Limited-time offer
Lock in 2024 prices now for ISO 27001 toolkits, course exams, and software!
This offer is valid until December 19, 2024.

Expert Advice Community

Guest

Training and ISO 27001 implementation

  Quote
Guest
Guest user Created:   Mar 24, 2022 Last commented:   Mar 28, 2022

Training and ISO 27001 implementation

We have read through an article on your website that speaks about the training cycle.. We are confused about the first point in the article: https://prnt.sc/RuSlI-gE3BiA. Is it mandatory to train other employees and do this or is this optional?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 24, 2022

raining is mandatory only for that personnel mentioned in documents required by the ISMS. For those employees not mentioned in the documents, the training is optional.

For example, if a Backup Policy only mentions IT personnel in its content, only these personnel need to be trained in this policy.

Please note that the standard requires that a person that can affect information security needs to have the necessary competence to protect the information, and one way to do so is to provide training.

Quote
0 0
Bionninitsanreznik Mar 24, 2022

Hi there,

Thank you for your response. 

In the light of the above, does conformio keeps track of all personnel required by the ISMS to have training? If so, where can we find that? Is that in the Training Module?

Quote
0 0
Expert
Rhand Leal Mar 28, 2022

Your assumption is correct. Required information security training and awareness activities, and which personnel is required to attend them, are mapped in the Training Module, but please note that this tracking is not done automatically. You need to define manually these activities, according to the competencies you identify you need to have.

From a standard point of view, the information included in the Training module is sufficient for certification purposes. In case you already have any other solution implemented for tracking training in your company you may include the information about information security training and awareness on it.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 24, 2022

Mar 28, 2022

Suggested Topics