The provision of Information Management and Security and GDPR Training is one of the key tools we have to develop the knowledge and understanding of all our staff and enhance the security of our University. Now, the completion of these online Moodle training courses will be automatically recorded via our HR system, SuccessFactors.
A new Training Policy (IM02: Training Policy) forms part of a comprehensive Information Management Policy Framework, formally adopted by Council and Senate in early July this year.
You can access all the new polices here on our Security and Information Management website.
The Training Policy has been framed to ensure everyone engages in appropriate training, to be compliant with the University’s obligations and regulatory guidelines.
What are we doing?
In response to these regulatory requirements and the wider security of our University, much work has been done to enhance our staff Information Management and Security and GDPR Training.
The two existing training modules are now reinforced by seven additional modules. These additional modules are available to us through an existing service contract and, while the content is not perfect, it improves our overall provision. Some specialist training for those working with sensitive data or protected groups will also be added. The full list of nine modules is now:
Foundation Training modules:
- Information Security Essentials
- GDPR Training
Standard Training modules:
- Internet Security
- Password Safety
- Secure Remote Working
- Email Essentials
- Data Handling
- Confidentiality, Integrity and Availability
- Essential Phishing Awareness
We will keep this content under review to ensure we provide the most relevant and appropriate training to the wide range of staff across our University community.
In order to ensure our training is relevant and appropriate, the requirements will be applied according to the kind of work staff undertake:
- Foundation Training: the two ‘Information Security Essentials’ and ‘GDPR Training’ modules (linked below) must be completed at induction and refreshed annually by all staff who work at the University.
- Standard Training: in addition to the Foundation Training modules, all staff who predominantly complete their University work on a computer and regularly handle electronic communications, must complete the 7 Standard Training modules listed above, at induction and refresh them annually thereafter. This applies to existing and new staff who join the University from 1 September 2020. There are no exceptions to this policy.
- Specialist Training: this will be rolled out in the next few months and includes specialised and additional training associated with particular roles: for staff handling particularly sensitive data or in high volumes; those working in research or with protected groups, such as minors. This will apply to all new and existing staff in these roles (policy effective from 1 September 2020) and is additional to the Standard Training.
- Refresher Training: the policy introduces mandatory refresher training for all staff to retake the appropriate training modules for their role on an annual basis, from 1 September 2020. This is part of our ongoing commitment to maintain the knowledge and understanding of all our staff and enhance the security of our institution. Any current staff who have not yet completed their training will need to do so by 31 December 2020.
Training compliance will be monitored on an ongoing basis and will focus on:
- Training completion rates
- Training effectiveness (the number of policy breaches per trained individual)
- Training engagement (participant feedback on training activity).
- Incidents of non-compliance (and the removal of access rights after repeated non-completion of training within approved timeframes).
1. General Data Protection Regulation (GDPR)
An essential GDPR e-learning module to help understand how to deal with (collect, hold and manage) Personal Data. This interactive course makes extensive use of scenarios to help you better understand GDPR and your role in the University’s compliance. GDPR Training Course
2. Information Security
Essential Information Security e-learning module to provide you with an overview of information security risks, relevant legislation and practical tips on how to protect the University's and your information. This interactive course makes extensive use of scenarios to help you better understand Information Security issues and your role in the University’s compliance.
Note: If you have no access to a computer face-to-face training is available as an alternative.
Data Protection Officerdpo@warwick.ac.uk
The University of Warwick
Coventry CV4 8UW