Expert Advice Community

Guest

Security Awareness Training

  Quote
Guest
Guest user Created:   May 05, 2021 Last commented:   May 05, 2021

Security Awareness Training

We received this question:

Hi Dejan, I was wondering if you or anyone from your team of experts could answer this question for security training and awareness for ISO 27001. I have come across a really good site for security training for staff. The free course can be used for employees. Only downside is there is a quiz at the end but it does not give a score, only competed status.

Can this be used as a measurement for ISO 27001 compliance for awareness. How do we prove to the auditor if there are no scores. We can always ask staff to send us a screenshot for completing the course. Is this enough? Or does the standard require an actual score for the quiz/training.

Once again thank you so much to you and your team.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 05, 2021

Completed status for attended training or completed quizzes can be used as evidence for ISO 27001 clause 7.2 (competence). As additional evidence of fulfillment, in case more evidence is needed, an auditor can use other methods, like observation or interviews.  

This article will provide you a further explanation about awareness and training:

These materials will also help you regarding awareness and training:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 05, 2021

May 05, 2021

Suggested Topics