Search
Updated on January 24, 2024

HR-1 Security Awareness Training (SAT)

Estimated reading: 3 minutes 1897 views

What is HR-1 Security Awareness Training (SAT) control about?

Security Awareness Training (SAT) control is about demonstrating that your organization has a process for assigning this training to employees. HR-1 Security Awareness Training (SAT) is a formal process for educating employees and contractors on how to protect an organization’s resources. This is mandatory training and should be completed by all new employees and contractors at least once a year to remain updated with current security best practices.

This mandatory training, SAT, can be provided via an e-learning system or in person by a competent professional.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Security Awareness Training Tools
NINJIO
KnowBe4
Eset – They offer a free package
Curricula Free security training for organizations with less than 1000 employees
“Do it yourself”—some customers DIY the training. They create or compile their own training deck, schedule the training, and take attendance. There are some risks associated with this approach; for example, you may get the deck wrong or miss a critical person in the training. However, this does work for many customers.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

  • N/A for this section

Control implementation

For implementation:

You need to install a training tool or training materials provided by a third party and implement the following:

  • A formal and repeatable process to distribute the materials to all new hires and have it completed within the first 2 months of employment.
  • A formal and repeatable process to distribute the material to all employees at least once a year.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Provide a screenshot of the training tool showing the Security Awareness Training (SAT) materials, or provide the SAT materials.
  2. Provide a screenshot of the user’s completion status for a specific employee or all employees for Security Awareness Training (SAT).

Evidence example

For the suggested action, an example is provided below:

  1. Provide a screenshot of the training tool showing the SAT materials, or provide the SAT materials.
    The following screenshot demonstrates the name and module of the training.
    HR 1 SS 01
  2. Provide a screenshot of the completion status of the users’ for a specific group of employees or all employees.
    TrustCloud’s example:
    The following screenshot demonstrates the training completion status for a number of employees.
    HR 1 SS 02

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR