Cloud Officer & Outsourcing Officer - Certified programme

At the end of the course, the participants must be able to:

• understand the role and responsibilities of the cloud officer / outsourcing officer
• have an overview of the applicable circulars including CSSF Circular 22/806 and the domains covered in this circular. It will enable them to make their choices including gap analysis and remediation actions for conformity with this circular.
• understand and demonstrate different service and delivery models of cloud computing
• understand and demonstrate the risk management for outsourcing arrangements (ICT, cloud, and business process outsourcing)
• understand and demonstrate security aspects and principles of cloud computing
• practically manage the outsourcing operations

Role and responsibilities

• Introduction
• Definition
  • Cloud officer
  • Outsourcing officer
• Responsibilities
• Hierarchical structure

Compliance considerations (Circular 22/806 CSSF included)

• Introduction
• Applicable circulars
  • CSSF 22/806
  • CSSF 20/750
  • CSSF 21/769 (22/804)
• Circular 22/806 domains
  • General principles (including sustainability (ESG))
  • Governance
    • Assessments of outsourcing arrangements
    • Framework
    • Outsourcing process
  • Requirements in the context of ICT outsourcing arrangements
• Next Steps

Cybersecurity, policies, processes, and Risk Management

• Introduction
• Cybersecurity domains
  • Governance and strategy
  • Risk management
    • Basics of Risk Management
    • Risk management of the outsourcing arrangements (ICT, cloud and business process outsourcing)
  • Information security
    • Policy and processes
    • Identity and Access management
    • Cryptography
    • Examples of cloud security solutions
  • ICT governance
  • Business continuity management
• Next Steps

Outsourcing and Technologies: Cloud Solution Providers (AWS & AZURE) and other outsourcing use case

• Introduction to different service and delivery models of cloud computing.
• Introduction to the cloud solution providers
  • AWS
  • MS Azure
• Cloud solution providers
  • Security principles
  • How principles apply (Security options, data encryption…)?
• Cascade outsourcing: Organisational and Compliance Aspects
• Other outsourcing use cases: SOC, Hosting, Development, …

Compliance practical implications (Circular 22/806 CSSF included)

• CSSF notification step by step
• Alignment of the governance with the circular
  • Management body responsibility
  • Proportionality analysis
  • Outsourcing definition
  • Outsourcing policy
  • Outsourcing life-cycle
  • Outsourcing register
  • Contract management
  • Upgrade of existing outsourced functions
  • Critical or important functions (CIF)
  • Exit strategy and Business Continuity management
  • Service provider monitoring process – Outsourcing monitoring framework.

The knowledge acquired in the seminar will be validated through an examination. The examination is based on a MCQ questionnaire of around 30 questions. The required passing rate is 60%.