The effectiveness of training programs is evaluated periodically, and improvements are made as appropriate
Context and Guidance: A process should exist to determine the effectiveness of training for meeting the training needs of staff involved in the cybersecurity program. These are examples of methods used to assess training effectiveness: • testing in the training context • post-training surveys of training participants • post-training surveys of training participants' managers about their satisfaction with the impact of the training on participants’ ability to perform their cybersecurity responsibilities • assessment mechanisms embedded in training materials Document suggested improvements to the training plan based on the evaluation of the effectiveness of training activities and implement improvements when feasible.