Training and awareness is a critical part of the implementation, operation and maintenance of an effective Information Security Management System (ISMS). Cambridge Risk Solutions can provide expertise and support.
Cambridge Risk Solutions can assist with the development and delivery of awareness training and programmes, assisting to effectively embed information security in your business.
We offer on-site training, remote training, or a wide range of eLearning courses.
General Awareness Training
ISO 27001 defines a number of key areas of staff awareness, requiring staff to be aware of their contribution to the ISMS and the implications of not confirming; staff need to be aware of their responsibilities for cyber and information security.
Data Protection Training
It is critical that all members of staff fully understand their responsibilities towards the personal data of others, including customers, suppliers, and other staff members.
Many data breaches occur simply through not thinking, or trying to help, so it is essential to empower your staff with the tools for safe data handling. This includes ensuring that your Board and senior management are aware of their responsibilities.
Event and Incident Management training for Information Security Coordinators and Managers
Information Security coordinators and managers will need to have the relevant competency to be able to fulfil their role, and ISO 27001 requires that you take action to enable the relevant competence, and evaluate the effectiveness of any such training.
Cambridge Risk Solutions can provide training and assurance that you have staff who are competent and confident in their role.
Event and Incident Management training for members of response teams
It is critical that staff who have a role in event and incident management are competent.
They need to understand the difference between an event and an incident, the escalation process and, in some cases, incident management.
This applies not just to IT issues, and should apply across the business.
Thus, it may be, particularly for smaller businesses, that the staff responsible for information security incident response also have business continuity management duties; it is important to highlight where staff will have both roles.
Design and delivery of training for internal auditors
Cambridge Risk Solutions can assist with training internal auditors, ensuring that they have the competence to be able to effectively audit all of the risk controls, as well as the management system and related documentation.
We are happy to answer any questions about Business Continuity, Crisis Management, Information Security, Data Protection and Product Recalls.
How Can Cambridge Risk Solutions Help?
Cambridge Risk Solutions provides a range of services to assist with the implementation of Information Security, and have an experienced ISO 27001 Lead Auditor who can assist with readiness for certification to ISO 27001:2013.
View some case studies of recent Information Security and ISO 27001 projects.