


The competence of a person to fulfil their roles and responsibility is important when it comes to the implementation of ISMS. To ensure the successful implementation of the ISMS this clause requires the organisation to determine the competence of personnel working for the organisation on ISMS that can affect its performance. Their competence will be based on their education, training, or experience. If they are not seen as competent after these steps then solutions such as changing their roles and responsibilities can be considered.
The organisation if required takes appropriate actions to ensure the competence of the personnel by conducting training, and then evaluating the difference in their performance. Training workshops can be very helpful in bridging the gap in their competency or in gaining a new skill. The organisation also needs to retain documented information as evidence of competence.