The 2013 standard explicitly addresses awareness in , requiring that all persons doing work under the organization’s control must be aware of:
| Control Reference | Topic | Awareness Message | |------------------|-------|-------------------| | A.6.1.2 | Segregation of duties | No single person controls critical processes end-to-end. | | A.8.1.3 | Acceptable use of assets | Use corporate assets only for authorized business purposes. | | A.9.4.3 | Password management | Choose strong passwords; never share credentials. | | A.11.2.9 | Clear desk and clear screen | Lock screens when away; secure physical documents. | | A.13.2.3 | Electronic messaging | Avoid opening suspicious links/attachments; report phishing. | | A.16.1.5 | Response to security incidents | Report all suspected incidents immediately to the security team. | download information security awareness-iso 27001:2013
To find ready-made materials for ISO 27001:2013 awareness: The 2013 standard explicitly addresses awareness in ,
For a high-level summary of the ISMS (Information Security Management System) principles, visit the BSI Group Product Guide . ⚠️ Important Note on Versioning | To find ready-made materials for ISO 27001:2013