GV.PO-01.053

Does your organization require personnel to formally acknowledge receipt and understanding of security policies at onboarding, annually, and after policy updates?

Explanation

Regular acknowledgment of security policies ensures employees remain aware of their security responsibilities and any changes to those responsibilities over time. This practice creates accountability and helps establish a culture of security awareness throughout the organization. Evidence could include screenshots of your policy management system showing acknowledgment timestamps, a sample of signed policy acknowledgment forms, or reports from your learning management system showing completion rates of policy acknowledgment tasks by employees.

Implementation Example

Require personnel to acknowledge receipt of policy when first hired, annually, and whenever policy is updated

ID: GV.PO-01.053

Context

Function: GV: GOVERN
Category: GV.PO: Policy
Sub-Category: Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub