We received this question:
Hi Dejan, I was wondering if you or anyone from your team of experts could answer this question for security training and awareness for ISO 27001. I have come across a really good site for security training for staff. The free course can be used for employees. Only downside is there is a quiz at the end but it does not give a score, only competed status.
Can this be used as a measurement for ISO 27001 compliance for awareness. How do we prove to the auditor if there are no scores. We can always ask staff to send us a screenshot for completing the course. Is this enough? Or does the standard require an actual score for the quiz/training.
Once again thank you so much to you and your team.