Skip to main content

AT-4 Security Training Records

Description

The University maintains records of information security training and monitors them for compliance.

Applicability

The Chief Information Security Officer (CISO), or designee, is responsible for ensuring that the measures described in this Control are implemented.

Implementation

1 - It is the responsibility of the CISO, or designee, to:
- 1.1 - Document and monitor staff information security training activities, including;
  - 1.1.1 - Security Awareness Training; and
  - 1.1.2 - Role-based information resource security training as specified in Security Control AT-3.
- 1.2 - Retain staff training records based on university document retention policies.

Description
Applicability
Implementation