SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Security Awareness training - Compliance question

  Quote
Guest
Guest user Created:   Mar 30, 2022 Last commented:   Mar 30, 2022

Security Awareness training - Compliance question

We have started to use Advisera security awareness training (currently subscribed to a Company account up to 50 users) and several of our employees who have been notified about the program, are still not registered or their status in overdue. In the light of the above, will that prevent us from being compliant to ISO 27001 (In that specific area)? Must all employees complete the program or is it enough to show there an ongoing activity?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 30, 2022

I’m assuming you refer to a certification audit situation.

Considering that, to be compliant with clauses 7.2 Competence and 7.3 Awareness you need to ensure that at least the personnel in the main roles related to information security (e.g., the CEO, the CISO, IT Head, IT staff, internal auditor, etc.) had performed their training and awareness activities and that there are no overdue activities (i.e., you do not need that all employees complete the program by the time of the certification audit, only to evidence that the program is ongoing).


This article will provide you with a further explanation about awareness and training:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 30, 2022

Mar 30, 2022

Suggested Topics