Skip to main content

Security training

Moodi Mahmoudi avatar
Written by Moodi Mahmoudi
Updated over 2 weeks ago

At a glance

NEXT AI provides mandatory security training for all new employees during onboarding and annual refresher training thereafter. Training is led by the CTO and delivered via NEXT AI’s compliance platform (Drata), and completion is monitored.

How it works

  • Audience: All employees (and relevant contractors before access).

  • Cadence: Onboarding + annual refreshers.

  • Delivery & ownership: Training is CTO-led and executed in Drata.

  • Monitoring: Training completion and compliance are tracked.

Program lifecycle

Design → Develop → Implement → Measure & Improve

  • Design: define objectives, risk-based topics, audiences, owners.

  • Develop: build/curate content, choose delivery (Drata), set cadence (onboarding + annual), add phishing drills if needed.

  • Implement: run sessions, assign modules, enforce completion before access.

  • Measure & Improve: track completion/quiz scores, review incidents/audit findings, update content and policies each cycle.

Topics covered

  • Social engineering & phishing — how to detect and report attacks.

  • Passwords — risks of weak/reused passwords and secure storage practices.

  • Physical security — protecting offices and equipment.

  • Data handling — applying data classification and handling rules.

  • Compliance basics — why policies matter and how they affect daily work.

Standards alignment

  • NIST SP 800-50r1 — guidance for building and operating an effective security awareness & training program (program design → develop → implement → improve).

  • ISO/IEC 27002:2022 control 6.3 — requires ongoing information-security awareness, education, and training for personnel.

FAQ

Q: Who is required to complete security training at NEXT AI?

All employees complete training at onboarding and annually; relevant contractors complete training before access is granted. Completion is tracked in Drata.

Q: What topics are included in training?

Phishing/social engineering, secure passwords, physical security, data handling based on classification, and compliance fundamentals.

Q: How often is training provided?

Onboarding for new joiners and annual refresher training thereafter.

Q: Who delivers the training and how is it tracked?

Training is CTO-led, delivered via Drata, and completion is monitored for compliance.

Q: Is your approach aligned with industry guidance?

Yes—our program structure aligns with NIST SP 800-50r1 and ISO/IEC 27002:2022 control 6.3 for awareness, education, and training.

Did this answer your question?