Back

Support certification programs as viable training programs.


CONTROL ID
13268
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an education methodology., CC ID: 06671

This Control has the following implementation support Control(s):
  • Include evidence of experience in applications for professional certification., CC ID: 16193
  • Include supporting documentation in applications for professional certification., CC ID: 16195
  • Submit applications for professional certification., CC ID: 16192


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • If an applicant fails the IRAP examination twice, they must re-apply for entry into the program. Applicants must wait at least 12 months from their exam result notification before re-applying for entry into the program. ASD strongly encourages applicants to re-consider their suitability for entry in… (13., IRAP Policies and Procedures Australian Signals Directorate Information Security Registered Assessors Program, 11/2020)
  • At all times, maintain pre-requisite professional qualifications as identified in Category A and B of the application process. (IRAP Membership Maintaining IRAP assessor membership ICT security knowledge maintenance ¶ 1 1., IRAP Policies and Procedures Australian Signals Directorate Information Security Registered Assessors Program, 11/2020)
  • currently hold a certification from both Category A and Category B (21.c., IRAP Policies and Procedures Australian Signals Directorate Information Security Registered Assessors Program, 11/2020)
  • Regularly verify that personnel have the competencies to fulfil their roles on the basis of their education, training and/or experience. Define core IT competency requirements and verify that they are being maintained, using qualification and certification programmes where appropriate. (PO7.2 Personnel Competencies, CobiT, Version 4.1)
  • Establish and regularly update a curriculum for each target group of employees considering: - Current and future business needs and strategy - Value of information as an asset - Corporate values (ethical values, control and security culture, etc.) - Implementation of new IT infrastructure and soft… (DS7.1 Identification of Education and Training Needs, CobiT, Version 4.1)
  • Train or ensure the training of Contractor personnel. If Contractor personnel access NCIC, schedule the operators for testing or a certification exam with the CSA staff, or AC staff with permission from the CSA staff. Schedule new operators for the certification exam within six (6) months of assignm… (§ 3.2.7 ¶ 1 6., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • An AC is a staff member of the CGA who manages the agreement between the Contractor and agency. The AC shall be responsible for the supervision and integrity of the system, training and continuing education of employees and operators, scheduling of initial training and testing, and certification tes… (§ 3.2.7 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Certification programs. (App A Objective 5:6 b., FFIEC Information Technology Examination Handbook - Management, November 2015)