SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIS2
Browse NIS2
PR.AT: Awareness and Training
User Awareness and Training
PR.AT-01: Staff are sensitized and trained to possess the knowledge and skills to carry out general tasks considering cybersecurity risks.
  • 1. A training plan on staff cybersecurity, including administration and management bodies, is defined, implemented, updated, and documented, comprising at least: a) the planning of the training activities with an indication of the contents provided; b) any methods of verifying the acquisition of the contents.
  • 2. The training plan referred to in point 1 is approved by the administration and management bodies.
  • 3. An updated register is maintained, listing employees who received the training referred to in point 1, the relevant contents, and the list of verifications carried out where applicable.
Requirement Covered
Not Applicable - Not applicable
No - The requirement(s) have not been meaningfully implemented.
Partial - Not all requirement(s) have been meaningfully implemented.
Yes - There is an organization-wide approach to managing cybersecurity risks that uses risk-informed policies, processes, and procedures to address potential cybersecurity events.
Description

Staff are sensitized and trained to possess the knowledge and skills to carry out general tasks considering cybersecurity risks.

Specialized Role Awareness and Training
PR.AT-02: Individuals holding specialized roles are sensitized and trained to possess the knowledge and skills to perform relevant tasks, taking into account cybersecurity risks.
  • 1. The plan referred to in measure PR.AT-01 includes dedicated training for personnel with specialized roles, that is, those requiring a set of skills and competencies related to security, including system administrators, which includes at least: a) instructions on the safe configuration and operation of information and network systems; b) information on known cyber threats; c) instructions on behavior to adopt in case of events relevant to security.
  • 2. An updated register is maintained listing employees who have received the training referred to in point 1, the related content, and the list of checks performed where required.
Requirement Covered
Not Applicable - Not applicable
No - The requirement(s) have not been meaningfully implemented.
Partial - Not all requirement(s) have been meaningfully implemented.
Yes - There is an organization-wide approach to managing cybersecurity risks that uses risk-informed policies, processes, and procedures to address potential cybersecurity events.
Description

Individuals holding specialized roles are sensitized and trained to possess the knowledge and skills to perform relevant tasks, taking into account cybersecurity risks.