In the ISO 27001:2013 standard, information security awareness is a mandatory requirement designed to ensure that everyone in an organization understands their role in protecting data. It is primarily addressed through and Annex A.7.2.2 (Awareness, Education, and Training) . Key Requirements of ISO 27001:2013 Awareness
: Comprehensive guides explaining how to set up an awareness program can be found through ISMS.online's ISO 27001 Requirement 7.3 Awareness Page . information security awareness-iso 27001:2013 download