When to use this
Use this plan to define annual, induction, refresher, and role-specific information security training.
Related controls
- A.6.3 Information Security Awareness Education and Training
- Information Security Policy
- A.5.27 Learning from Information Security Incidents
- Management Review
Plan
| Audience | Required training | Trigger | Frequency | Provider | Assessment method | Evidence location | Owner |
|---|---|---|---|---|---|---|---|
| All personnel | Baseline awareness and policy briefing | Onboarding | Annual / on change | TBD | Quiz / acknowledgement | TBD | TBD |
| Contractors / third-party users | Relevant policy, confidentiality, acceptable use, reporting | Before access | Contract start / renewal | TBD | Acknowledgement | TBD | TBD |
| Privileged users | Secure administration and incident reporting | Before privileged access | Annual / role change | TBD | Practical test / manager sign-off | TBD | TBD |
| Managers | Management security responsibilities | Role assignment | Annual / policy change | TBD | Interview / acknowledgement | TBD | TBD |
Review triggers
- Policy or procedure change.
- New or changed threat.
- Incident or near miss.
- Audit finding or nonconformity.
- New system, supplier, or information handling practice.
- Role or access change.
Effectiveness review
| Metric | Target | Current result | Action required | Owner |
|---|---|---|---|---|
| Completion rate | TBD | TBD | TBD | TBD |
| Assessment pass rate | TBD | TBD | TBD | TBD |
| Repeated incident theme | TBD | TBD | TBD | TBD |
| Overdue specialist training | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- Awareness
- Training
- People controls
Note Metadata
Aliases: Awareness Training Plan
Source: 90 Templates/Security Awareness and Training Plan.md
Related Notes
- Management Review
- ISO 27001 A.5.1 - Policies for Information Security
- ISO 27001 A.5.27 - Learning from Information Security Incidents
- ISO 27001 A.6.3 - Information Security Awareness, Education and Training
- A.6 People Controls MOC
- A.6.3 Audit Evidence Pack
- A.6 People Controls Implementation Guide
- A.6 People Controls Audit Guide
- A.6 People Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.6.3 Audit Checklist
- Security Training Record
- Templates MOC