Choonhaphan Lerlertpakdee has over 8 years of working experiences. Prior to joining ACIS, he started his career as a financial auditor in professional service firm. He also had experience in IT risk and assurance. Since 2011, he has joined ACIS during which he has been involved in a number of information security related projects such as BCMS implementation, IT audit and maturity assessment. He is proficient in the areas of business continuity management, IT service management, information privacy and project management.
- Master of Business Administration, Chulalongkorn University
- Bachelor of Accountancy, Chulalongkorn University
- Part-time Lecturer, Chulalongkorn University
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in the Governance of Enterprise IT (CGEIT)
- Certified in Risk and Information Systems Control (CRISC)
- COBIT 5 Assessor
- COBIT 5 Implementation
- COBIT 5 Foundation
- Certified Information Privacy Technologist (CIPT)
- Member of the Business Continuity Institute (MBCI)
- ITIL Expert Certificate in IT Service Management
- Project Management Professional (PMP)
- ISMS Training (Transition to ISO/IEC 27001:2013)
- ITSMS Auditor/Lead Auditor Training (ISO/IEC 20000-1:2011)
- ISMS Provisional Auditor
- ITSMS Provisional Auditor
- BCMS Provisional Auditor
- Established IT service management system (ITSMS) or part of IT service management in accordance with international standard and leading practice such as ISO 20000 and IT Infrastructure Library (ITIL) which key components including service delivery processes, relationship processes, resolution processes and control processes.
- Established business continuity management system (BCMS) or part of business continuity management in accordance with international standard and leading practice such as ISO 22301 and Good Practice Guideline which key components including business impact analysis, risk assessment process, business continuity plan and exercising.
- Established risk management framework or part of risk management program in accordance with international standard and leading practice such as ISO 31000 which key components including risk assessment process, risk treatment process, control design and implementation, control monitoring and maintenance.
- Performed information system audit including IT general control (e.g., system development, change management, business continuity management), application control, and security configuration review over logical access layers (e.g., application, operating system and database) of the clients’ information system such as enterprise resource planning (ERP) system or other business application.
- Performed compliance review of existing management systems, processes or frameworks, identified gap and made pragmatic recommendation to meet the requirement of international standard or leading practice such as ISO 27001, ISO 20000 and ISO 22301.
- Conducted training to clients in the areas of information security or related (e.g., assurance, cloud computing and big data, forensics, governance risk and compliance, information security, project and program management and software security).