Information Security Awareness Training

ISO 27001 defines a number of key areas of staff awareness, requiring staff to be aware of their contribution to the ISMS and the implications of not confirming; staff need to be aware of their responsibilities for cyber and information security.

It is critical that all members of staff fully understand their responsibilities towards the personal data of others, including customers, suppliers, and other staff members.

Many data breaches occur simply through not thinking, or trying to help, so it is essential to empower your staff with the tools for safe data handling. This includes ensuring that your Board and senior management are aware of their responsibilities.

Information Security coordinators and managers will need to have the relevant competency to be able to fulfil their role, and ISO 27001 requires that you take action to enable the relevant competence, and evaluate the effectiveness of any such training.

Cambridge Risk Solutions can provide training and assurance that you have staff who are competent and confident in their role.

It is critical that staff who have a role in event and incident management are competent.

They need to understand the difference between an event and an incident, the escalation process and, in some cases, incident management.

This applies not just to IT issues, and should apply across the business.

Thus, it may be, particularly for smaller businesses, that the staff responsible for information security incident response also have business continuity management duties; it is important to highlight where staff will have both roles.

Cambridge Risk Solutions can assist with training internal auditors, ensuring that they have the competence to be able to effectively audit all of the risk controls, as well as the management system and related documentation.