When to use this
Use this matrix to map training requirements to roles, responsibilities, systems, and information access.
Related controls
- A.6.3 Information Security Awareness Education and Training
- Roles and Responsibilities
- A.6.2 Terms and Conditions of Employment
Matrix
| Role or group | Baseline awareness | Role-specific topics | Required before access? | Refresher frequency | Evidence record | Owner |
|---|---|---|---|---|---|---|
| All personnel | Yes | Policy, reporting, acceptable use, phishing, classification | Yes | Annual / on major change | Security Training Record | TBD |
| System administrators | Yes | Privileged access, logging, change, secure configuration, incident response | Yes | Annual / role change | TBD | TBD |
| Managers | Yes | Management responsibilities, enforcement, exceptions, non-compliance | Yes | Annual | TBD | TBD |
| Contractors | Yes | Confidentiality, access rules, reporting, data handling | Yes | Contract renewal / access change | TBD | TBD |
Gap review
| Role | Missing training | Risk created | Action | Due date | Owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Training
- People controls
Note Metadata
Aliases: Security Training Matrix
Source: 90 Templates/Role-Based Security Training Matrix.md
Related Notes
- Roles and Responsibilities
- ISO 27001 A.6.2 - Terms and Conditions of Employment
- ISO 27001 A.6.3 - Information Security Awareness, Education and Training
- A.6 People Controls MOC
- A.6.3 Audit Evidence Pack
- A.6 People Controls Implementation Guide
- A.6 People Controls Implementation Audit Risk Mapping
- A.6.3 Audit Checklist
- Security Training Record
- Templates MOC