An organization has decided to conduct information security awareness and training sessions on a monthly basis for all employees. Only 45% of employees who attended these sessions were able to pass the exam. What does the percentage represent?
According to the ISO/IEC 27001:2022 standard, a performance indicator is “a metric that provides information about the effectiveness or efficiency of an activity, process, system or organization” (section 3.35). A performance indicator should be measurable, relevant, achievable, realistic and time-bound (SMART). In this case, the percentage of employees who passed the exam is a performance indicator that measures the effectiveness of the information security awareness and training sessions. It shows how well the sessions achieved their intended learning outcomes and how well the employees understood the information security concepts and practices.
References:
ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection — Information security management systems — Requirements1
ISO/IEC 27001 Lead Implementer Info Kit
Key performance indicators for an ISO 27001 ISMS2
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit