October is National Cyber Security Awareness month and it’s when we tend to notice an uptick in downloads of our security awareness training policy template. If your workplace is in need of one, please check it out.

Many regulations and standards indicate that organizations should be conducting security awareness and training including, but not limited to, PCI DSS, HIPAA, FINRA, RMF, NIST CyberSecurity Framework, and ISO 27001 to name a few. A formal policy provides two important things: 1) mandatory training requirement expectations and 2) evidence to clients and stakeholders that your organization is serious about protecting its information.

Our training policy template is in Word format and was built to closely match the requirements of NIST SP 800-53r4 security controls on Awareness and Training. Download it, customize it, and implement it! (Remember, though, don’t put anything into a policy that you don’t intend to or can’t implement.)