HR-1 Security Awareness Training (SAT)

Estimated reading: 3 minutes 2035 views

What is HR-1 Security Awareness Training (SAT) control about?

Security Awareness Training (SAT) control is about demonstrating that your organization has a process for assigning this training to employees. HR-1 Security Awareness Training (SAT) is a formal process for educating employees and contractors on how to protect an organization’s resources. This is mandatory training and should be completed by all new employees and contractors at least once a year to remain updated with current security best practices.

This mandatory training, SAT, can be provided via an e-learning system or in person by a competent professional.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Security Awareness Training Tools
NINJIO
KnowBe4
Eset – They offer a free package
Curricula Free security training for organizations with less than 1000 employees
“Do it yourself”—some customers DIY the training. They create or compile their own training deck, schedule the training, and take attendance. There are some risks associated with this approach; for example, you may get the deck wrong or miss a critical person in the training. However, this does work for many customers.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

  • N/A for this section

Control implementation

For implementation:

You need to install a training tool or training materials provided by a third party and implement the following:

  • A formal and repeatable process to distribute the materials to all new hires and have it completed within the first 2 months of employment.
  • A formal and repeatable process to distribute the material to all employees at least once a year.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Provide a screenshot of the training tool showing the Security Awareness Training (SAT) materials, or provide the SAT materials.
  2. Provide a screenshot of the user’s completion status for a specific employee or all employees for Security Awareness Training (SAT).

Evidence example

For the suggested action, an example is provided below:

  1. Provide a screenshot of the training tool showing the SAT materials, or provide the SAT materials.
    The following screenshot demonstrates the name and module of the training.
    HR 1 SS 01
  2. Provide a screenshot of the completion status of the users’ for a specific group of employees or all employees.
    TrustCloud’s example:
    The following screenshot demonstrates the training completion status for a number of employees.
    HR 1 SS 02

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR