Back to overview Criteria 2

Awareness and secure behavior

The company ensure that the board of directors and senior management receive training in IT security and responsible data use. The company must further ensure that employees, consultants and suppliers are continuously and regularly trained in IT security and responsible data use.

2.1 Train the board and senior management in IT security, data protection and data ethics

The company should ensure that the board and senior management focus on and are equipped to deal with IT security, data protection and data ethics by receiving special training once a year.

2.1.1 Train the board and senior management in IT security, data protection and data ethics

2.2 Employee awareness and education in IT security

The company should ensure that employees and users who use IT are trained in IT security. The training programme should equip them to discharge their IT-related responsibilities and duties in accordance with the relevant policies, procedures and agreements.

2.2.1 Provide regular awareness of and training in IT security to all employees and users on a continous basis

2.3 Employee awareness and education in responsible use of data

The company should ensure that employees and users who deal with personal data and data ethics are trained in responsible use of data. The programme includes training to equip them to discharge their responsibilities and duties in accordance with the relevant policies, procedures and agreements.

2.3.1 Provide regular awareness of and training in responsible processing of personal data to all employees and users on a continous basis
2.3.2 Provide regular awareness of and training in data ethics to all employees and users on a continous basis


Skip to content