Guidance Protect 9
Guidance Note:
Employees at virtually every organisational level have responsibility for some part of developing or applying security policies and procedures. Defined roles and responsibilities for cyber-security vigilance will clarify decision-making authority and responsibility at each level, along with expected behaviour in policy implementation.
------
When doing your regular employee reviews, simply make sure that they are following the latest awareness training and review it.