DORA-Art15-P1

ICT Security Training Records COMMON

CSV register of staff ICT security awareness training completions, including training modules, completion dates, assessment scores, and certification status as required by DORA Article 15.

Formats

CSV

Evidence Class

ict-training-records

Availability

COMMON

Update Frequency

quarterly

Typical Author

HR Training Coordinator

Approval Chain

HR Training Coordinator → CISO

Content Sections

• Training Records

Expected Fields

• employee_id
• employee_role
• training_module
• completion_date
• assessment_score
• pass_fail
• certification_expiry
• training_provider

Common Quality Issues

• Training records incomplete for contractors and temporary staff
• No differentiation of training content by role or risk exposure
• Assessment scores not tracked or too lenient
• Missing records for board-level ICT risk training

ICT Security Awareness Programme PARTIAL

Document describing the institution's ICT security awareness programme, including objectives, target audiences, delivery methods, content modules, and effectiveness metrics.

Formats

DOCX PDF

Evidence Class

ict-awareness-programme

Availability

PARTIAL

Update Frequency

annual

Typical Author

CISO

Approval Chain

CISO → HR Director

Content Sections

• Programme Objectives
• Target Audiences
• Training Modules
• Delivery Methods
• Assessment Approach
• Effectiveness Metrics
• Annual Schedule

Expected Fields

• programme_version
• effective_date
• target_completion_rate
• modules_count
• delivery_methods
• assessment_type

Common Quality Issues

• Programme content not updated for emerging threats
• No role-specific training tracks for high-risk roles
• Effectiveness measured only by completion rates, not behaviour change
• Missing phishing simulation or social engineering exercises

ict_training_status

Schema ID

fs-ict-training-status

Control

DORA-Art15-P1

Valid Ranges

reporting_period_end

within last 12 months

completion_rate_percent

above 90% for adequate compliance

JSON Schema

{
  "properties": {
    "average_assessment_score": {
      "maximum": 100,
      "minimum": 0,
      "type": "number"
    },
    "board_members_trained": {
      "type": "boolean"
    },
    "completion_rate_percent": {
      "maximum": 100,
      "minimum": 0,
      "type": "number"
    },
    "includes_phishing_simulation": {
      "type": "boolean"
    },
    "modules_available": {
      "minimum": 0,
      "type": "integer"
    },
    "reporting_period_end": {
      "format": "date",
      "type": "string"
    },
    "role_specific_training_available": {
      "type": "boolean"
    },
    "staff_trained": {
      "minimum": 0,
      "type": "integer"
    },
    "total_staff": {
      "minimum": 0,
      "type": "integer"
    }
  },
  "required": [
    "reporting_period_end",
    "total_staff",
    "staff_trained",
    "completion_rate_percent"
  ],
  "type": "object"
}