According to the ISO/IEC 27001:2022 standard, a performance indicator is “a metric that provides information about the effectiveness or efficiency of an activity, process, system or organization” (section 3.35). A performance indicator should be measurable, relevant, achievable, realistic and time-bound (SMART). In this case, the percentage of employees who passed the exam is a performance indicator that measures the effectiveness of the information security awareness and training sessions. It shows how well the sessions achieved their intended learning outcomes and how well the employees understood the information security concepts and practices.
[:, ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection — Information security management systems — Requirements1, ISO/IEC 27001 Lead Implementer Info Kit, Key performance indicators for an ISO 27001 ISMS2, ]
Submit