Training

You will need to be able to demonstrate how you support development of competences of your (ISMS) Team members.
You will need to organize at least on a yearly basis a security awareness training. 
Proof what was on the agenda and who attend the training. 
And performed evaluation on training.

This section is already a compliant with other standards on Quality – where you will need to organize more training and keep track of all information. 

Make sure that at least the security awareness training is added to this overview. However if you organize more training, add – as this will show your learning environments. Do not forget to evaluate your training – eg:by sending a questionnaire to all attendees, to check if the content sticks. And make suggestions for improvements to the next training – create a link to this training and the control card to keep the information aligned. 

Consider to add also the internal instructions (eg: new tooling, work procedures) and even add more knowledge areas (with +Add new fields) to be used as evidence for your competence check.

This is also important to create evidence of reducing the risk for Single Point of Knowledge – that is an issue for most small companies. You can reuse the training material as well, easy to find. 

Don’t worry if you make use of a lot of internal trainers; that’s a strength instead of a weakness. It means that you have highly qualified team members. Add a pdf of their LinkedIn as evidence. Don’t worry if you cannot add all information – just explain why not. 

The evaluation of training will become more important if you start scaling and/or when you want to add a QMS framework to your compliance framework. You will need to compile a HRM Program making use not only for security issues and privacy topics – also for the general competences in job descriptions. 

General

Attendees

Materials & Evaluation

FieldValue/descriptionExample
Exercise namefree text field Security Training
General   
DateWorkoutselect the date of the training 
Location select if training took place online or offline – in person Online
Training Descriptionfree text field – write the aim of the training and what is it aboutAnnual Security Awareness Training
Trainer typeselect internal or external (provided by someone within the company or outside)Internal
Trainer name free text field { name }
Link to website if applicable include the linkwww.compleye.io
Knowledge areaselect the box with the knowledge area that the training covered Compliance. Security, Privacy
Attendeesselect team members that joined the training{ names }
Materials & Evaluation   
Training material + upload document – include slides, manuals, recording, anything provided for the purpose of the training 
Certificates+ Upload document – upload the proof of completion 
Evaluation dateselect the date when training evaluation took place { date }
Evaluation byselect a team member that performed the evaluation { name }
Notesfree text field  
Remarksfree text field 
Evaluation documentsupload the document with evaluation results, summary and improvements 

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.