Information Security

 

Training and Awareness

Well-educated staff who understand the key information security risks the University faces play an important role in keeping our data safe. That's why information security awareness training is compulsory for all University staff. And it is your responsibility as a Head of Division, Head of Department or Faculty Board Chair to make it happen.

It is University Policy that:

  • all staff must complete information security awareness training

In order to ensure a high level of information security awareness among your staff, you need to:

  1. arrange compulsory information security awareness training for staff within your division, department or faculty to ensure they fully understand information security and come to view it as an integral part of their day-to-day work
  2. include information security awareness training in your divisional, departmental or faculty processes for new joiners
  3. keep an up-to-date record of who has completed information security awareness training
  4. repeat information security awareness training for staff on an annual basis

Online training

To support you in educating staff in your division, department or faculty, the University offers an online information security awareness module which provides a combination of information, case studies and links to additional resources relating to information security.

This module is available to all University staff, and is already mandatory for staff within UAS. Ensuring that your staff have completed this will satisfy the security awareness training requirements of the Information Security Policy. The Information Security Team can provide you with monthly reports on the completion of the module within your division, department or faculty.

Other training

If you choose to deliver your own information security awareness training or engage a third party to do so on your behalf, this must be equivalent in content to that of the University's online module. If this applies to your division, department or faculty, please discuss this with the Information Security Team.

Where external requirements mandate specific training (such as NHS Information Governance training within Medical Sciences, for example), this should be sufficient to satisfy the University's requirements. Again, if this applies to your division, department or faculty, please discuss this with the Information Security Team.