The training register documents who completed which training, when — and when the next refresher is due. Without this register, you cannot demonstrate in an audit that your team holds the competencies your ISMS assumes.
ISO 27001 requires in A.6.3 (Awareness, Education and Training) that all personnel receive appropriate training and that completions are recorded. NIS2 demands in Art. 21(2)(g) “basic cyber hygiene practices and cybersecurity training”. The register is where you prove both.
What does it contain?
The CSV template maps one row per training attendance. The columns:
- Person / Role — who attended and in which ISMS role
- Training / Type — name of the training and whether it was internal or external
- Due Date / Completion Date / Status — planned date, actual completion, current state
- Evidence — reference to certificate, attendance confirmation or LMS entry
- Next Refresh — when the next refresher is due
How to use it
Initial population: Enter all personnel in ISMS-relevant roles and document training already completed. Mark missing evidence as “Overdue” — this gives you an immediate action list.
Ongoing maintenance: After every training event, update Completion Date, Evidence and Next Refresh. Once a quarter, check whether refreshers are coming due and schedule them in time.
Audit preparation: Auditors typically select three to five roles and verify documented training evidence. A complete register with linked proof answers these questions in seconds.
| Person | Rolle | Schulung | Art | Fällig am | Abgeschlossen am | Status | Nachweis | Nächste Auffrischung |
|---|---|---|---|---|---|---|---|---|
| Anna Weber | Informationssicherheitsbeauftragte | ISO 27001 Lead Implementer | Externe Zertifizierung | 2026-06-30 | 2025-11-12 | Abgeschlossen | Zertifikat #LI-27001-44821 | 2028-11-12 |
| Anna Weber | Informationssicherheitsbeauftragte | Incident-Response-Tabletop | Interne Übung | 2026-05-15 | 2026-03-20 | Abgeschlossen | Übungsbericht 2026-Q1 | 2027-03-20 |
| Markus Schulz | IT-Betriebsleitung | CIS Linux Benchmark Workshop | Externe Schulung | 2026-07-31 | Geplant | |||
| Markus Schulz | IT-Betriebsleitung | Backup-Restore-Übung | Interne Übung | 2026-04-30 | 2026-04-02 | Abgeschlossen | Übungsbericht BCM-2026-01 | 2027-04-02 |
| Sophie Lang | Entwicklerin | OWASP Top 10 Workshop | Interne Schulung | 2026-03-31 | 2026-03-28 | Abgeschlossen | Teilnahmeliste 2026-03-28 | 2027-03-28 |
| Sophie Lang | Entwicklerin | SAST-Tool-Onboarding | Interne Schulung | 2026-05-31 | In Bearbeitung | |||
| Julia Hoffmann | Datenschutzbeauftragte | CIPP/E Auffrischung | Externe Schulung | 2026-09-30 | Geplant | |||
| Julia Hoffmann | Datenschutzbeauftragte | DSFA-Workshop | Externe Schulung | 2026-06-30 | 2026-02-14 | Abgeschlossen | Zertifikat DSFA-2026-112 | 2028-02-14 |
| Thomas Krüger | HR-Leitung | Background-Screening-Auffrischung | Interne Schulung | 2026-08-31 | Geplant | |||
| Elena Fischer | Finanzleitung | CEO-Fraud / BEC Workshop | Externe Schulung | 2026-05-31 | 2026-04-03 | Abgeschlossen | Workshop-Bestätigung BEC-26 | 2027-04-03 |
| Alle Mitarbeitende (42) | Alle Mitarbeitende | Security Awareness 2026 | E-Learning | 2026-06-30 | In Bearbeitung (28/42 abgeschlossen) | LMS-Bericht 2026-04-13 | 2027-06-30 | |
| Alle Mitarbeitende (42) | Alle Mitarbeitende | Phishing-Simulation Q1 | Simulation | 2026-03-31 | 2026-03-25 | Abgeschlossen | LMS-Bericht PS-2026-Q1 | 2026-09-30 |
| Alle Mitarbeitende (42) | Alle Mitarbeitende | Akzeptable-Nutzung-Bestätigung | E-Learning | 2026-04-30 | In Bearbeitung (35/42) | LMS-Bericht 2026-04-13 | 2027-04-30 | |
| Neueinstellungen (4) | Alle Mitarbeitende | Onboarding-Sicherheitseinführung | Präsenz | Innerhalb 2 Wochen nach Eintritt | 3 von 4 abgeschlossen | HR-Onboarding-Liste |
| Person | Role | Training | Type | Due Date | Completion Date | Status | Evidence | Next Refresh |
|---|---|---|---|---|---|---|---|---|
| Anna Weber | Information Security Officer | ISO 27001 Lead Implementer | External certification | 2026-06-30 | 2025-11-12 | Completed | Cert #LI-27001-44821 | 2028-11-12 |
| Anna Weber | Information Security Officer | Incident response tabletop | Internal drill | 2026-05-15 | 2026-03-20 | Completed | Drill report 2026-Q1 | 2027-03-20 |
| Markus Schulz | IT Operations Lead | CIS Linux Benchmark workshop | External training | 2026-07-31 | Planned | |||
| Markus Schulz | IT Operations Lead | Backup restore drill | Internal drill | 2026-04-30 | 2026-04-02 | Completed | Drill report BCM-2026-01 | 2027-04-02 |
| Sophie Lang | Developer | OWASP Top 10 workshop | Internal training | 2026-03-31 | 2026-03-28 | Completed | Attendance sheet 2026-03-28 | 2027-03-28 |
| Sophie Lang | Developer | SAST tool onboarding | Internal training | 2026-05-31 | In progress | |||
| Julia Hoffmann | Data Protection Officer | CIPP/E refresher | External training | 2026-09-30 | Planned | |||
| Julia Hoffmann | Data Protection Officer | DPIA workshop | External training | 2026-06-30 | 2026-02-14 | Completed | Cert DPIA-2026-112 | 2028-02-14 |
| Thomas Krüger | HR Lead | Background screening refresher | Internal training | 2026-08-31 | Planned | |||
| Elena Fischer | Finance Lead | CEO fraud / BEC workshop | External training | 2026-05-31 | 2026-04-03 | Completed | Workshop confirmation BEC-26 | 2027-04-03 |
| All Employees (42) | All Employees | Security Awareness 2026 | E-learning | 2026-06-30 | In progress (28/42 completed) | LMS report 2026-04-13 | 2027-06-30 | |
| All Employees (42) | All Employees | Phishing simulation Q1 | Simulation | 2026-03-31 | 2026-03-25 | Completed | LMS report PS-2026-Q1 | 2026-09-30 |
| All Employees (42) | All Employees | Acceptable Use Policy acknowledgement | E-learning | 2026-04-30 | In progress (35/42) | LMS report 2026-04-13 | 2027-04-30 | |
| New Hires (4) | All Employees | Onboarding security induction | Classroom | Within 2 weeks of start | 3 of 4 completed | HR onboarding sheet |
Sources
- ISO/IEC 27001:2022 A.6.3 — Awareness, Education and Training
- NIS2 Directive (EU 2022/2555) Art. 21(2)(g) — Training and cyber hygiene