UnixTime

Research Note

Security Awareness and Training Plan

Use this plan to define annual, induction, refresher, and role-specific information security training.

On this page

When to use this

Use this plan to define annual, induction, refresher, and role-specific information security training.

Plan

Audience Required training Trigger Frequency Provider Assessment method Evidence location Owner
All personnel Baseline awareness and policy briefing Onboarding Annual / on change TBD Quiz / acknowledgement TBD TBD
Contractors / third-party users Relevant policy, confidentiality, acceptable use, reporting Before access Contract start / renewal TBD Acknowledgement TBD TBD
Privileged users Secure administration and incident reporting Before privileged access Annual / role change TBD Practical test / manager sign-off TBD TBD
Managers Management security responsibilities Role assignment Annual / policy change TBD Interview / acknowledgement TBD TBD

Review triggers

  • Policy or procedure change.
  • New or changed threat.
  • Incident or near miss.
  • Audit finding or nonconformity.
  • New system, supplier, or information handling practice.
  • Role or access change.

Effectiveness review

Metric Target Current result Action required Owner
Completion rate TBD TBD TBD TBD
Assessment pass rate TBD TBD TBD TBD
Repeated incident theme TBD TBD TBD TBD
Overdue specialist training TBD TBD TBD TBD