BCS Practitioner Certificate in Information Risk Management (PCIRM)

CodePCIRM CurriculumRisk Management Sub-CategoryRisk Management

There are currently no dates listed for this course.
Contact us by calling 01285 407 177 or email info@CoriniumTraining.co.uk.

Course Outline

Practitioner Certificate in Information Risk Management (PCIRM) 

BCS Accredited 5 Day Course 


This course covers the BCS Practitioner Certificate in Information Risk Management and closely follows the approaches recommended in the ISO 27005 and ISO 31000 Standards.  

The course will enable delegates to confidently sit the 3 hour BCS Practitioner Certificate in Information Risk Management examination which is taken on the last afternoon of the course.  

This PCIRM course has also been accredited by the Institute of Information Security Professionals (IISP). It has also been accredited as part of the CESG Certified Training (CCT) Scheme. 

Who should attend

The course will primarily benefit those involved in information security, audit and those engaged in the implementation and operation of formal information risk management, including those charged with PCI DSS compliance and any corporate governance compliance requirements. 


By the end of the course, delegates will have a detailed understanding of all the key components of risk management and be able to return to their organisation and make a significant contribution to the risk management process. Delegates will benefit from the practical and extensive experiences of trainers who are all practising risk management specialists. 


Candidates should ideally have at least 2 years’ experience in information security and risk management. An understanding of information security standards such as ISO 27001, ISO 27002 and ISO 27005 would be beneficial, as would attendance on the Certificate in Information Security Management Principles course (or similar). 


On completion of this course delegates will be able to demonstrate their competence in, and their ability to: 
• Conduct an information risk assessment including business impact analysis and threat and vulnerability assessments  
• Explain how the management of information risk will bring about business benefits  
• Explain and make full use of information risk management terminology  
• Explain the importance of control selection and risk treatment  
• Evaluate risks and present the results in a way which will form the basis of a risk treatment plan  

BCS Examination

After taking the course, delegates will be able to sit a formal 3 hour examination set by BCS Professional Certifications.  
The examination will comprise:  
Section 1:  10 multiple choice questions  6 short answer questions  
Section 2:  3 scenario based essay style questions.  Students will need to obtain a mark of at least 65% to pass the examination. 

Course style

This is a ‘Practitioner’ course and leans heavily on discussions and workshops which are designed to reinforce the concepts being taught and to build the delegates confidence in conducting risk assessments. The course is also designed to encourage debate, and the sharing of knowledge and experience between students. 

Course Topics

Concepts, Framework References and Definitions 
• Risk Management Principles 
• Risk Management Process 
• Risk Management Standards, e.g. ISO 27005 and ISO 31000 
• The Need for Information Risk Management 
• Context of Risk in the Organisation 

Establishing a Risk Management Programme 
• Programme Requirements 
• Developing a Strategic Approach to Information Risk Management 
• Information Classification Schemes 

Risk Assessment: Identification 
• Asset Identification 
• Business Impact Analysis 
• Threat and Vulnerability Assessment 

Risk Assessment: Analysis and Evaluation 
• Risk Analysis 
• Risk Evaluation 

Risk Treatment 
• Options for Risk Treatment 
• Risk Treatment Plans 

Presenting Risks and Business Case 

Monitoring and Review 

• Organisational Context Analysis 
• Business Impact Analysis 
• Financial and non-Financial Impact Assessment 
• Risk Assessment 
• Risk Identification 
• Risk Analysis 
• Risk Evaluation 
• Risk Treatment 
• Risk Treatment Plans
• Risk Reporting