14.7.1All employees must be given training related to Information Security and a copy of the Information Security Policy at the time of joining;
14.7.2Refresher training must be given annually at a minimum;
14.7.3Employees of the Information Security Department must be provided with specialized annual training to remain updated with recent trends, threats and required controls in information security; and
14.7.4The training plan, training registers, training materials, etc. must be held in the records for verification by the Central Bank.