Definition of training programs:
The organization commits to design, implement, and update training and awareness programs aimed at all employees, contractors, and relevant third parties, in the field of personal data protection and information security.
Periodic execution:
Training programs will be developed periodically, ensuring their updates in response to regulatory, technological, and organizational changes.
Documentary evidence:
The execution of training activities must be recorded through attendance lists, evaluations, materials used, and other supports that allow demonstrating its compliance.
Management of personal data incidents:
Training must include specific content on the identification, reporting, and management of security incidents related to personal data.