POL-U3000.03 Training for End-User Information Security Awareness

Dates and Approval

Effective Date:

September 9, 2014

Approved by:

President Bruce Shepard

Who does this policy apply to?

This policy applies to all employees including permanent and temporary employees and student employees assigned a @wwu.edu account.

Overview

The University takes protecting all institutional data, its intellectual property, and any personal or confidential information extremely seriously. To help protect the University, training will be provided to all University employees (faculty and staff). The goal is to make individuals understand the risks in using technology and how to defend against threats to University data, both at work at home.

Definitions

University Employees

All active employee account holders that are issued an email address that ends with @wwu.edu

Policy Statements

1. Vice Provost for Information Technology/Chief Information Officer Ensure Information Security Awareness Training Implementation

The Vice Provost for Information Technology/Chief Information Officer (VPIT/CIO) will ensure appropriate and accessible Information Security Awareness Training program is implemented. The VPIT/CIO delegates the development and implementation of the program to the Information Security Officer (ISO). The Information Security Officer will oversee the scheduling,curriculum and facilitation for all training that will be available as a result of this policy.

2. Employees are Required to Participate in Annual Training

All employees are required to complete the Information Security Awareness Training Program on an annual basis.

3. Supervisors Shall Understand the Type of Data Their Employees Access

Supervisors must consider any changes to an employee’s position that may affect participation in the program as it applies to types of data handled by roles they supervise (example: new job responsibilities, new positions, and/or exposure to new types of personally identifiable data.)

4. The Information Security Officer Will Coordinate the Contents of the Training Program with Multiple Constituent Groups

The ISO will conduct annual reviews and surveys to aid in course development and evaluate the effectiveness of course content and delivery.

5. Supervisors Ensure Release Time to Complete the Training

To facilitate successful completion of the program supervisors will ensure University employees are granted reasonable periods of time to obtain the required training and that training time is made available.

6. University Employees are Responsible for Applying Knowledge

All University Employees are responsible for carrying out the duties of their position in compliance with the laws, rules, policies and principles as taught in the Information Security Awareness Training Program.

Policy Contact

Information Technology

More Information Technology policies

Policy Information