MUSC Policy MUSC-xx: Information Security - Awareness and Training
Definitions:
- Refer to MUSC Policy MUSC-xx: Information Security, Appendix A.
Policy:
The managers and supervisors of each MUSC Entity's workforce members are responsible for ensuring that each workforce member has completed all current information security training requirements, and that the requirements met are appropriate for the workforce member's level of knowledge, experience, and responsibilities. Each workforce member's awareness and training program should consist of at least three types of activities:
- Initial workforce orientation
- More advanced, role-specific training and education
- On-going reinforcement
Each Entity's IACO is responsible for informing the Entity's managers and supervisors of current training requirements, training programs, and available documentation. Each MUSC Entity's training program should cover all MUSC information security policies, and any Entity-specific policies and procedures.
System Owners are responsible for ensuring that each authorized User of the System has access to appropriate System-specific training resources and materials.
Sanctions:
- Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.
See Also:
- MUSC Policy MUSC-xx: Information Security
References:
- HIPAA Security 164.308(a)(5)(i) Standard: Awareness and training
- HIPAA Security 164.308(a)(5)(ii)(A) Security reminders
- HIPAA Security 164.308(a)(5)(ii)(B) Protection from malicious software
- HIPAA Security 164.308(a)(5)(ii)(C) Log-in monitoring
- HIPAA Security 164.308(a)(5)(ii)(D) Password management
- GLBA Safeguards Rule: 314.4(b)(1)
$Id: awareness-training.html,v 1.4 2004/12/10 19:45:52 gadsden Exp $