You will need to be able to demonstrate how you support development of competences of your (ISMS) Team members.
You will need to organize at least on a yearly base a security awareness training. 
Proof what was on the agenda and who attend the trainings. 
And performed evaluation on training.

This section is already a compliant with other standards on Quality – where you will need to organize more training and keep track of all information. 

Make sure that at least the security awareness training is added to this overview. However if you organize more training, add – as this will show your learning environments. Do not forget to evaluate your training – eg:by sending a questionnaire to all attendees, to check if the content sticks. And make suggestions for improvements to the next training – create a link to this training and the control card to keep the information aligned. 

Consider to add also the internal instructions (eg: new tooling, work procedures) and even add more knowledge areas (with +Add new fields) to be used as evidence for your competence check.

This is also important to create evidence of reducing the risk for Single Point of Knowledge – that is an issue for most small companies. You can re-use the training material as well, easy to find. 

Do not worry if you make use of a lot of internal trainers; that’s a strength instead of a weakness. It means that you have highly qualified team members. Add a pdf of their LinkedIn as evidence. Do not worry if you cannot add all information – just explain why not. 

The evaluation of training will become more important if you start scaling and/or when you want to add a QMS framework to your compliance framework. You will need to compile a HRM Program making use not only for security issues and privacy topics – also for the general competences in job descriptions. 


Field Value/description Example
Training name free text field  Security Training
Date Training select the date of the training  
Location  select if training took place online or offline – in person  Online
Training Description free text field – write the aim of the training and what is it about Yearly Security Awareness Training
Trainer type select internal or external (provided by someone within the company or outside) Internal
Trainer name  free text field  {name}
Link to website  if applicable include the link
Knowledge area select the box with the knowledge area that the training covered  Compliance. Security, Privacy
Attendees select team members that joined the training {names}
Materials & Evaluation     
Training materials  + upload document – include slides, manuals, recording, anything provided for the purpose of the training  
Certificates + Upload document – upload the proof of completion  
Evaluation date select the date when training evaluation took place  {date}
Evaluation by select a team member that performed the evaluation  {name}
Notes free text field   
Remarks free text field  
Evaluation documents upload the document with evaluation results, summary and improvements  

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.