Lesson 1, Topic 1
In Progress

Training concepts

A major goal of an ISMS or ISO27001 is also to train the awareness of all employees. The sensitization for information security and sensitization to the possibilities of attacks such as phishing e-mails or virus-contaminated USB sticks etc.. Increasing understanding of information security or more security with regard to information security related issues.

Therefore you should set up a training concept how you can train and reach the employees. After all, the organisation has the responsibility to support employees in complying with guidelines and measures by means of events, information, briefings, training and much more.

For this purpose we offer the template “Training concept“, in which you can write down such things. It also includes a training plan that provides for at least one training course per year on the subject of information security.

Employees must also be informed about the consequences for the individual and the company if guidelines are not adhered to. These include, for example, requirements for extended training, warnings or disciplinary proceedings, penalties for external persons for breach of contract or similar, and much more.