When to use this
Use this checklist during an internal audit of information security awareness, education, training, and update processes.
Related controls
- A.6.3 Information Security Awareness Education and Training
- A.6.3 Audit Evidence Pack
- Security Awareness and Training Plan
- Role-Based Security Training Matrix
- Security Training Record
Audit checklist
- Confirm the organization has a documented awareness and training approach.
- Confirm training covers employees, contractors, third-party users, and relevant interested parties where applicable.
- Confirm required training is mapped to job function and security responsibility.
- Sample personnel records and verify induction training before work/access.
- Sample specialist roles and verify supplementary training.
- Check whether training material aligns with current policies and procedures.
- Check whether trainer or external supplier competence is approved.
- Verify records show content, date, provider, completion, and results where applicable.
- Interview personnel to verify awareness of policy, ISMS contribution, and consequences of nonconformity.
- Check whether training is repeated or updated after changes, incidents, audit findings, or emerging threats.
- Check whether effectiveness metrics are reviewed and acted on.
- Record nonconformities, observations, and improvement actions.
Findings table
| Sample | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Iso27001
- ISO27002
- Template
- Audit
- A6 3
Note Metadata
Aliases: A.6.3 Training Audit Checklist
Source: 90 Templates/A.6.3 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.6.3 - Information Security Awareness, Education and Training
- A.6 People Controls MOC
- A.6.3 Audit Evidence Pack
- Audit Evidence MOC
- AQ-ISO27001-A.6.3 Information Security Awareness, Education and Training
- A.6 People Controls Audit Guide
- A.6 People Controls Implementation Audit Risk Mapping
- Role-Based Security Training Matrix
- Security Awareness and Training Plan
- Security Training Record
- Audit Evidence Index
- Templates MOC