ISMS Compliance
CyFun BasicProtect

PR.AT-1: Security awareness training

All users are informed and trained

PROTECTPR.AT-1Key Measure

Requirement

Employees shall be trained as appropriate.

Our Implementation

All team members are directly involved in technical and security decisions, maintaining day-to-day security awareness through hands-on development and operational practices. Security considerations are integrated into development workflows including code review, dependency management, and infrastructure decisions.

A structured training programme is scheduled for Q2 2026, including (ISC)2 Security Awareness Training for all team members, Google Phishing Quiz exercises, and formal policy sign-off acknowledgments. Training requirements are defined by role (all staff, developers, administrators) with annual recurrence.

Gaps / Planned improvements:

  • Formal security awareness training programme scheduled for Q2 2026 (NEX-347, NEX-341, NEX-342)
  • Training records and evidence retention process defined, to be populated upon programme completion (NEX-347)

Evidence

PlannedL1 — Initial

PR.AC-5: Network integrity

Network integrity (network segregation, network segmentation) is protected

PR.DS-1: Data-at-rest protection

Data-at-rest is protected

On this page

RequirementOur ImplementationEvidence