Most data breaches don't happen because of sophisticated attacks. They happen because someone clicked a link they shouldn't have, used a weak password, or didn't realise that what they were doing put the organisation at risk. This course exists to change that.

It's a short staff awareness course covering the core principles of information security — what it means to keep information confidential, accurate, and available — and what that looks like in everyday working life. It's aligned with ISO 27001:2022, the international standard for information security management, but it's written for people who just need to understand their responsibilities, not for those implementing the standard.

Who's it for?

Any member of staff who handles personal data, company information, or has access to organisational systems. It's designed to be rolled out across a whole organisation and assumes no prior knowledge of information security.

What you'll cover

The course introduces the three core pillars of information security — confidentiality, integrity, and availability — and explains what they mean in practice. It covers how to recognise common risks, how to handle data safely, email security basics, and what to do if you think something has gone wrong. The examples throughout are grounded in realistic workplace scenarios rather than abstract theory.

What will I get from this?

• Understand the core principles of information security and what they mean for your day-to-day role
• Recognise common risks — from phishing to poor password habits — and know how to respond
• A 20-minute all-staff awareness course aligned with ISO 27001:2022

Format

Short video modules, each followed by a knowledge check quiz, with a final assessment at the end. The course takes around 20 minutes to complete. A certificate of completion is provided on successful completion, which can support ISO 27001 compliance documentation and staff training records.