Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Evidence of competence

  Quote
Nika Created:   Feb 16, 2021 Last commented:   Feb 17, 2021

Evidence of competence

Hello dear Advisera Team,

1. Should evidence of competence be related to Information Security, or IT, or something else? Which competence do we have to justify? Should we have the evidence for everybody, or only just for IT Manager or Admins e.g.?

2. What if we have an online learning platform with Data Privacy Training, but only half of the employees completed that training? I don't think it is enough, can it raise a non-confirmity?

Thank you!

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 17, 2021

1. Should evidence of competence be related to Information Security, or IT, or something else? Which competence do we have to justify? Should we have the evidence for everybody, or only just for IT Manager or Admins e.g.?

The evidence of competence must be related to issues and activities that can impact the ISMS (e.g., secure development for the development and maintenance of information systems included in the ISMS scope, audit techniques for internal auditors, etc.).

You need to evidence competency of anyone who has an impact on the performance of the ISMS, i.e., those who put together and manage the ISMS (e.g., managers and technical staff), and also of those who have to follow the policies and procedures (e.g., all employees included in the ISMS scope).

These articles will provide you a further explanation about competence evidence for ISO 27001:

These materials will also help you regarding competence evidence for ISO 27001:

2. What if we have an online learning platform with Data Privacy Training, but only half of the employees completed that training? I don't think it is enough, can it raise a non-confirmity?

The answer to this question will depend on your defined ISMS scope. In case your ISMS scope is all the organization, and data privacy protection is a requirement for the ISMS, then this situation can rise a non-conformity.

These articles will provide you a further explanation about ISMS scope and readiness for certification:

These materials will also help you regarding ISO 27001:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Feb 16, 2021

Feb 17, 2021

Suggested Topics

sujansuresh Created:   Jul 29, 2016 ISO 27001 & 22301
Replies: 1
0 0

Audit Doubt

Guest post Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

7.2 Competence

Guest user Created:   Jan 26, 2021 ISO 27001 & 22301
Replies: 1
0 0

CISO