What’s the background?
The provision of Information Management and Security and GDPR Training is one of the key tools we have to develop the knowledge and understanding of all our staff and enhance the security of our University. Now, the completion of these online Moodle training courses will be automatically recorded via SuccessFactors.
A new Training Policy (IM02: Training Policy) forms part of a comprehensive Information Management Policy Framework, formally adopted by Council and Senate in early July this year.
You can access all the new polices on our Security and Information Management website.
The Training Policy has been framed to ensure everyone engages in appropriate training, to be compliant with the University’s obligations and regulatory guidelines. Regulatory compliance is a key focus – the ICO audit highlighted our training provision as ‘red’ - a category requiring urgent improvement.
In response to these regulatory requirements and the wider security of our University, much work has been done to enhance our staff Information Management and Security and GDPR Training.
The two existing training modules are now reinforced by seven additional modules. These additional modules are available to us through an existing service contract and, while the content is not perfect, it improves our overall provision. Some specialist training for those working with sensitive data or protected groups will also be added.
All nine modules are listed below and you can access all modules via this link.
Foundation Training modules:
- Information Security Essentials
- GDPR Training
Standard Training modules:
- Internet Security
- Password Safety
- Secure Remote Working
- Email Essentials
- Data Handling
- Confidentiality, Integrity and Availability
- Essential Phishing Awareness
We will keep this content under review to ensure we provide the most relevant and appropriate training to the wide range of staff across our University community.
In order to ensure our training is relevant and appropriate, the requirements will be applied according to the kind of work staff undertake:
- Foundation Training: the two ‘Information Security Essentials’ and ‘GDPR Training’ modules must be completed at induction and refreshed annually by all staff who work at the University.
- Standard Training: in addition to the Foundation Training modules, all staff who predominantly complete their University work on a computer and regularly handle electronic communications, must complete the 7 Standard Training modules listed above, at induction and refresh them annually thereafter. This applies to existing and new staff who join the University from 1 September 2020. There are no exceptions to this policy.
- Specialist Training: this will be rolled out in the next few months and includes specialised and additional training associated with particular roles: for staff handling particularly sensitive data or in high volumes; those working in research or with protected groups, such as minors. This will apply to all new and existing staff in these roles (policy effective from 1 September 2020) and is additional to the Standard Training.
- Refresher Training: the policy introduces mandatory refresher training for all staff to retake the appropriate training modules for their role on an annual basis, from 1 September 2020. This is part of our ongoing commitment to maintain the knowledge and understanding of all our staff and enhance the security of our institution. Any current staff who have not yet completed their training will need to do so by 31 December 2020.
Training compliance will be monitored on an ongoing basis and will focus on:
- Training completion rates
- Training effectiveness (the number of policy breaches per trained individual)
- Training engagement (participant feedback on training activity).
- Incidents of non-compliance (and the removal of access rights after repeated non-completion of training within approved timeframes).
Tracking compliance with current Foundation and Standard Training for salaried colleagues, STP and UoW temporary workers.
Completion of the Foundation (2) or Standard (7) online Moodle training courses is now automatically recorded via SuccessFactors.
From 1/10/20 Departmental Administrators will be able to run a ‘compliance training completion report’ for all salaried colleagues, STP and UoW temporary workers within their department (excluding Unitemps colleagues). This will show when Foundation or Standard Training has been completed, when annual refresher training is due or overdue. These reports will play a critical role in tracking compliance within individual departments and ensuring the University fulfils its obligations.
Reports will be accessed through the reporting centre in SuccessFactors.
For further information on tracking compliance with current Foundation and Standard Training for colleagues employed via Unitemps, limited company contractors or staff engaged through external agencies, please see details on our Training Records page.
- Heads of Department – are required to ensure all colleagues and staff are aware of and fulfil the training requirements outlined here.
- Departmental Administrators – are required to access the SuccessFactors reporting centre on a regular basis to be able to provide local updates on levels of compliance and remind colleagues of their obligations.
- Monthly completion reports tracking compliance levels across the institution will be produced centrally and reported to the University Management Information Committee.
- All employees, staff and temporary or contract workers – are required to ensure they are compliant with training and are operating in accordance with and understanding of the requirements of Information Management and Security and GDPR