State Board | Policies and Procedures
SP 6-10u – Security Awareness Training
COLORADO COMMUNITY COLLEGE SYSTEM
SYSTEM PROCEDURE
Security Awareness Training
SP 6-10u
APPROVED: January 28, 2021
EFFECTIVE: January 28, 2021
REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy
APPROVED:
/ Joe Garcia /
Joseph A. Garcia
Chancellor
Basis
This procedure documents the requirements for the Cyber Security awareness training of the Colorado Community College System and its Colleges (“CCCS”). CCCS has instituted a Cyber Security awareness program with the intention of providing continuous Cyber Security awareness, in order to better enhance security best practices and continuous efforts to safeguard Information Systems and Assets.
Application
This procedure applies to employees, personnel affiliated via third party contracts, and volunteers that have access to Information Systems and Assets that are owned or leased by CCCS.
Procedure
The System Chancellor delegates to the System Vice Chancellor for Information Technology (“IT”) responsibility for oversight of compliance with and implementation of this procedure. Further, the System Chancellor delegates to the College Presidents the responsibility to implement and compliance with this procedure at their respective institution.
CCCS shall conduct an ongoing information Cyber Security awareness and training program for all employees and users to explain information security responsibilities and to provide training to accomplish its information security objectives.
- CCCS shall require that employees undergo Cyber Security training on at least an annual basis. Cyber Security training will also include testing of employee comprehension of Cyber Security.
- CCCS shall require that employees review and acknowledge CCCS’s Acceptable Use of Information Assets Procedure during training.
- CCCS shall require that employees whose job duties relate to application development undergo secure code training.
- CCCS shall require all other users (e.g., contractors and volunteers), to complete Cyber Security awareness training that is appropriate to their particular level of access to Information Systems and Assets.
Revising this Procedure
CCCS reserves the right to change any provision or requirement of this procedure at any time and the change shall become effective immediately.