POL-U3000.03 Training for End-User Information Security Awareness
Jump to section
Dates and Approval
Effective Date:
September 9, 2014
Approved by:
President Bruce Shepard
Who does this policy apply to?
This policy applies to all employees including permanent and temporary employees and student employees assigned a @wwu.edu account.
Overview
The University takes protecting all institutional data, its intellectual property, and any personal or confidential information extremely seriously. To help protect the University, training will be provided to all University employees (faculty and staff). The goal is to make individuals understand the risks in using technology and how to defend against threats to University data, both at work at home.
Definitions
University Employees
All active employee account holders that are issued an email address that ends with @wwu.edu
Policy Statements
1. Vice Provost for Information Technology/Chief Information Officer Ensure Information Security Awareness Training Implementation
The Vice Provost for Information Technology/Chief Information Officer (VPIT/CIO) will ensure appropriate and accessible Information Security Awareness Training program is implemented. The VPIT/CIO delegates the development and implementation of the program to the Information Security Officer (ISO). The Information Security Officer will oversee the scheduling,curriculum and facilitation for all training that will be available as a result of this policy.
2. Employees are Required to Participate in Annual Training
All employees are required to complete the Information Security Awareness Training Program on an annual basis.
3. Supervisors Shall Understand the Type of Data Their Employees Access
Supervisors must consider any changes to an employee’s position that may affect participation in the program as it applies to types of data handled by roles they supervise (example: new job responsibilities, new positions, and/or exposure to new types of personally identifiable data.)
4. The Information Security Officer Will Coordinate the Contents of the Training Program with Multiple Constituent Groups
The ISO will conduct annual reviews and surveys to aid in course development and evaluate the effectiveness of course content and delivery.
5. Supervisors Ensure Release Time to Complete the Training
To facilitate successful completion of the program supervisors will ensure University employees are granted reasonable periods of time to obtain the required training and that training time is made available.
6. University Employees are Responsible for Applying Knowledge
All University Employees are responsible for carrying out the duties of their position in compliance with the laws, rules, policies and principles as taught in the Information Security Awareness Training Program.