Robert A. Aanerud

Principal Training and Assessment Programs

A unique combination of experience and knowledge

Robert A. Aanerud has over 40 years of experience and is sought out for his depth of knowledge and experience in all areas of information security, privacy, ethics, compliance, audit, and corporate governance. Robert’s clients have included over 120 of the Fortune 500 corporations in the United States, and hundreds of organizations and government entities in the U.S., U.K., Canada, Europe, and Central and South America. He focuses on Critical Infrastructure clients in financial services, insurance, telecommunications, transportation, manufacturing, gas and oil, chemical, pharmaceutical, government, and education.

His experience is inclusive of national and international data protection and regulatory compliance; Information Security Management System (ISO27001 ISMS) and Information Technology Service Management (ISO20000 ITSM) pre-assessment, risk assessment, audit, management, and control; Control gap analysis, design, implementation, and audit; information security consulting services; information privacy consulting services; Management System education and awareness training and design; legal and regulatory review, research, and compliance matrix establishment; general and IT controls audits; policy and procedure review and development; sociological profiling; executive protection programs; and many other security, privacy, and information assurance and protection areas of interest to organizations, their management, and regulatory bodies.

Professional Certifications and Experience

+ Expand - Collapse
  • IRCA-Certified Auditor for ISO 9001, ISO 20000 and ISO 27001
  • RABQSA International Certified ISO27001 Trainer
  • ISC2-Certified Information System Security Professional (CISSP)
  • Certified HIPAA Security Professional (CHSP)
  • BCS/ISEB Certificate in International IT Law
  • British Standards Institute (Bureau Veritas Certification (BVC) Lead Auditor and Trainer
  • SRI Lead AuditorNSF-ISR Lead Auditor
  • ISC2-Certified CISSP Trainer
  • Certified Defense Industrial Security Program – Facility Security Officer (FSO)
  • Certified International Association of Quality Circles (IAQC) Facilitator
  • Law Enforcement Association of America (LEAA) Expert Witness – Computer Security and Privacy

Skills and Expertise

+ Expand - Collapse
  • Independent Contractor to NSF-ISR as Program Manager for ISO27001 and ISO20000 Audit and Assessment Services
  • Independent Contractor to SRI and Bureau Veritas Certification Services (ISO Certification Bodies) as Lead Auditor and Lead Trainer for Audit and Accredited/Non-Accredited Training for ISO27001, ISO20000, and ISO9001
  • Independent Contractor to BSI Americas and BSI Mexico as Lead Trainer for Accredited/Non-Accredited Training in ISO27001, ISO20000, and ISO9001
  • Independent Contractor to Veridion Consulting Services for ISO27001 and ISO20000 Accredited Training
  • Engagements in Healthcare, Pharmaceutical, Information Technology, CRM, Automotive, Gas and Oil, and Financial Services industries under multiple legal and regulatory requirements specifications (GLBA, HIPAA, ISO17799/BS7799, State Breach and Disclosure, E-Discovery, Sarbanes-Oxley, SEC Rules, NACHA Rules, NCUA Rules, PCI, etc.) and Generally-Accepted Standards and Procedures
  • Strong knowledge and understanding of International Legal and Regulatory, U.S. Federal, State, and Sectoral security and privacy law and regulation
  • Legal and Ethical Compliance Review (inclusive to International, Federal, and Sectoral Legislation and Regulation, including HIPAA, GLBA, Sarbanes-Oxley, PIPEDA, PIPA, OECD Principles, EU Directive)
  • SAS70, General and IT Control Audits and Reviews
  • Network Vulnerability and Penetration Testing
  • Business Continuity Management and Planning
  • 5 ½ years Experience in a “Big 4” Audit Firm as Principal and the International Practice Leader for Information Security Architecture in the Information Security Assurance and Advisory Services (ISAAS) Practice Area
  • Executive Risk Profiling, Protection, Planning, and Management Ascendancy
  • Ex-Patriate/In-Patriate Risk Assessment and Protection Programs
  • Instructional Design, Content Development, and Curriculum Development and Management for Computer-Based-Training
  • Homeland Security
  • Operational Intelligence/Intelligence Sources and Methods
  • Incident Planning, Management, Response, and Reporting
  • OECD Principle Interpretations

Professional Affiliations

+ Expand - Collapse
  • International Information System Security Certification Consortium (ISC)2
  • Information Systems Audit and Control Association (ISACA)
  • Computer Security Institute (CSI)
  • Institute of Internal Auditors (IIA)
  • Institute of Quality Assurance
  • RABQSA International
  • International Register of Certificated Auditors
  • Guest Speaker at numerous Conferences and Professional Meetings