Expert Advice Community

Guest

ISO 27001 Staff Security Awareness

  Quote
Guest
Guest user Created:   Apr 26, 2022 Last commented:   Apr 26, 2022

ISO 27001 Staff Security Awareness

Good Morning. I hope that you are able to answer a question for me please. Control A.7.2.2 states that "All employees of the organisation and, where relevant, contractors shall receive appropriate awareness education training and regular updates in organisational policies and procedures, as relevant for their job function." We are a small Company and currently deliver IT Security Awareness sessions via in person presentations once or twice a year. The attendance is mandatory and captured to provide evidence of provision. Are you able to advise please if this would be sufficient to satisfy an ISO 27001 audit or would the frequency of this training need to be increased and/or delivered through something more formal, such as an online training portal, with a test at the end of each session. Thank you in advance for your advice.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 26, 2022

Your scenario is not enough to be compliant with the standard, because it is not clear that you identified the necessary competencies for awareness and training (i.e., which topics you need to cover, which in general are based on perceived risks, turnover rate, or legal requirements), and while you captured evidence of provision, it is not clear that effectiveness of the actions taken is evaluated (e.g., by means of a test at the end of each session).  

ISO 27001 does not prescribe the frequency of training, so organizations can define it according to their needs.

The standard also does not prescribe ways of delivering training and awareness, so organizations can define them according to their needs.

For further information, see:

This material will also help you regarding awareness and training:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 26, 2022

Apr 26, 2022

Suggested Topics

Guest user Created:   Jun 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Certification Process

Guest user Created:   May 05, 2021 ISO 27001 & 22301
Replies: 1
0 0

Security Awareness Training