Training and awareness is a critical part of the implementation, operation and maintenance of an effective Information Security Management System (ISMS). Cambridge Risk Solutions can provide expertise and support:
General Information Security awareness training for all staff
ISO 27001 defines a number of key areas of staff awareness, requiring staff to be aware of their contribution to the ISMS and the implications of not confirming; staff need to be aware of their responsibilities for cyber and information security. Cambridge Risk Solutions can assist with the development and delivery of awareness training and programmes, assisting to effectively embed information security in your business.
Specific training for Information Security coordinators and managers
Information Security coordinators and managers will need to have the relevant competency to be able to fulfil their role, and ISO 27001 requires that you take action to enable the relevant competence, and evaluate the effectiveness of any such training. Cambridge Risk Solutions can provide training and assurance that you have staff who are competent and confident in their role. Examples of our training are:
- Event and Incident Management training for members of response teams
It is critical that staff who have a role in event and incident management are competent. They need to understand the difference between an event and an incident, the escalation process and, in some cases, incident management. This applies not just to IT issues, and should apply across the business. Thus, it may be, particularly for smaller businesses, that the staff responsible for information security incident response also have business continuity management duties; it is important to highlight where staff will have both roles.
- Design and delivery of training for internal auditors
Cambridge Risk Solutions can assist with training internal auditors, ensuring that they have the competence to be able to effectively audit all of the risk controls, as well as the management system and related documentation.