>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

HR-03Security training and awareness programme

>Control Description

The Cloud Service Provider operates a target group-oriented security awareness and training program, which is completed by all internal and external employees of the Cloud Service Provider on a regular basis. The program is regularly updated based on changes to policies and instructions and the current threat situation and includes the following aspects: • Handling system components used to provide the cloud service in the production environment in accordance with applicable policies and procedures; • Handling cloud customer data in accordance with applicable policies and instructions and applicable legal and regulatory requirements; • Information about the current threat situation; and • Correct behaviour in the event of security incidents. Additional criteria: The learning outcomes achieved through the awareness and training programme are measured and evaluated in a target group-oriented manner. The measurements cover quantitative and qualitative aspects. The results are used to improve the awareness and training programme.

Ask AI

Configure your API key to use AI features.