Identify baselines and key measures
Before we start any communications programme, we like to measure current levels of awareness and understanding of information security in your organisation. A benchmark. It will help give you the demonstrable evidence that change has taken place, once the programme comes to a close.
You may well have done this yourself, but we can fill any gaps if you have, or do it if for you if you haven’t.
We use simple, intuitive digital tools in a language that your employees will understand and enjoy.
We can then test again, using the same methodology, after we’ve run our programme.
We can also measure the behavioural impacts of the campaign on a topic by topic basis – again by testing before and after the campaign.
This might be by measuring clicks on fake phishing emails, or your employees’ average level of security on social media platforms, or the security of mobile devices at the end of the day.
Whatever you choose, they will be designed to prove impact and ROI of any work you do with us.
But what’s more, other people will tell you how good it is too - we fully expect to submit the work we do on any full scale awareness campaign for awards.
ISO 27001: 4.1: The organisation shall determine external and internal issues that are relevant to its purpose and that effect its ability to achieve the intended outcomes of the information security system.
