Purpose
The purpose of the NIACC Information Resources Personnel Security and Awareness Training Policy is to ensure that all employees with access to NIACC Information Resources are adequately vetted, qualified, and trained according to their role.
Audience
The NIACC Information Resources Personnel Security and Awareness Training Policy applies to all individuals responsible for hiring, onboarding, offboarding, and training of personnel given access to NIACC Information Resources.
Contents
General
Background Checks
Training and Awareness
Policy
General
- Information regarding security responsibilities must be communicated to employees as part of the on-boarding process.
- All new employees are made aware of the importance of confidentiality during new hire orientation. Employee Handbook policies related to confidentiality are outlined during the orientation.
- All new employees must complete the FERPA Confidentiality of Records training module.
- Upon termination of employment, personnel will be reminded of confidentiality requirements during their exit interview.
Background Checks
- Background checks are required prior to employing NIACC employees, regardless whether a competitive recruitment process is used, with the exception of anyone who is hired through an employment agency.
- Background checks may be required for employees who change positions or duties in the company, as determined by Human Resources or the hiring manager. If an existing employee changes positions within NIACC, another background check is required if it has been more than two years since the previous one.
- A credit report is required for all executive level positions as well as anyone who is hired for a position that handles financial information.
- Background checks may be required for employees at any time after the employment start date, at the discretion of Human Resources or Executive Management.
- Any employee convicted of a crime while employed at NIACC must report that information to the Human Resources Office within ten business days.
Training and Awareness
- All personnel must complete an approved Security Awareness training course annually.
Definitions
See IT Security: Definitions
References
- ISO 27002: 7, 13
- NIST CSF: PR.AT, PR.IP, DE.CM
- Information Security Policy
Enforcement
Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.
Version History
|
Version
|
Modified Date
|
Approved Date
|
Approved By
|
Reason/Comments
|
|
1.0.0
|
August 2020
|
|
FRSecure
|
Document Origination
|
|
1.0.1
|
October 2024
|
|
NIACC
|
|