Policy Manual

 
  6.MEP.5  

Electronic Security Awareness      

Type: Procedure                 Category: Information Technology                 Level: Community Care 

Parties: Community Care employees and contractees

Printer Friendly Version: http://apps.comcareme.org/policymanual/default.aspx?code=6.MEP.5&nonav=yes

Supporting References: 

Parent Effective Date Approval Level Revision Dates Last Reviewed
6.ME.5  1-1-2004  Executive Director    N/A
Related Document Code Related Document Name Type

Procedure:  .

1)       Initial Information

a)       Users receiving a network account for the first time will receive training on the following:

i)         Malicious software (malware) and viruses.

ii)       Password usage, protection, and changing.

iii)      Security incidents: what constitutes a security incident and how to report it.

iv)     Workstation security.

v)       Media security.

vi)     Disciplinary action that may be taken against a network user for breaches of security.

b)       The IT department will perform formal training for all those receiving an account for the first time. The Administrative Services Manager must approve any variance from this requirement. Training may be provided in the form of documentation or a formal training presentation. If documentation is used steps will be taken by the supervisor to ensure the documentation has been read and is understood.

c)       In lieu of formal IT training, the supervisor is responsible either providing this training or ensuring that another qualified person provides this training.

d)       The supervisor will document the training in the employee's training record or in a supervision note or other similar documentation.

2)       Periodic Reminders

a)       The Administrative Services Manager is responsible for creating security reminders and ensuring security reminders are sent out to users on no less than a quarterly basis.

b)       Reminders may occur separately but each security topic defined will be covered at least once per three months.

c)       Steps will be taken by the IT department to ensure that the security reminders are read and understood (e.g., voting buttons).

d)       Documentation of reminder content and date of dissemination will be maintained by the IT department.

3)       Training

a)       Users will receive formal electronic security awareness training on the required subjects at least once per 12-month period.

b)       The supervisor is responsible either providing this training or ensuring that another qualified person provides this training.

c)       The supervisor will document the training in the employee's training record or in a supervision note or other similar documentation.