SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

ISMS

  Quote
Guest
Guest user Created:   Jan 26, 2022 Last commented:   Jan 26, 2022

ISMS

One important part of the ISMS is the employees' internal security awareness training. I see that you propose free security awareness training on your website. 1 - Is this sufficient during an ISO 27001 certification external audit to prove that *** took the necessary actions with regards to training internal employees? 2 - Is there any way to prove the employees have effectively followed your training ? Something like a completion certificate? 3 - Would you recommend additional steps?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 26, 2022

1 - Is this sufficient during an ISO 27001 certification external audit to prove that *** took the necessary actions with regards to training internal employees?

Please note that the security awareness training on our website focuses on regular users and general information security knowledge. In case you have specific security technical/management needs (e.g., secure development techniques or security strategy planning) this training won’t be sufficient.

Considering that, you need first to identify which information security competencies gaps you need to treat, so you can evaluate if our training will cover all your needs, or if you need to complement it.

This article will provide you a further explanation about awareness and training:

2 - Is there any way to prove the employees have effectively followed your training ? Something like a completion certificate?

Through the paid version of our security awareness training program, you can export the progress report and track which employees already attended the training and their results.

When using the free version, you can create quizzes to apply to employees who have taken the training to evaluate their learning.

3 - Would you recommend additional steps?

The steps provided in the Training and awareness plan template included in your toolkit are enough to be compliant with the standard.

Common approaches for information security awareness are training sessions, the use of newsletters, the use of video tutorials, and meetings between management and staff, which should be performed on a regular basis.

Regarding content, please note that you will have different publics with different interests:

  • top management needs to make decisions over issues that many times are not so clear for them, and they do not need deep knowledge about technicalities of security issues (they will be more concerned about how it impacts the business). In these cases, your awareness should be focused on the decisions they need to make.
  • technical personnel with operational responsibilities for security needs deep knowledge over technologies, methodologies, and processes, so your awareness should be focused on the procedures and rules they need to follow
  • overall personnel needs a basic understanding of security, to properly identify, report, and react to risky situations. In these cases, your awareness should be focused on examples and how to proceed according to the policies and procedures
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 26, 2022

Jan 26, 2022

Suggested Topics

Guest user Created:   May 17, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISMS 27001 processes

Guest user Created:   Mar 31, 2022 ISO 27001 & 22301
Replies: 1
0 0

Merging ISMSs