A.8.2 During employment

Objective: To ensure that all employees, contractors and third party users are aware of information security threats and concerns, their responsibilities and liabilities, and are equipped to support organizational security policy in the course of their normal work, and to reduce the risk of human error.

A.8.2.1 Management responsibilities

Control

Management shall require employees, contractors and third party users to apply security in accordance with established policies and procedures of the organization.

A.8.2.2 Information security awareness, education and training

Control

All employees of the organization and, where relevant, contractors and third party users shall receive appropriate awareness training and regular updates in organizational policies and procedures, as relevant for their job function.

A.8.2.3 Disciplinary process

Control

There shall be a formal disciplinary process for employees who have committed a security breach.

 

IT Security Awareness

End User Education is a key element of any IT Security Policy and at Castleforce we resell two tried and tested IT Security Awareness programs.

offers security awareness made simple and easy, with 12 short and funny episodes with a Securitymessage and these are followed with quizes that can be tracked to help report on who has contucted the training successfully.

 We can supply security awareness materials for your staff, managers and IT professionals, covering a fresh security topic each month.