Employess trainning and awareness
Assign topic to the user
Answer: Although there are some common knowledge the employees should be trained about, for a precise answer you should consider your risk treatment plan, because there you will find information about all controls that must be implemented, and then you can evaluate for each control the level of training you have to provide, considering technical staff, managers and final users.
You should note that the employees do not need to be trained in the whole ISO 27001 standard (except perhaps the person responsible for the ISMS), only for the particular controls related to their activities.
For the more common training to be considered, I suggest you take a look a this article:
- 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-traini ng-and-awareness-program/
This article will provide you further explanation about awareness and training:
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301
These materials will also help you regarding awareness and tranning:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Oct 18, 2017