Security Awareness Training
We received this question:
Hi Dejan, I was wondering if you or anyone from your team of experts could answer this question for security training and awareness for ISO 27001. I have come across a really good site for security training for staff. The free course can be used for employees. Only downside is there is a quiz at the end but it does not give a score, only competed status.
Can this be used as a measurement for ISO 27001 compliance for awareness. How do we prove to the auditor if there are no scores. We can always ask staff to send us a screenshot for completing the course. Is this enough? Or does the standard require an actual score for the quiz/training.
Once again thank you so much to you and your team.
Assign topic to the user
Completed status for attended training or completed quizzes can be used as evidence for ISO 27001 clause 7.2 (competence). As additional evidence of fulfillment, in case more evidence is needed, an auditor can use other methods, like observation or interviews.
This article will provide you a further explanation about awareness and training:
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
These materials will also help you regarding awareness and training:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- Free Security Awareness Training: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security.
Comment as guest or Sign in
May 05, 2021