Training and ISO 27001 implementation
Assign topic to the user
raining is mandatory only for that personnel mentioned in documents required by the ISMS. For those employees not mentioned in the documents, the training is optional.
For example, if a Backup Policy only mentions IT personnel in its content, only these personnel need to be trained in this policy.
Please note that the standard requires that a person that can affect information security needs to have the necessary competence to protect the information, and one way to do so is to provide training.
Hi there,
Thank you for your response.
In the light of the above, does conformio keeps track of all personnel required by the ISMS to have training? If so, where can we find that? Is that in the Training Module?
Your assumption is correct. Required information security training and awareness activities, and which personnel is required to attend them, are mapped in the Training Module, but please note that this tracking is not done automatically. You need to define manually these activities, according to the competencies you identify you need to have.
From a standard point of view, the information included in the Training module is sufficient for certification purposes. In case you already have any other solution implemented for tracking training in your company you may include the information about information security training and awareness on it.
Comment as guest or Sign in
Mar 28, 2022