32Evidence Of The Competence Of The People Working In Information Security (Clause 7.2) The organization shall
• determine the necessary competence of persons) doing work under its control that affects its information
security performance • ensure thatthese persons are competent on the basis of appropriate education, training,
or experience • where applicable, take actions to acquire then e c es s a r y competence, and evaluate the effectiveness
of the actions taken and • retain appropriate documented information as evidence of competence.
Other ISMS-related Documents Deemed Necessary By The Organization (Clause b) The organization's information security management system shall include documented information determined by the organization as being necessary for the effectiveness of the information security management system.
