PR.AT-02.220

Does your organization provide specialized cybersecurity training for employees and third parties (contractors, partners, suppliers) who perform roles with elevated security responsibilities?

Explanation

Role-based cybersecurity training ensures that individuals with specialized responsibilities receive targeted education beyond basic awareness training. For example, developers should receive secure coding training, system administrators should learn about secure configuration, and procurement staff should understand third-party risk management. Evidence of compliance could include training matrices showing role-specific requirements, specialized training materials tailored to different roles, completion records for role-based training sessions, or certificates of completion for specialized cybersecurity courses.

Implementation Example

Provide role-based cybersecurity awareness and training to all those in specialized roles, including contractors, partners, suppliers, and other third parties

ID: PR.AT-02.220

Context

Function: PR: PROTECT
Category: PR.AT: Awareness and Training
Sub-Category: Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub