Hello dear Advisera Team,
1. Should evidence of competence be related to Information Security, or IT, or something else? Which competence do we have to justify? Should we have the evidence for everybody, or only just for IT Manager or Admins e.g.?
2. What if we have an online learning platform with Data Privacy Training, but only half of the employees completed that training? I don't think it is enough, can it raise a non-confirmity?