Training policy for employees
Does anyone know of any white papers or any organizations that have created some type of baseline policy for employees?
We are trying to come up with a policy that basically says, if you are employed in information security and you work for our team you need to get certified within x months and continue your training after. We will also include that our company is obligated to provide training to the employee for x amount of time, hours, days, weeks etc during the calendar year so that the employee can maintain and acquire the relevant skills for their job.
Doea anyone here created such a policy? Or can reference me to some baselines. Basically consider this similar to the CPE program for CISSP with the added bonus that the company will pay for the employee training.
We are trying to come up with a policy that basically says, if you are employed in information security and you work for our team you need to get certified within x months and continue your training after. We will also include that our company is obligated to provide training to the employee for x amount of time, hours, days, weeks etc during the calendar year so that the employee can maintain and acquire the relevant skills for their job.
Doea anyone here created such a policy? Or can reference me to some baselines. Basically consider this similar to the CPE program for CISSP with the added bonus that the company will pay for the employee training.
Comments
-
636-555-3226 Member Posts: 975 ■■■■■□□□□□We don't have an explicit policy, but job descriptions require them to (just an example) "stay up-to-date on infosec technologies & processes." if you wanted to take it a step further you could add something like "such as through continuing education and certification programs." do you NEED to have an explicit policy? my personal preference is to only have policies you have to use them to force someone to do something. if you're going to pay for the training regardless of what's on paper, then why take the time to put it on paper?
-
TheFORCE Member Posts: 2,297 ■■■■■■■■□□We need to have it on paper as a policy as we operate in a regulated environment and is being pushed down to us by rhe regulators. Basically the regulators want to see that employees holding infosec jobs are continually training and company provides training for them so that employees can be kept up to date.
-
shochan Member Posts: 1,014 ■■■■■■■■□□I would just turn this UP whenever the regulators come in
https://www.youtube.com/watch?v=2ziH7PfCmOYCompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP