Printed from CheckTick DSPT Compliance Documentation
Training Evaluation Report: 2025
Reviewer: [SIRO Name] (SIRO) | Date: [Insert Date]
1. Evaluation of Knowledge & Behaviour
We conducted a simulated 'Incident Response Walkthrough' on [Date].
- Scenario: Discovery of an unauthorized IP address attempting to access the production database.
- Outcome: Personnel correctly identified the 'Containment' steps in the IRP and verified the VPC isolation logs within 5 minutes.
- Result: Pass. Staff demonstrate appropriate knowledge of high-stakes security procedures.
2. Incident Linkage
- Total Incidents (Last 12 Months): [X]
- Incidents caused by Lack of Awareness: 0
- Analysis: Our 'MFA-by-default' training has successfully prevented any credential-based unauthorized access attempts.
3. Evidence of Information Usage
- Platform: GitHub Documentation Portal.
- Metric: All updates to the
Security OverviewandData Policyare reviewed and signed off by both partners via Pull Requests. - Finding: The version history of our
/compliancefolder demonstrates that policies are being actively refined and used as living documents rather than static files.
4. Findings & Actions
| Finding | Action Taken | Owner |
|---|---|---|
| Staff identified a need for more detail on 'Escrow Key' recovery. | Added a technical deep-dive to the internal Docs UI. | [DPO Name] |
| Current NHS L1 training is sufficient for general awareness. | Maintain annual schedule; no change needed. | [SIRO Name] |