Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

View Training Register Now

Course Description

One of the unintended consequences of the information age is the availability of Personal Identifiable Information (PII).  The combination of name, date of birth, and Social Security Number are the keys to the kingdom for the purposes of establishing false identity and fraud.  Lost laptops, network break-ins, and phishing expeditions have led governmental entities to establish a patchwork quilt of laws requiring custodians of personal information doing business in their locality to provide safeguards and assurance that PII is secure.

We will discuss the:

  • PII scope and definitions
  • State and Federal PII requirements
  • Action plan for compliance

Learning Objectives:

  • Plan a risk assessment of your PII exposure
  • Justify the resources needed to comply with regulatory requirements
  • Identify where to focus in your evaluation of PII risk
  • Integrate PII compliance into the entity-wide compliance program
  • Build a PII compliance framework

Bonus: You will receive the ISACA Personal Identifiable Information Audit/Assurance Program for COBIT 4.1

Course Outline

What Is Personal Identifiable Information (PII)

  • Various Definitions
  • What Are Minimum Requirements
  • Dynamic Framework by Locality

The Need for Security Over PII

  • Performing a Meaningful Risk Assessment
  • Selling the Results to Management
  • Overcoming “Not Just Security”

Where to Find PII

  • The Porous Nature of Data Storage
  • Traditional Computing
  • Outsourced Systems
  • Data on the Move
  • Into the Cloud

What Do We Need

  • Establishing Criteria
  • Defining Compliance Universe
  • What Are the Legal Requirements
  • Fulfilling Assurance/Monitoring Requirements


  • Keeping Up with Changing Technology and Compliance
  • Monitoring and Assurance
    • Auditor Oversight Strategies
    • Management Assurance

Action Plan

  • Building a Framework for PII
  • Aggregating Compliance Requirements
  • Implementation of Security Measures

Additional Information

Who Should Attend
  • Internal auditors
  • Information security professionals
  • Internal control management
  • Risk managers
  • Privacy  officers
Learning Level



Group Internet-Based



Advanced Preparation


Recommended Prerequisites


Session Duration

Online: Two 3-hour sessions

On Site: 1 day

CPE Credits: 7