Go to kintent.com

Docy Child

Updated on February 28, 2023

HR-1 Security Awareness Training (SAT)

Estimated reading: 3 minutes 736 views

What is this control about?

This control is about demonstrating that your organization has a process for assigning Security Awareness Training (SAT) to employees. SAT is a formal process for educating employees and contractors on how to protect an organization’s resources. This is a mandatory training that should be completed by all new employees and contractors hired and completed by all employees at least once a year to remain updated with current security best practices.

The SAT can be provided via an e-learning system or in-person by a competent professional.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them.

Security Awareness Training Tools
NINJIO
KnowBe4
Eset – They offer a free package
Curricula Free security training for organizations with less than 1000 employees
“Do it yourself” – some customers DIY the training. They create/compile their own training deck, schedule the training and take attendance. There are some risks associated with this approach – for example you may get the deck wrong or miss a critical person in the training. However, this does work for many customers.

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

  • N/A for this section

Control implementation

The action required here is to install a training tool or training materials provided by a third party and implement the following:

  • A formal and repeatable process to distribute the materials to all new hires and have it completed within the first 2 months of employment
  • A formal and repeatable process to distribute the material to all employees at least once a year

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

  • Provide a screenshot of the training tool showing the SAT materials or provide the SAT materials
  • Provide screenshot of the users’ completion status for a specific employee or all employees

Evidence example

From the suggested action above, an example is provided below:

  1. Provide a screenshot of the training tool showing the SAT materials or provide the SAT materials.

Screenshot demonstrating the name and module of the training

HR 1 Screenshot1

HR 1 Screenshot2

 

2. Provide a screenshot of the users’ completion status for a specific employee or all employees.

TrustCloud example demonstrating the training completion status for a number of employees

HR 1 Screenshot3

Governance - Previous HR-12 Organizational structure Next - Governance BIZOPS-14 Control Selection

Join the conversation

ON THIS PAGE
SUBSCRIBE
FlightSchool
SHARE THIS ARTICLE
Twitter Facebook LinkedIn
FlightSchool by TrustCloud

FlightSchool is the fun way to learn about compliance, trust, and TrustCloud’s products.

© 2023 TrustCloud Corporation. All rights reserved.
TrustOps® is a registered trademark of TrustCloud Corporation.

FlightSchool RSS Feed

TOPICS

Platform

ABOUT US

AICPA
Monitored by TrustCloud

❤️  Joyfully crafted by a 100% distributed team.