HomeTrainingRegulation No. 397
Regulation No. 397 · cyber hygiene

Regulation No. 397 requirements for employee cybersecurity training

For Latvian companies subject to the National Cybersecurity Law, employee training is not only good practice. Regulation No. 397 sections 76-80 require instruction, current materials, records, and knowledge assessment.

Section 76: initial and annual instruction

Initial cybersecurity instruction must be organised no later than one month after a user account is registered. Refresher instruction must be carried out at least once per calendar year.

Sections 78-79: current content

Content should be reviewed at least once per year or when circumstances change, for example when new cyber threats appear. Materials must be available to employees.

Section 80: records and knowledge assessment

The company must keep records of instruction and assess employee knowledge and training effectiveness. That is why the core Vairogs product is the manager report.

Clear boundary

Vairogs Skola is not a state certification service and does not replace occupational safety instruction. It is a practical cybersecurity instruction and knowledge-assessment record system.