Training
You will need to be able to demonstrate how you support development of competences of your (ISMS) Team members.
You will need to organize at least on a yearly basis a security awareness training.
Proof what was on the agenda and who attend the training.
And performed evaluation on training.
This section is already a compliant with other standards on Quality – where you will need to organize more training and keep track of all information.
Make sure that at least the security awareness training is added to this overview. However if you organize more training, add – as this will show your learning environments. Do not forget to evaluate your training – eg:by sending a questionnaire to all attendees, to check if the content sticks. And make suggestions for improvements to the next training – create a link to this training and the control card to keep the information aligned.
Consider to add also the internal instructions (eg: new tooling, work procedures) and even add more knowledge areas (with +Add new fields) to be used as evidence for your competence check.
This is also important to create evidence of reducing the risk for Single Point of Knowledge – that is an issue for most small companies. You can reuse the training material as well, easy to find.
Don’t worry if you make use of a lot of internal trainers; that’s a strength instead of a weakness. It means that you have highly qualified team members. Add a pdf of their LinkedIn as evidence. Don’t worry if you cannot add all information – just explain why not.
The evaluation of training will become more important if you start scaling and/or when you want to add a QMS framework to your compliance framework. You will need to compile a HRM Program making use not only for security issues and privacy topics – also for the general competences in job descriptions.
General
Attendees
Materials & Evaluation
.
| Field | Value/description | Example |
| Exercise name | free text field | Security Training |
| General | ||
| DateWorkout | select the date of the training | |
| Location | select if training took place online or offline – in person | Online |
| Training Description | free text field – write the aim of the training and what is it about | Annual Security Awareness Training |
| Trainer type | select internal or external (provided by someone within the company or outside) | Internal |
| Trainer name | free text field | { name } |
| Link to website | if applicable include the link | www.compleye.io |
| Knowledge area | select the box with the knowledge area that the training covered | Compliance. Security, Privacy |
| Attendees | select team members that joined the training | { names } |
| Materials & Evaluation | ||
| Training material | + upload document – include slides, manuals, recording, anything provided for the purpose of the training | |
| Certificates | + Upload document – upload the proof of completion | |
| Evaluation date | select the date when training evaluation took place | { date } |
| Evaluation by | select a team member that performed the evaluation | { name } |
| Notes | free text field | |
| Remarks | free text field | |
| Evaluation documents | upload the document with evaluation results, summary and improvements |
