Requirements to satisfy the requirements of ISO 27001?
completed this training already and I enjoyed it.
Quite a lot of this content was a ‘common sense’ for someone who works in the field, but it will be new to other staff members and my ISO 27001 team members.
I’m just wondering if this training plus our GDPR e-learning and an annual refresher would be enough to satisfy the requirements of ISO 27001?
I think some input on policies and procedures would be required too.
Assign topic to the user
To fulfill ISO 27001 requirements related to competence (clause 7.2), you need to identify which competencies are necessary for doing work that affects information security performance.
While the Security Awareness Training, GDPR e-learning, and training about policies and procedures most probably will fulfill part of the requirement, you need to check if more specific activities are required. For example, training on a specific technology used by your organization, or on a new process that needs to be implemented, like a disaster recovery process.
This article will provide you a further explanation about training and awareness:
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Oct 19, 2021