The competency matrix is a requirement of ISO 27001 certification. It is also best practice management that we understand the competency of employees for information security. It forms part of the information security management system. We also use it to track, plan and manage information security training.
What is a competency matrix?
Competency development requires us to identify the gaps in information security knowledge, experience and training.
We need to know that employees have the skills for information security.
It makes sense to understand if, and to what level, we can also skill our business technology. We record it in a competency matrix.
Competency Matrix Template
The competency matrix template is a simple and effective way to record and manage employee competency.
The competency matrix template is to record the skills and training level of staff against information security and business technology.
It allows you to demonstrate and evidence that you have the adequate skills to operate the Information Security Management System and to identify, track and manage any training or resourcing needs.
How to create and use a Competency Matrix Tutorial
In this tutorial video I show you how to create a competency matrix for skills in around 5 minutes.
A competency matrix shows the skills you have, the skills you need and the training requirements and is a part of of data security and many industry certifications including ISO 27001, PCI DSS, SOC and a host of others.
We cover how the it fits into the information security management system in the ISO 27001 Templates Documents Ultimate Guide.
The competency matrix doesn’t have to be hard and it really is easy to create a basic functioning competency matrix from scratch.
Competency Matrix FAQ
A trusted competency matrix template can be downloaded from High Table at this link: https://hightable.io/product/competency-matrix/
A competency matrix is a way to measure the skills and experience of staff against the business skill requirements.
A competency matrix is a way to measure the skills of employees against the requirements of the business. In HR they will use the matrix to align the training needs of staff for the business and allocate the training resources. They will use it to identify skills risks and skills gaps and then plan to reduce those risks.
It is easy to build a competency matrix. In a spreadsheet list your employees down the left hand side in a column. Across the top in a row list the skills that you are interested in measuring. For each employee then mark the level of skill that they have against each skill required. You can use the a simple key of Gap, Trained, Experienced. A tutorial video on how to do it can be found here on YouTube: https://youtu.be/sAn2ffkrBe4
Yes. It is the easiest, simplest way to understand what skills you need verses what skills you have.
Yes. Information security skills are wide and varied. Once you understand what skills you need it is important to understand what skills you have so you can address the gaps.