Course Features

Pre-course reading

3.5 hour online sessions

40+ hours self-study

Live, interactive Instructor-led training

Unlimited 1-2-1 coaching

Exam preparation

90-minute online BCS exam

Course Overview

The BCS Practitioner Certificate in Information Risk Management (PCIRM) is an in-depth qualification for information security and data protection professionals responsible for assessing and mitigating information risks.

In the modern workplace, data and information assets are vital for the smooth operation of business activities. These assets include customer and service user information, employee details, and any non-personal information about the organisation's methods, plans, management systems, finances, procurement, research areas, intellectual property, and commercial activities relevant to its interests or statutory functions.

To prevent the inappropriate sharing or theft of information and data assets, organisations must actively monitor and minimise the risk of cyberattacks, information security incidents, and data protection violations, which can cause significant harm to business operations and individuals. To accomplish this goal, organisations should ensure they have qualified employees in place to implement appropriate systems, policies, and procedures in order to identify and analyse potential vulnerabilities as part of a robust information risk management programme.

The BCS Practitioner Certificate in Information Risk Management course offers a comprehensive exploration of best practices, principles, and techniques for safeguarding critical information assets against a wide range of threats and vulnerabilities. The course covers the fundamentals of information security and various international standards applicable to information risk management, including ISO 27001, 27005, and 31000. By attending this BCS-accredited PCIRM course, attendees will develop practical skills in conducting risk assessments, evaluating risks against an organisation's risk appetite and developing risk treatment plans.

The current version of the BCS syllabus (v7.1) from July 2022 prepares delegates for the 90-minute scenario-based online BCS examination.

Course Costs

Attend the BCS Practitioner Certificate in Information Risk Management (PCIRM) for:

£2,149.00 + VAT

10% discount for subscribing to our PrivacyNewsfeed & Training Announcement Newsletters
15% additional online saving for multiple bookings on public schedule courses
In-company options available for teams of 6 or more

BCS training package includes:

10 x 3.5-hour live online sessions across 2 weeks, or
5 days for a traditional classroom setting
Entrance to the 90-minute, multiple-choice online BCS Examination
1-2-1 coaching and support
1st year BCS Associate membership

Course materials:

Detailed eBook course manual (see here for eBook features & print options)
Includes free lifetime updates, which means it will never go out of date
Full course PowerPoint presentation
Exercises & revision materials
Sample exam questions

Book Now

Intended Audience

The BCS Practitioner Certificate in Information Risk Management (PCIRM) is suitable for those individuals with the following roles or responsibilities:

Information & Cyber Security
Business Continuity
Information Risk
Privacy & Data Protection Professionals
Data Protection Officers
Information Governance
Information Assurance
Digital transformation
IT and Information systems
Software Engineering
Test Managers & QA Engineers
AI Governance
Project Managers

Learning Outcomes

BCS Practitioner Certificate in Information Risk Management (PCIRM) award holders will be able to:

Understand the terminology, principles and techniques used to manage information risks effectively
Conduct information security risk assessments, including business impact analyses, threat assessments, and vulnerability assessments
Implement information classification schemes to categorise information based on its level of sensitivity and establish appropriate controls for each category
Assess the level of risk and implement treatment plans containing appropriate controls and measures to reduce the likelihood or impact of identified risks
Apply information risk management best practices, policies, controls and measures to ensure the protection of key information assets
Measure and benchmark information risk management programme maturity
Understand and be able to communicate the information risk management programme with stakeholders at all levels

Course Itinerary

The BCS Practitioner Certificate in Information Risk Management (PCIRM) is conducted over 10 consecutive morning sessions (or 5 full days when delivered in-company).

The following schedule is intended as a guide:

Module 1	Introductions, Learning outcomes
	BCS Exam details & techniques
	The concepts and framework of information risk management • The lifecycle of information • What information risk management is, and why and when it should be undertaken • Which parts of an organisation may practice information risk management • The general legal and regulatory framework that surrounds risks to information
	Understanding the context of risk in organisations • Why organisations must take account of information risk • The benefits to organisations of undertaking information risk management • The potential consequences to organisations of not undertaking information risk management
Module 2	The fundamentals of information security • Differences between information security, cyber security, information risk management and information assurance
	Information risk terms and definitions
	Information risk management standards • ISO 27001:2022 - Information security management systems (ISMS) • ISO 27005: 2022 - Guidance on managing information security risks • ISO 31000:2018 - Risk management guidelines
	Understanding the UK legal and regulatory environment • Data Protection Act 2018 & UK General Data Protection Regulation • Official Secrets Act • Freedom of Information Act • PCI Data Security Standard
	The process of information risk management • The concept of information risk ownership • The four stages of information risk management • Conducting risk assessments (risk identification, risk analysis, risk evaluation and risk treatment) • Risk management methodologies
Module 3	Establishing an information risk management programme • The Plan-Do-Check-Act model, also known as the Deming Cycle • Leadership, responsibility and accountability • Integrating information risk management into business-as-usual operations • Resource allocation • Reporting
	Development of a strategic approach to information risk management
	The principles of information classification • The purpose of a classification scheme for information assets • Identifying and documenting information assets and their owners • Classification types
Module 4	Risk identification
	The process of identifying information assets
	Conducting a business impact analysis • The overall business impact analysis process and who should be involved • Formulating business interruption costs • Cost of failure analyses • The concept of worst-case scenarios • Direct and indirect impacts • Primary and secondary impacts • Quantifying impact levels
	Conducting a threat and vulnerability assessment • How threats and likelihood combine to create a risk • Common threats and hazards • Motivations for threats and threat actors • Common vulnerabilities and their likelihood
Module 5	Risk assessments
	How to undertake a risk analysis • Qualitative, quantitative and semiqualitative risk analysis • Generic and specific risk analyses • The construction and use of a risk matrix • Impact, proximity and likelihood scales • Risk as an opportunity
	Risk evaluation • How to quantify the results of a risk assessment • Comparing risk analysis results against organisational risk criteria • Risk registers
Module 6	Risk treatment options, controls and processes • Four strategic risk treatment options - Risk avoidance or termination - Risk reduction or modification - Risk transference or sharing - Risk acceptance or toleration and risk retention • Tactical and operational risk treatment controls • Importance of using a combination of strategic, tactical and operational approaches to risk treatment • Resilience, business continuity and disaster recovery
Module 7	Information risk monitoring • Monitoring of risks after treatment • Monitoring methods
Module 7	Undertaking an information risk review • The need to conduct risk reviews at regular intervals and when their impact or likelihood may have changed • Identifying new threats and risks • Ongoing reporting of the information risk management status
Module 8	Report and present the progress of a risk management programme • Requirements for reporting on an information risk management programme • Contents of a risk report
Module 8	Presenting a business case (to the board) • The need for a business case • Business case preparation process and format • Presentation of an outline business case
Module 9	Questions & Answers
Module 9	Individual 1-2-1 tutorials

BCS PCIRM Syllabus

BCS Practitioner Certificate in Information Risk Management (PCIRM)
Extracted from syllabus version 7.1
July 2022

Download the new syllabus (PDF)

This is a UK government-regulated qualification administered and approved by one or more of the following: Ofqual, Qualifications Wales, CCEA Regulation and SQA.

Exam Preparation Day

The topics covered in this session include:

Part 1. Online discussion and presentation

Exam technique
Timing
Completing the exam paperwork
How to read and answer BCS exam questions properly
Exercises
Group discussion, 3 example questions

Part 2. Mock exam

45-minute mock exam (50% of the exam paper)

Part 3. Discussion, Q&A, review of the mock exam

Group discussion, mock exam answers

Following the examination prep day, the instructor will evaluate each student’s mock paper and provide individual feedback. This will include direct comments on the answers and offer guidance for further study areas.

BCS PCIRM Examination

Duration and Format of the BCS Examination

The BCS Practitioner Certificate in Information Risk Management (PCIRM) exam format is a 90-minute multiple-choice examination. The exam is a closed book, i.e. no materials can be taken into the examination room.

Format of the Examination

Type	60 Multiple Choice Questions
Duration	90 minutes
Supervised	Yes
Open Book	No (no materials can be taken into the examination room)
Pass Mark	39/60 (65%)
Delivery	Digital or paper-based

Additional time for candidates requiring Reasonable Adjustments

Adjustments and/or additional time can be requested in line with the BCS reasonable adjustments policy for candidates with a disability or other special considerations, including English as a second language.