How frequently "Information Security Training Awareness Training"should be done in an organization as per ISO 27001 requirement e.g monthly ...once in 6 months or once in a year
Answer:
It is not established in ISO 27001 a specific frequency for the Information Security Awareness, although in accordance with the control A.7.2.2 Information security awareness, education and training: All employees of the organization and, where relevant, contractors shall receive appropriate awareness education and training and regular updates
, so can be recommendable to have an annual information security awareness programme.
For this awareness program, can be interesting this article 8 Security Practices to Use in Your Employee Training and Awareness Program : https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/
Comment as guest or Sign in
Jan 13, 2016