Security Awareness training - Compliance question
Assign topic to the user
I’m assuming you refer to a certification audit situation.
Considering that, to be compliant with clauses 7.2 Competence and 7.3 Awareness you need to ensure that at least the personnel in the main roles related to information security (e.g., the CEO, the CISO, IT Head, IT staff, internal auditor, etc.) had performed their training and awareness activities and that there are no overdue activities (i.e., you do not need that all employees complete the program by the time of the certification audit, only to evidence that the program is ongoing).
This article will provide you with a further explanation about awareness and training:
- How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Mar 30, 2022