Why this instruction is required
NKDL, Regulation No. 397, and practical proof for management.
The employee understands that cybersecurity is part of their work responsibility, not a private IT department topic.
Threat
After an incident, companies lose time and evidence if they cannot show what employees learned and when.
What to know
- Regulation No. 397 requires initial instruction within one month after a user account is granted and refresher instruction at least once per calendar year.
- The company must keep materials current, keep training records, and assess knowledge.
- A Vairogs report is evidence of record keeping and knowledge assessment, not a state certificate.
- This is a cybersecurity course. It does not replace occupational safety instruction under Regulation No. 749.
Actions
- Complete the course and test through your private work-email link.
- After training, keep the reporting channel and responsible manager contact available.
- If the responsibility is unclear, ask who is responsible for cybersecurity management in the company.
Manager note
The key management evidence is a clear record: invited, opened, completed, score, and date.