Policy Title: Security Awareness Training Policy
Policy Number: 7.5
_____________________________________________________________________________________
Purpose:
This Security Awareness Training Policy (this Policy) ensures all Personnel and Contractors with access to Institutional Resources are provided with education and training opportunities to gain an understanding of the importance of securing the Institutional Data.
Definitions:
Capitalized terms not defined in this Policy have the meaning set forth in the Board Policy 7.0 Information Security.
- Security Awareness Training is a formal process for educating employees about the Internet and computer security. A good security awareness program should educate employees about institutional policies and procedures for working with information technology (IT).
Scope:
This Policy applies to all College Personnel and Contractors. Exceptions are Personnel and Contractors who do not have access to computers and/or personally identifiable information (PII). Any other exceptions must be approved by the Chief Information Officer.
Policy:
The College will implement and maintain a Security Awareness Training program that is designed to educate Personnel and Contractors on their obligations with respect to the security of their accounts, Institutional Resources, and other information assets that could impact the College. The College requires Personnel and Contractors to appropriately protect College-owned and personal computers that store, access, or use Institutional Resources. The College also requires specific training based on the classification level of data, as set forth in Administrative Regulation 7.0.1 Information Classification, the Personnel or Contractor has access to and the role the Personnel or Contractor fills.
Personnel are required to attend Security Awareness Training within the first sixty (60) days of employment or the new hire will be deemed non-compliant with this Policy. Personnel and Contractors with access to PII are required to complete Security Awareness Training on a yearly basis. All part-time, temporary employees, and Contractors with access to PII must undergo Security Awareness Training before accessing any Institutional Resources
The Security Awareness Training program will be reviewed annually and updated, as applicable, based on changes to the information security environment.
Enforcement:
Personnel and Contractors that do not comply with this Policy will have network access rights suspended until they comply.
References: Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. §§ 6801-6809, §§ 6821-6827
Revision History:
Original Adoption Date: 11/09/21
Revision Date(s): 12/12/23
Date Reviewed, no change: