Template: Cyber Hygiene Training Record
Instructions
Documents mandatory training under §30(2) No. 7 BSIG and management training under §38(3) BSIG. Use one template per training session.
Training Master Data
| Field | Value |
|---|---|
| Training ID | TRN-YYYY-XXX |
| Title | |
| Type | [ ] Onboarding [ ] Mandatory refresher [ ] §38 Management [ ] Specialized |
| §30 No. 7 reference | [Cyber hygiene / Phishing / Password / Social engineering / Other] |
| Date | |
| Duration (min.) | |
| Format | [ ] In-person [ ] Live webinar [ ] E-learning self-study |
| Trainer / provider | |
| Trainer qualification |
Learning Content
| Topic | Description |
|---|---|
Learning Objectives
- [ ] Recognising phishing emails
- [ ] Secure handling of passwords and MFA
- [ ] Reporting paths for security incidents
- [ ] Data classification and secure data handling
- [ ] [Additional objectives]
Attendee List
| Name | Role | Department | Attended | Test passed |
|---|---|---|---|---|
| [ ] | [ ] | |||
| [ ] | [ ] |
Knowledge Check
| Aspect | Value |
|---|---|
| Test format | [ ] Multiple choice [ ] Practical exercise [ ] None |
| Pass threshold | [%] |
| Overall pass rate | [%] |
| Re-training required for | [List of failed attendees] |
Evidence
- [ ] Attendee list with signatures (or digital confirmation)
- [ ] Training materials (slides, videos)
- [ ] Test results
- [ ] Trainer qualification proof
Approval
| Name | Date | |
|---|---|---|
| Created by | ||
| Reviewed by (CISO) | ||
| For §38: Management confirms attendance |
Notes
- Retention period: at least 3 years
- Management must be trained at least annually (§38(3))
- All employees with system access: mandatory refresher at least annually
- New hires: onboarding training within 30 days of joining