Training and awareness statements in the Information security policy
Assign topic to the user
* [job title] is responsible for adopting and implementing the Training and Awareness Plan, which applies to all persons who have a role in information security management
* job title] will implement information security training and awareness programs for employees
Answer:
The first statement defines who is responsible for approving the Training and Awareness Plan, typically this would be CEO in smaller companies; the second statement defines who is responsible for the execution of this plan - in smaller companies this would usually be a person responsible for information security.
By the way, the Training and Awareness Plan is also included in the ISO 27001 toolkit.
This article might also help you: How to perform training & awareness for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Apr 25, 2016