Question: Are periodic refresher trainings conducted and tracked for all personnel?
Why This Matters
Refresher programs sustain awareness levels and adapt staff behavior to evolving threats and compliance updates.
Maturity
0 — Unaware
No repeat training after onboarding.
No repeat training after onboarding.
1 — Ad Hoc
Refresher sessions run irregularly.
Refresher sessions run irregularly.
2 — Defined
Annual refresher schedule approved by management.
Annual refresher schedule approved by management.
3 — Managed
Completion tracked per department and role.
Completion tracked per department and role.
4 — Integrated
Content customized for risk area and incident history.
Content customized for risk area and incident history.
5 — Optimized
Micro-learning delivered continuously with adaptive feedback.
Micro-learning delivered continuously with adaptive feedback.
How to Level Up
| From → To | Actions |
|---|---|
| 0 → 1 | Schedule one annual company-wide session. |
| 1 → 2 | Create formal calendar and policy. |
| 2 → 3 | Track completion and reminders by role. |
| 3 → 4 | Tailor content to department risks. |
| 4 → 5 | Adopt ongoing bite-sized learning modules. |
Enablers
- People: Training Coordinator, CISO, HR Lead
- Process: Plan → Deliver → Track → Analyze
- Technology: LMS, survey tool, dashboard analytics
Evidence
- Refresher schedule
- Attendance and scores
- Feedback reports
KPIs
- Completion rate per cycle
- Number of role-specific modules delivered
- Average improvement in quiz score
Low-Cost / Open-Source Options (MSME)
| Purpose | Tool | Notes |
|---|---|---|
| Delivery | Google Classroom / Moodle | Reusable courses |
| Tracking | Airtable | Auto reminders |
| Analytics | Metabase | Trend dashboard |
Common Pitfalls
- Training stagnates year to year
- No tracking for contractors and vendors
- Completion not linked to access renewal
Compliance Mapping
| Standard | Clauses / Notes |
|---|---|
| ISO/IEC 27001 | 7.3 (Awareness) |
| DPDP Act 2023 | Sec 10 (Accountability & Training) |
| NIST CSF 2.0 | PR.AT / GV.MA |
| NIRMATA Mapping | AC-Q04 sustains awareness through refresher cycles. |