HomeTrainingWhy this instruction is required
Module 1 · 6 min

Why this instruction is required

NKDL, Regulation No. 397, and practical proof for management.

The employee understands that cybersecurity is part of their work responsibility, not a private IT department topic.

Threat

After an incident, companies lose time and evidence if they cannot show what employees learned and when.

What to know

  • Regulation No. 397 requires initial instruction within one month after a user account is granted and refresher instruction at least once per calendar year.
  • The company must keep materials current, keep training records, and assess knowledge.
  • A Vairogs report is evidence of record keeping and knowledge assessment, not a state certificate.
  • This is a cybersecurity course. It does not replace occupational safety instruction under Regulation No. 749.

Actions

  • Complete the course and test through your private work-email link.
  • After training, keep the reporting channel and responsible manager contact available.
  • If the responsibility is unclear, ask who is responsible for cybersecurity management in the company.

Manager note

The key management evidence is a clear record: invited, opened, completed, score, and date.

Sources