Information Security

Increase Awareness? An explanation of awareness in ISO 27001 information security.

Increase Awareness? An explanation of awareness in ISO 27001 information security.
How do you create awareness and how can awareness be used to prevent a potential internal data breach? Creating awareness around information security is essential for achieving and maintaining certifications such as ISO/IEC 27001. During audits, the level of awareness within an organization is tested, and this is critical to the management system.
This article was last updated on
16/4/2025

Awareness within a management system?

Een belangrijk onderdeel om een certificering voor jouw organisatie te behalen en/of te behouden is bewustzijn. Tijdens de audits van de norm ISO/IEC 27001 informatiebeveiliging, wordt op verschillende onderwerpen getoetst of de organisatie over voldoende bewustzijn beschikt. Het belang van informatiebeveiliging wordt middels het managementsysteem onder de aandacht gebracht. Hierbij streeft de organisatie naar het vergroten van het bewustzijnsniveau van personeel, contractanten en overige belanghebbenden.

Importance of information security

How do you deploy the right resources and tools to raise awareness within the organization, on the topic of information security?

By setting up the management system, using the PDCA model, awareness can be continuously improved. The PDCA model is used to continuously monitor whether the planned components are being achieved and where improvements can be made. In the management system, opportunities and risks are analyzed. Based on this analysis, a selection can be made of subjects in which awareness can be increased.

Focus on behavior and human error

By actively paying attention to behavior, you increase user awareness. In fact, the "Annual Data Breach Report 2017" by the Personal Data Authority, shows that almost 80% of all internal data breaches originate from human error. The most common forms of data leaks are misdirecting emails and losing data carriers (such as USB sticks).

How do you increase awareness?

To raise awareness, several methods are effective:

  • Information Security Onboarding Program: Integrate information security into the onboarding process for new employees.
  • Periodic Awareness Sessions: Hold regular sessions covering relevant topics and raising awareness.
  • Phishing Simulaties: Voer regelmatig phishing-simulaties uit om medewerkers bewust te maken van potentiële dreigingen.
  • Visual Aids: Distribute flyers, posters, or newsletters to provide visual reminders of information security.
  • E-learning Modules: Bied cursussen en e-learning modules, zoals Guardey, aan om dieper in te gaan op informatiebeveiliging.

‍Theseare just a few examples to raise awareness within your organization. In fact, each organization requires a different approach.

Awareness training customized for your organization

Door de juiste invulling te geven aan een bewustwordingsplan verlaag je de kans op mogelijke incidenten. Als gevolg hiervan wordt het personeel bewuster en voorkom je imagoschade. Bij Fendix bieden we verschillende Security Awareness diensten aan op maat voor jouw organisatie.

Kilian Houthuijzen
Commercial Manager & Partner
085 773 60 05
To news overview

Related articles

Customer case
Klantcase: Heras behaalt ISO 27001-certificering binnen één jaar met ontzorgende implementatie
read more
News
Why an AVG scan is important for your organization
read more
KAM Certifications is now Fendix

We are a partner of

SGS
BSI
TUV
DEKRA
KIWA
Brand Compliance
LRQA
DNV
Digitrust