27.3 Security Awareness and Training
a) IT must demonstrate commitment to security by providing directions and allocating sufficient resources, approving and supporting formal security awareness and training, and incorporating them into the normal practices.
b) All the Group employees must made aware of the importance of security and complete the security awareness training.
c) Security awareness and user education programs should be regularly conducted to promote the understanding on information security policies and procedures, and to be aware of their responsibilities.