Data Protection (UK GDPR) & Information Security Refresher training
As you'll know, Data Protection (including UK GDPR) and Information Security training, awareness and compliance is a mandatory part of your employment at Warwick; it is University Policy (IM02) and specifically referenced in the ICO Action Plan. But we know that last year's training package was time-consuming to complete.
We listened to your feedback and established a project to create a single annual refresher training course you can complete in 30 minutes.
You can access this new refresher course on Moodle here:
From the launch date onwards, the refresher course will be available to everyone who has previously completed all the introductory security training courses relevant to their role - all 9 course are still required for all new staff who primarily complete their work using a computer.
More updates will be provided over subsequent weeks on the arrangements for different staff groups, including those who don't routinely use a computer, those with accessibility requirements or those who require face to face training.
The provision of Information Management and Security and GDPR Training is one of the key tools we have to develop the awareness and knowledge of all our staff and enhance the security of our University. It's also mandatory for all staff and anyone with a contractual relationship with the University.
Our Training Policy (IM02: Training Policy) is part of our comprehensive Information Management Policy Framework, designed to ensure everyone engages in appropriate training, to be compliant with the University’s obligations and regulatory guidelines and to understand the risks and requirements inherent in their role.
You can access all the relevant polices here: Security and Information Management Policies.
Why is this important?
In response to regulatory requirements to have a fully trained workforce and the wider security needs of our University, we extended our staff Information Management and Security and GDPR Training.
The two original 'Foundation' training modules were reinforced by seven additional 'Standard' modules. These additional modules are available to us through an existing service contract and, while the content is not perfect, they significantly improve the scope and depth of our security and information management training provision. Some specialist training for those working with sensitive data or protected groups will also be added.
The full list of nine modules is here and can be accessed directly from these links:
Foundation Training modules:
Standard Training modules:
- Internet Security
- Password Safety
- Secure Remote Working
- Email Essentials
- Data Handling
- Confidentiality, Integrity and Availability
- Essential Phishing Awareness
We will keep this content under review to ensure we provide the most relevant and appropriate training to the wide range of staff across our University community.
If you have any queries or experience any difficulties completing the training modules please get help:
To ensure our training is relevant and appropriate, training requirements are aligned to the kind of work you do:
- Foundation Training: the two ‘Information Security Essentials’ and ‘GDPR Training’ modules must be completed at induction and refreshed annually by all staff working at the University, without exception.
- Standard Training: in addition to the Foundation Training modules, all staff who predominantly complete their University work on a computer and handle electronic communications, must complete the 7 Standard Training modules listed above, at induction and refresh them annually thereafter. This applies to existing and new staff who join the University from 1 September 2020. There are no exceptions to this policy.
- Specialist Training: this will be added in coming months and includes specialised and additional training associated with particular roles: for staff handling particularly sensitive data or in high volumes; those working in research or with protected groups, such as minors. It will apply to all new and existing staff in these roles (effective from 1 September 2020) and is additional to the Standard Training.
- Refresher Training: the policy introduces mandatory refresher training for all staff to retake the appropriate training modules for their role on an annual basis, from 1 September 2020. This is part of our ongoing commitment to maintain the knowledge of all our staff and enhance the security of our institution.
Heads of Department – are required to ensure all colleagues and staff are aware of and fulfil the training requirements outlined here.
Departmental Administrators – are required to access the SuccessFactors reporting centre to be able to provide local updates on levels of compliance and remind colleagues of their obligations. Users are advised to run reports after the 5th of the month to ensure all training from the previous period has been captured accurately. Reports can be accessed through the reporting centre in SuccessFactors and a training guide explaining how to do this is available here, and any queries should be directed to askHR.
All employees, staff and temporary or contract workers – are required to ensure they are compliant with training and are operating in accordance with and understanding of the requirements of Information Management and Security and GDPR.
Training compliance will be monitored on an ongoing basis and will focus on:
- Training completion rates
- Training effectiveness (the number of policy breaches per trained individual)
- Training engagement (participant feedback on training activity).
- Incidents of non-compliance (and the removal of access rights after repeated non-completion of training within approved timeframes).
Security & Information Management is Everyone's Responsibility
Data Protection Officerdpo@warwick.ac.uk
The University of Warwick
Coventry CV4 8UW