ISO 27001 training vs awareness
Assign topic to the user
We have a couple of staff members that have quite a few opinions that we are not training' anybody, just making them aware, which for the most part, I agree with.
Answer:
From the ISO 27001 perspective, training is education - this means during the training you provide additional knowledge and skills to your employees. Example of training is ISO 27001 Lead Implementer Course.
As opposed to trainings, which give an answer to the question How?, awareness must give an answer to the questi on Why? that is, explain to your employees why they should accept information security or business continuity rules.
You'll learn more here: How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
By the way clause 5.1.1 from ISO 27001:2013 does not speak about training and awareness - this is specified in clauses 7.2, 7.3 and control A.7.2.2
Comment as guest or Sign in
Jan 12, 2016