Competence evidences for ISO 27001
Assign topic to the user
We are intending on delivering face to face awareness training on the specific policies being deployed, this will be both general awareness and targeted to those groups of people that specific policies relate to, would a general CBT be enough to back this up?
Answer: You have to assess the competency only of those included in the scope of your ISMS. Regarding competence evidences, besides a CBT general security course an face to face training for awareness of all people included in the scope, maybe you also should consider specific courses for technical and management personnel, like IT team and top management, since they required more specific knowledge to fulfil their informat ion security related tasks. Additionally, for evidence of competence the standard also accepts evidences of experience and education, and where you can provide those evidences the CBT and face to face training may be optional.
This article will provide you further explanation about competence evidences for ISO 27001:
- 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
These materials will also help you regarding competence evidences for ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Question: Does this mean the competency only needs to be assessed of
Those who put together and manage the ISMS ? I.e. Me as head of Infosec and those who write or approve any policy? Or do we need to assess the competency of anyone who has to follow the policy?
Answer: You need to assess the competency of anyone who has an impact in the performance of the ISMS, i.e. those who put together and manage the ISMS and also of those who have to follow the policies.
Comment as guest or Sign in
Mar 14, 2017