Navigating ISO 27001

ISO 27001 Clause 7.3: Awareness

ISO 27001 made easy: A comprehensive guide to understanding the standard 

Get your free guide


Get your free guide

Information security is a shared responsibility. Everyone in an organisation has a role to play in protecting the organization's information assets. This is why ISO 27001, the international standard for information security management, requires organisations to raise awareness of information security among all staff.

ISO 27001 clause 7.3, titled "Awareness", sets out the requirements for raising information security awareness. This includes ensuring that all staff are aware of the importance of information security, the organisation's information security policy, and their own responsibilities in relation to information security.


ISO 27001 Clause 7.3 Awareness

Persons doing work under the organisation’s control shall be aware of:

  • the information security policy;

  • their contribution to the effectiveness of the information security management system, including

  • the benefits of improved information security performance; and

  • the implications of not conforming with the information security management system requirements.

Your ISO 27001 certification process made simple.

Get ISO 27001 certified in as little as 3 months.

Download your free guide now 
DG Seal ISO 27001

What is ISO 27001 Clause 7.3?

ISO 27001 clause 7.3 requires organizations to:

  • Raise awareness of the importance of information security among all employees.

  • Provide training to all staff on the organization's information security policies and procedures.

  • Ensure that staff understand their responsibilities in relation to information security.

It is crucial that through increasing awareness, you drive a risk-aware culture through changing mindsets as to how information security is considered in all aspects of day-to-day working.

Keep in mind that the individual in charge of overseeing the information security management system in an organization must have a clear understanding of various aspects:

  1. Have they thoroughly read and comprehended the organization's information security policy?

  2. Do they grasp the significance of consistently upholding and enhancing the ISMS?

  3. Are they aware of the consequences of neglecting the ISMS and failing to meet ISO 27001 requirements?

External Content: YouTube Video

In order to be able to play the desired video, you agree that a connection to the servers of YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA is established. This transmits personal data (device and browser information (in particular the IP address and operating system) to the operator of the portal for usage analysis.

You can find more information about the handling of your personal data in our privacy policy.

What is covered under ISO 27001 requirement 7.3?

ISO 27001 requirement 7.3 covers the following areas:

  • The importance of information security

  • The organisation's information security policy

  • The organisation's information security procedures

  • The staff's responsibilities in relation to information security

  • The risks to information security

  • The controls that are in place to mitigate these risks

Get ready for the ISO 27001:2022 audit with up to 75% less workload.

100% first-try pass rate in external audits on ISO 27001 

Book a demo
DG Seal ISO 27001

How to demonstrate awareness for ISO 27001 clause 7.3

Organisations can demonstrate an awareness for ISO 27001 clause 7.3 by taking a number of steps, such as:

  • Conducting awareness training for all employees.

  • Communicating the organisation's information security policy to all staff.

  • Posting information security posters and reminders around the workplace.

  • Including information security in staff induction and performance reviews.

  • Conducting regular awareness assessments to ensure that staff are aware of their responsibilities.

DataGuard helped us get ISO 27001 certified 50% faster.

Reece Couchman
CEO & founder at The SaaSy People

100% first-try pass rate in external audits on ISO 27001 

Book a demo


Raising awareness of information security is an essential part of any organisation's information security management system (ISMS).

By ensuring that all employees are aware of the importance of information security and their role in protecting the organisation's information assets, organizations can help prevent security incidents and protect their information assets.

Save Money with ISO 27001

up to 50%

Cheaper than external consultants


up to 300%

Increase your opt-in rate with Consent & Preference Management

Scale Fast with ISO 27001

3 months

Get audit-ready in as little as three months

ISO 27001 Certificate


First-try pass rate in external audits on ISO 27001 and TISAX®

ISO 27001 certification to reduce Workload

Saves up to 100 hours

of manual work to get ISO 27001 certified or TISAX® labels

ISO 27001 Certification creates trust

Customers trust us

Get in touch




External DPO
Audit and risk analysis
Data Subject Requests
Online training courses
Cookie & Preference manager
Business advice from experts



Prepare for ISO 27001
Build an ISMS
Cyber security
Asset management
Risk mitigation
Internal audit



Digital whistleblowing system
Whistleblowing support
Compliance audit
Risk mitigation
Online training courses

Trusted and used by companies

Canon-4 The Cheeky Panda Burger King Unicef UK-1 Free Now

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

All data provided is for information only, based on internal estimates. This information is not indicative of KPIs, and is not given with any warranties or guarantees, expressly stated or implied in relation to accuracy and reliability.