A major goal of an ISMS is to train the awareness of all employees. Raising awareness of information security and sensitizing them to the possibilities of attacks such as phishing e-mails or virus-contaminated USB sticks etc. As well as more understanding for information security or more security with regard to information security related issues.
Therefore you should set up a training concept how you can train and reach the employees. After all, the organisation has the responsibility to support employees in complying with guidelines and measures by means of events, information, briefings, training and much more.
For this purpose we offer the template “Training concept“, in which you can write down such things. It also includes a training plan that provides for at least one training course per year on the subject of information security.
Employees must also be informed about the consequences for the individual and the company if guidelines are not adhered to. These include, for example, requirements for extended training, warnings or disciplinary proceedings, penalties for external persons for breach of contract or similar, and much more.
Tip: For the TISAX exam you should already have held one or more trainings and be able to present them. Here you have the possibility to split the training into e.g. the different departments, so that you do not have only one training course listed in your training plan and can better respond to the respective departments.
Note: For the TISAX exam, you must also be able to evaluate the training courses, e.g. you must be able to prove a test, quiz or survey or determine the effectiveness of the training.