

This training is designed for staff at any level within an organisation that comes in contact with private information or could be at risk of breaching privacy laws, or who need to understand the importance of a privacy policy.

Course Outline

Module 1 : Introducing privacy

    •What is personal information?

    •Types of information collected

    •How to manage personal information

    •Information use and information disclosure

    •How to store, access and correct information

Module 2 : Management and collection

    •The importance of a privacy policy

    •Assessing individuals’ right to deal with entities anonymously or pseudonymously

    •Collecting solicited personal and sensitive information

    •Dealing with unsolicited personal information

    •Notifying individuals

Module 3 : Use and disclosure

    •Primary and secondary purposes of data collection

    •When you cannot perform direct marketing

    •Requirements under other laws, codes or practice and standards

    •Ensuring compliance with privacy law by overseas recipients

    •Adopting, using or disclosing government-related identifiers

Module 4 : Storage,access and correction

    •Quality of personal information requirements

    •Data breaches

    •De-identifying or destroying personal data

    •Dealing with requests for access to personal information

    •Correcting personal information

Privacy

Course Description

This course trains staff on businesses’ obligations under the Australian Privacy Act and the Australian Privacy Principles (APPs)

Product Description

Dealing with personal information

Privacy breaches make headlines all the time. But while everyone thinks they know what privacy is, understanding how the laws apply to our work, clients and customers is another matter.

Salt Compliance Privacy training breaks down the privacy requirements into language that learners can understand, supported by a rich visual design.

The introductory module summarises the key concepts surrounding how we handle personal information at work. Subsequent modules explore the Australian Privacy Principles (APPs) in more detail. The final module focuses on
credit reporting obligations.

Scenarios and case studies appear throughout the modules, helping to place the training into vivid practical context.

The course contains a fresh look and feel that is intended to attract learners’ active engagement throughout the training, without overwhelming or distracting them from the concepts.

Who should do this training?

This training is designed for staff at any level within an organisation that comes in contact with private information or could be at risk of breaching Australian privacy laws.

It is designed to cater for a diverse audience and all levels of staff, and addresses all 13 Principles in plain language.

If your organisation has any specific privacy requirements, the Salt Privacy standard format can be customised to your individual needs. If you are in the health sector, please enquire about our Health Privacy course.

Custom courses

If your organisation has any specific privacy requirements, the Salt Privacy standard format can be customised to your individual needs. If you are in the health sector, read about Salt Health Privacy.

  • Generic course
  • Health Privacy

For more information on other GRC Solutions’ privacy training resources:

Australia

Privacy for Schools – Covering the Privacy Act and the Australian Privacy Principles as they apply to schools

Health Privacy – Health businesses collect and maintain sensitive personal information

Australia – Financial Services

Financial Services Privacy Training – covering the Privacy Act and the Australian Privacy Principles

Credit Reporting – covering the Credit Reporting Act

Health Privacy

New Zealand

Privacy – New Zealand – covering privacy in New Zealand under the 2020 updates to the law

Europe

General Data Protection Regulation – covering the GDPR – which has global implications

Singapore

Data Protection Singapore – covering the Personal Data Protection Act 2012 and also the implications of the GDPR

Malaysia

Data Protection Malaysia – covering the Personal Data Protection Act 2010 and also the implications of the GDPR

California

California Consumer Privacy Act

Course Outline

  • Module 1: Introducing privacy
  • Module 2: Management and collection
  • Module 3: Use or disclosure
  • Module 4: Storage, access and correction
  • Module 5: Credit reporting obligations

Personal Data Protection compliance training course- Singapore

Course Description

Handling personal data and personal data protection in Singapore or of people in Singapore and the importance of a privacy policy

Dealing with personal information

Privacy relates to any personal data  – whether true or not − that can identify us. We share personal data every day: in emails, text messages, photos, videos, credit cards and online banking. Modern technology has made it easy to send and store personal data. Businesses need to ensure their staff understand what is required of them when dealing with individuals’ personal information.

What is protection of Personal Data?

Privacy laws aim to protect our personal data. They are intended to ensure that organisations comply with set rules for handling this data. Any personal data that is accessed, kept or used by organisations must comply with these rules (unless an exemption applies).

What is the role of PDPA?

The Personal Data Protection Act, Singapore(PDPA) is a law that sets out the rules for handling personal data. It establishes open and fair processes for how organisations collect, use and disclose personal data, including data about their customers. Under the PDPA, any personal data stored by an organisation must be kept accurate, up-to-date and secure. The PDPA also gives individuals the right to access any personal data held about them and to ask for it to be corrected if it is wrong.

The PDPA applies to all individuals, companies, associations or bodies of persons, incorporated or unincorporated whether located in or outside Singapore.

Who is this training for?

This course is designed to cater for a diverse audience and different levels of staff in plain English. If your organisation has any specific data privacy requirements, this course can be customised to your individual needs.

For more information on other GRC Solutions’ privacy training resources:

Australia

Privacy – Covering the Privacy Act and the Australian Privacy Principles

Privacy for Schools – Covering the Privacy Act and the Australian Privacy Principles as they apply to schools

Health Privacy – Health businesses collect and maintain sensitive personal information

Australia – Financial Services

Financial Services Privacy Training – covering the Privacy Act and the Australian Privacy Principles

Credit Reporting – covering the Credit Reporting Act

New Zealand

Privacy – New Zealand – covering privacy in New Zealand under the 2020 updates to the law

Europe

General Data Protection Regulation – covering the GDPR – which has global implications

Malaysia

Data Protection Malaysia – covering the Personal Data Protection Act 2010 and also the implications of the GDPR

California

California Consumer Privacy Act

Course Outline

  • Module 1: Personal data protection
  • Module 2: Personal data protection (advanced)
  • Module 3: Do  Not Call – your rights and responsibilities (for sales and marketing staff)
  • Module 4: Preventing and responding to data breaches
  • Module 5: GDPR

 

Personal Data Protection Compliance Training Course – Malaysia

Course Description

This course provides training on the requirements for collecting and handling personal information in Malaysia

Failure to properly collect, handle and protect people’s personal information can put businesses at considerable financial and reputational risk. Malaysian and European laws impose strict requirements on businesses operating in Malaysia, and all staff need to be adequately trained to meet these requirements and understand what is required of them when dealing with individuals’ personal information.

This course covers all the areas of privacy law that are likely to be encountered by Malaysian businesses. Three modules deal with the provisions of the Malaysian Personal Data Protection Act (PDPA), which sets out the rules for collecting, storing, using, handling, anonymizing, correcting and deleting personal data. It applies to all individuals, businesses and associations that operate in Malaysia or handle the personal data of Malaysians. It covers data protection and breach notification.

The European Union General Data Protection Regulation (GDPR) contains very strict privacy protection provisions. It applies to Malaysian organisations that deal with EU citizens or with their personal data (for example, if they have a website with any of the EU languages other than English.) As the EU is Malaysia’s third largest trading partner it is crucial that Malaysian businesses understand and comply with its requirements.

The lessons in this course provide scenarios and case studies that illustrate the sorts of privacy issues that staff can expect on a daily basis, and bring the business of privacy protection to life.

The PDPA was seen as a key enabler to strengthen consumer confidence in electronic commerce and business transactions …

– Shanthi Kandiah, SK Chambers The Privacy, Data Protection and Cybersecurity Law Review – Edition 5 October 2018

Who should do this training?

The course is suitable for all staff who handle personal information. Moreover, all staff, including directors and senior managers, should be familiar with the introductory material in course one and the GDPR material in course four.

For more information on other GRC Solutions’ privacy training resources:

Australia

Privacy – Covering the Privacy Act and the Australian Privacy Principles

Privacy for Schools – Covering the Privacy Act and the Australian Privacy Principles as they apply to schools

Health Privacy – Health businesses collect and maintain sensitive personal information

Australia – Financial Services

Financial Services Privacy Training – covering the Privacy Act and the Australian Privacy Principles

Credit Reporting – covering the Credit Reporting Act

Health Privacy

New Zealand

Privacy – New Zealand – covering privacy in New Zealand under the 2020 updates to the law

Europe

General Data Protection Regulation – covering the GDPR – which has global implications

Singapore

Data Protection Singapore – covering the Personal Data Protection Act 2012 and also the implications of the GDPR

California

California Consumer Privacy Act

Course Outline

Module one: Protecting Personal Data

Module two: Protecting Personal Data (Advanced)

Module three: Preventing and responding to data breaches

Module four: GDPR

Modern Slavery – non-jurisdictional

Course Description

Modern slavery can affect any country; the United Nations estimates there are more than 40 million victims of modern slavery worldwide. Modern slavery can occur in any sector or industry, and at any point in a supply chain. High-risk industries include fashion, agriculture, hospitality, construction, electronics and extractives. The risk of modern slavery occurring in supply chains increases for organisations that have extensive, complex or global supply chains.

This three-module course covers what modern slavery is, its prevalence in supply chains, and how its use can most effectively be prevented by organisations. Both modules contain practical scenarios relating to issues affecting organisations with modern slavery in their supply chains. These scenarios equip staff to identify and take steps to prevent modern slavery from occurring in their supply chains.

Who is this training for?

This training is suitable for a wide variety of staff including those working in procurement, compliance or risk roles as well as those working in a front-line capacity.

Course Outline

  • Module 1: Introduction to the prevention of modern slavery
  • Module 2: Preventing the use of modern slavery in supply chain

Modern Slavery Awareness

Course Description

Are your staff equipped to identify and appropriately respond to modern slavery risks?

Do you need short, effective training to raise staff awareness of the indicators of modern slavery and how they should respond?

Modern slavery can affect any country: the United Nations estimates there are more than 40 million victims of modern slavery worldwide. It can occur in any sector or industry, and at any point in a supply chain. High-risk industries include fashion, agriculture, hospitality, construction, electronics and extractives. The risk of modern slavery occurring in supply chains increases for organisations that have extensive, complex or global supply chains. Your staff – including your front line and non-specialist staff – must be aware of the risks of modern slavery, and the ensuing consequences your business could face if they’re left unchecked.

Modern Slavery – Awareness is a single-module, awareness course that equips your staff with an understanding of:

  • The definition of Modern Slavery
  • How to explain the occurrence of modern slavery in supply chains
  • What can be done to combat and prevent the existence of modern slavery

Who is this training for?

This training is an express, 10 minute variant of our three-module Modern Slavery – Australia and non-jurisdictional courses. It is designed to equip your front line staff with general awareness surrounding modern slavery.

It is also suitable for volunteers, contractors and students.

Course Outline

  • Module 1: Modern Slavery Awareness

Modern Slavery

Course Description

Modern slavery can affect any country; the United Nations estimates there are more than 40 million victims of modern slavery worldwide. Modern slavery can occur in any sector or industry, and at any point in a supply chain. High-risk industries include fashion, agriculture, hospitality, construction, electronics and extractives. The risk of modern slavery occurring in supply chains increases for organisations that have extensive, complex or global supply chains.

This three-module course covers what modern slavery is, its prevalence in supply chains, and how its use can most effectively be prevented by organisations. Both modules contain practical scenarios relating to issues affecting organisations with modern slavery in their supply chains. These scenarios equip staff to identify and take steps to prevent modern slavery from occurring in their supply chains.

Who is this training for?

This training is suitable for a wide variety of staff including those working in procurement, compliance or risk roles as well as those working in a front-line capacity.

Course Outline

  • Module 1: Introduction to the prevention of modern slavery
  • Module 2: Preventing the use of modern slavery in supply chains
  • Module 3: Australia-wide modern slavery laws