Meeting ISO 27001’s staff awareness training requirements

Staff awareness training is one of the most effective ways of preventing data breaches. That’s why it’s at the front and centre of ISO 27001, the international standard that describes best practice for an ISMS (information security management system). 

The Standard recognises that, although technological defences are essential, their use is limited if employees make careless mistakes. There’s nothing technology can do if someone finds an employee’s password on a scrap of paper or if an employee loses a briefcase containing sensitive information. 

To prevent these kinds of mistakes, ISO 27001 mandates that organisations hold regular staff awareness training tackling a variety of information security issues. 

How to deliver training 

The core of your staff awareness training courses should consist of broad lessons on the essentials of any given topic. These don’t have to be particularly long – for example, our Information Security Staff Awareness E-Learning Course can be completed in about 45 minutes – but they should give employees enough information to ensure they get the simple things right. 

Courses can be delivered in-house or outsourced to a third party. Your decision will probably depend on your organisation’s resources. If you have someone capable of creating and delivering courses to your staff, this will be hugely beneficial, as they will already have an in-depth understanding of what your staff need to know. 

Unfortunately, it’s rare to find someone with the skills and time to do this. That’s why third-party options, such as our staff awareness e-learning courses, are more frequently used. Online courses provide easily accessible information that can be repeated for new staff and as refreshers for existing employees. 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.