SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Clause 7.2 (Competence)

  Quote
Guest
Guest user Created:   Mar 10, 2022 Last commented:   Mar 10, 2022

Clause 7.2 (Competence)

I’m missing one document in my ISMS, that is for clause 7.2 (Competence). Could you point me in the direction of a good format to put this information in. It’s a record of all people involved in monitoring and managing the overall ISMS right?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 10, 2022

ISO 27001 does not prescribe a format to document evidence of required competencies, so organizations can adopt the format that best fit their needs (e.g., certificates, attendance lists, references from previous employers, etc.).

As for what to document, the evidence of competence must be related to experience, knowledge or skills required to perform activities that can impact the ISMS (e.g., secure development competencies for the development and maintenance of information systems included in the ISMS scope, audit techniques for internal auditors, etc.).

You need to evidence competency of anyone who has an impact on the performance of the ISMS, i.e., those who put together and manage the ISMS (e.g., managers and technical staff), and also of those who have to follow the policies and procedures (e.g., all employees included in the ISMS scope).

These articles will provide you a further explanation about competence evidence for ISO 27001:

- 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/

For an example of document that can be used as evidence, please take a look at this template: Training and Awareness Plan https://advisera.com/27001academy/documentation/training-and-awareness-plan/

Quote
0 0
Guest
Nick Smith Mar 10, 2022

Great, thanks. I have a training and awareness plan policy already so I guess this should cover it.

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 10, 2022

Mar 10, 2022