A call to action on SIM training now!
We need to improve our SIM training completion rates to demonstrate we have a fully-trained workforce.
We are issuing another ‘call to action’ to everyone to complete all nine training modules listed below by the end of November. This gives plenty of time to complete the process – a few hours to work through the list, or chip away, completing a couple of modules a week.
The provision of Information Management and Security and GDPR Training is one of the key tools we have to develop the awareness and knowledge of all our staff and enhance the security of our University.
A new Training Policy (IM02: Training Policy) is part of our comprehensive Information Management Policy Framework, designed to ensure everyone engages in appropriate training, to be compliant with the University’s obligations and regulatory guidelines and to understand the risks and requirements inherent in their role.
You can access all the new polices here: Security and Information Management Policies.
What are we doing?
In response to regulatory requirements to have a fully trained workforce and the wider security needs of our University, we have extended our staff Information Management and Security and GDPR Training.
The two existing 'Foundation' training modules are now reinforced by seven additional 'Standard' modules. These additional modules are available to us through an existing service contract and, while the content is not perfect, it improves our overall security and information management training provision. Some specialist training for those working with sensitive data or protected groups will also be added. The full list of nine modules is here and can be accessed directly from these links:
Foundation Training modules:
Standard Training modules:
- Internet Security
- Password Safety
- Secure Remote Working
- Email Essentials
- Data Handling
- Confidentiality, Integrity and Availability
- Essential Phishing Awareness
We will keep this content under review to ensure we provide the most relevant and appropriate training to the wide range of staff across our University community.
If you have any queries or experience any difficulties completing the training modules please get help:
To ensure our training is relevant and appropriate, training requirements are aligned to the kind of work you do:
- Foundation Training: the two ‘Information Security Essentials’ and ‘GDPR Training’ modules must be completed at induction and refreshed annually by all staff working at the University, without exception.
- Standard Training: in addition to the Foundation Training modules, all staff who predominantly complete their University work on a computer and handle electronic communications, must complete the 7 Standard Training modules listed above, at induction and refresh them annually thereafter. This applies to existing and new staff who join the University from 1 September 2020. There are no exceptions to this policy.
- Specialist Training: this will be added in coming months and includes specialised and additional training associated with particular roles: for staff handling particularly sensitive data or in high volumes; those working in research or with protected groups, such as minors. It will apply to all new and existing staff in these roles (effective from 1 September 2020) and is additional to the Standard Training.
- Refresher Training: the policy introduces mandatory refresher training for all staff to retake the appropriate training modules for their role on an annual basis, from 1 September 2020. This is part of our ongoing commitment to maintain the knowledge of all our staff and enhance the security of our institution.
Heads of Department – are required to ensure all colleagues and staff are aware of and fulfil the training requirements outlined here.
Departmental Administrators – are required to access the SuccessFactors reporting centre to be able to provide local updates on levels of compliance and remind colleagues of their obligations. Users are advised to run reports after the 5th of the month to ensure all training from the previous period has been captured accurately. Reports can be accessed through the reporting centre in SuccessFactors and a training guide explaining how to do this is available here, and any queries should be directed to askHR.
All employees, staff and temporary or contract workers – are required to ensure they are compliant with training and are operating in accordance with and understanding of the requirements of Information Management and Security and GDPR.
Training compliance will be monitored on an ongoing basis and will focus on:
- Training completion rates
- Training effectiveness (the number of policy breaches per trained individual)
- Training engagement (participant feedback on training activity).
- Incidents of non-compliance (and the removal of access rights after repeated non-completion of training within approved timeframes).
Security & Information Management is Everyone's Responsibility
Data Protection Officerdpo@warwick.ac.uk
The University of Warwick
Coventry CV4 8UW