Content library
La loi NIS2 (Belgique)
30 § 3.7°: Les pratiques et la formation en matière d'hygiène cybernétique

Requirement description

Les mesures visées au paragraphe 1er sont fondées sur une approche "tous risques" qui vise à protéger les réseaux et les systèmes d'information ainsi que leur environnement physique contre les incidents, et elles portent au moins sur: les pratiques de base en matière de cyberhygiène et la formation à la cybersécurité

How to fill the requirement

La loi NIS2 (Belgique)

30 § 3.7°: Les pratiques et la formation en matière d'hygiène cybernétique

Task name
Priority
Status
Theme
Policy
Other requirements
Staff guidance and training procedure in cyber security
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Cyber security training
50
requirements

Examples of other requirements this task affects

T11: Turvallisuuskoulutus ja -tietoisuus
Katakri
4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
29. Processing under the authority of the controller or processor
GDPR
32. Security of processing
GDPR
7.2.1: Management responsibilities
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Staff guidance and training procedure in cyber security
1. Task description

Our organization has defined procedures for maintaining staff's cyber security awareness.These may include e.g. the following things:

  • staff receive instructions describing the general guidelines of digital security related to their job role
  • staff receive training to maintain the appropriate digital and cyber security skills and knowledge required for the job role
  • staff demonstrate through tests that they have the security skills and knowledge required for the job role

Training should focus on the most relevant security aspects for each job role and include often enough the basics, which concern all employees:

  • employee's personal security responsibilities (e.g. for devices and processed data)
  • policies relevant for everyone (e.g. security incident reporting)
  • guidelines relevant for everyone (e.g. clean desk)
  • organization's security roles (who to contact with problems)
General security guidelines for staff
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Security guidelines
32
requirements

Examples of other requirements this task affects

29. Processing under the authority of the controller or processor
GDPR
8.3.2: Disposal of media
ISO 27001
9.4.4: Use of privileged utility programs
ISO 27001
11.2.7: Secure disposal or re-use of equipment
ISO 27001
12.1.1: Documented operating procedures
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
General security guidelines for staff
1. Task description

Personnel must have security guidelines that deal with e.g. the following topics:

  • Using and updating mobile devices
  • Storing and backing up data
  • Privacy
  • Using email
  • Handling of printouts, papers and files
  • Reporting incidents
  • Scam prevention
Maintaining a log of cyber security trainings
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Cyber security training
27
requirements

Examples of other requirements this task affects

7.2.2: Information security awareness, education and training
ISO 27001
T11: Turvallisuuskoulutus ja -tietoisuus
Katakri
6.1: Tietojärjestelmien käyttäjiltä vaadittava koulutus ja kokemus
Omavalvontasuunnitelma
PR.AT-1: Awareness
NIST
HAL-13: Koulutukset
Julkri
See all related requirements and other information from tasks own page.
Go to >
Maintaining a log of cyber security trainings
1. Task description

A log is kept of the cyber security training events provided by the organization to its staff. The log can be used to show what kind of specific investments the organization has made towards staff's cyber security expertise.

For each training the documentation should include:

  • Time
  • Topics and duration of the training
  • Training method and trainer
  • Staff involved in the training
Unit- or role-specific security guidelines
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Security guidelines
20
requirements

Examples of other requirements this task affects

7.2.2: Information security awareness, education and training
ISO 27001
4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
6.1: Tietojärjestelmien käyttäjiltä vaadittava koulutus ja kokemus
Omavalvontasuunnitelma
6.2: Tietojärjestelmien asianmukaisen käytön kannalta tarpeelliset käyttöohjeet
Omavalvontasuunnitelma
PR.AT-1: Awareness
NIST
See all related requirements and other information from tasks own page.
Go to >
Unit- or role-specific security guidelines
1. Task description

The security guidelines are specified in connection with the employee's job role. The organization has identified units and roles that require separate guidance and develops its own detailed security guidelines for these.

Examples of units that may require their own guidelines are e.g. customer service, IT and HR. Examples of work roles that require their own instructions are the system administrators and the remote workers.

Arranging training and guidance during orientation (or before granting access rights)
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Cyber security training
24
requirements

Examples of other requirements this task affects

7.3: Termination and change of employment
ISO 27001
7.3.1: Termination or change of employment responsibilities
ISO 27001
9.2.2: User access provisioning
ISO 27001
4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
PR.IP-11: Cybersecurity in human resources
NIST
See all related requirements and other information from tasks own page.
Go to >
Arranging training and guidance during orientation (or before granting access rights)
1. Task description

Before granting access rights to data systems with confidential information employees have:

  • received appropriate guidance on their security responsibilities (including reporting responsibilities and responsibility for their own devices)
  • received appropriate guidance on their security roles related to their own role (including digital security rules related to their role and information systems and their acceptable use)
  • received information from cyber security contacts who can be asked for more information
Continuous development of guidelines
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Security guidelines
17
requirements

Examples of other requirements this task affects

T11: Turvallisuuskoulutus ja -tietoisuus
Katakri
12.1.1: Documented operating procedures
ISO 27001
HAL-12: Ohjeet
Julkri
5.37: Documented operating procedures
ISO 27001
6.3: Information security awareness, education and training
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Continuous development of guidelines
1. Task description

If staff have conflicting goals with the security guidelines, they are unlikely to follow the guidelines.

The organization actively seeks to find poorly functioning guidelines and modify either the guidelines, tools or staff priorities to enable following the guidelines.

Reminding personnel about their cyber security responsibilities
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Cyber security training
10
requirements

Examples of other requirements this task affects

21.2.g: Cyber hygiene practices and training
NIS2
2.1.3: Staff training
TISAX
9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu
Kyberturvallisuuslaki
14.5.8): Kibernetinės higienos praktiką ir mokymus
NIS2 Lithuania
30 § 3.7°: Les pratiques et la formation en matière d'hygiène cybernétique
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Reminding personnel about their cyber security responsibilities
1. Task description

The organization needs to remind employees of their roles and security responsibilities. The reminder reinforces staff security awareness, safe practices and compliance with guidelines and legal requirements related to their job role.

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.