Make employees aware of their roles and responsibilities for maintaining awareness and compliance with established policies and procedures and applicable legal, statutory, or regulatory compliance obligations.
The organization should maintain a training and awareness program that regularly reminds personnel of their responsibilities. These responsibilities include maintaining awareness and compliance with policies, procedures, and applicable legal, statutory, and/or regulatory obligations. The training and awareness program may include several awareness-raising activities via appropriate physical or virtual channels, such as campaigns, booklets, posters, newsletters, websites, information sessions, briefings, e-learning modules, and emails.
- Examine the process for selection of applicable legal, statutory, or regulatory compliance obligations, and for review of its output.
- Verify, by Interviews or otherwise, that employees are aware of their roles and responsibilities with respect to such obligations.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.