Back to Security

Last Updated: January 28, 2025

Information Security Training

1. Purpose

The purpose of this Information Security and Privacy Awareness Training Policy is to ensure that all employees, contractors, and third-party personnel at Finpace are equipped with the necessary knowledge and skills to safeguard information assets and maintain the confidentiality, integrity, and availability of sensitive data. This policy is in alignment with ISO 27001:2013 Control A.7.2.2 on Information Security Awareness, Education, and Training.

2. Scope

This policy applies to all personnel associated with Finpace, including employees, contractors, and third-party service providers who have access to Finpace's information assets.

3. Policy Statements

3.1. Training Program

Baseline Training:

  • All personnel will undergo a baseline information security and privacy awareness training upon joining Finpace.
  • The training will cover essential topics such as information security policies, data protection principles, and regulatory requirements.

Role-Based Training:

  • Tailor training programs to specific roles within the organization, addressing the unique information security and privacy requirements associated with each role.

3.2. Content and Delivery

Content:

  • Training content will include, but is not limited to, data classification, secure handling of sensitive information, password hygiene, phishing awareness, and reporting security incidents.

Delivery Methods:

  • Utilize a combination of e-learning modules, in-person sessions, workshops, and periodic assessments to deliver training content.
  • Ensure that training materials are regularly updated to reflect the latest information security and privacy threats and best practices.

3.3. Frequency

Regular Training:

  • Conduct regular awareness training sessions for all personnel, with a frequency determined by the risk profile of the organization and changes in the information security landscape.

Refresher Training:

  • Provide periodic refresher training to reinforce key concepts and address emerging threats.

3.4. Monitoring and Evaluation

Assessment:

  • Conduct assessments to measure the effectiveness of training programs and identify areas for improvement.
  • Track individual and collective progress to ensure ongoing compliance with information security and privacy policies.

Feedback Mechanism:

  • Establish a mechanism for personnel to provide feedback on the training content and delivery, encouraging continuous improvement.

4. Responsibilities

Information Security Officer:

  • Oversee the development and implementation of information security and privacy awareness training programs.
  • Ensure that training content aligns with ISO 27001:2013 requirements and industry best practices.

HR Department:

  • Collaborate with the Information Security Officer to coordinate training sessions and track personnel participation.

Managers:

  • Encourage and support their teams in participating actively in awareness training programs.

5. Review and Compliance

Regular Review:

  • Periodically review and update the information security and privacy awareness training content to address evolving threats and organizational changes.

Compliance:

  • Ensure that all personnel comply with the training requirements outlined in this policy.

6. Approval and Communication

This Information Security and Privacy Awareness Training Policy is approved by the current CEO at Finpace: B. Forrest Tuten. HR is responsible for communicating this policy to all relevant personnel.