Information Security Training
CSU policy requires annual information security training for all employees that access Level 1 data. The CSU SumTotal System is centrally managed by the Chancellor’s Office and is the tool used to deliver the annual baseline security training for Data Security and FERPA (student record privacy). Users may no longer use SkillPort to meet this requirement as of February 1, 2019.
All employees are required to take the annual training. In addition, users must provide a current copy of their Data Security and FERPA certificate of completion before access is granted to the following systems:
- VPN or SEC shares that access/store Level 1 data
SumTotal has the ability to automatically assign the training to new employees/users and track & assign annual renewal training courses using global assignments. As of July 15, 2019, SF State will use global assignments. Annual renewal training is set on a rolling basis based on the user’s past month of completion month. For example, if Scott completed his annual Data Security and FERPA training in July 2018, then the global assignment in SumTotal will assign him the renewal training in June 2019. He will have 30 days to complete training once it is assigned.
Training assignments can also be manually assigned by the employee’s supervisor/manager or self-assigned by users.
Managers and supervisors are responsible for monitoring mandatory training completion for their employees. The Information Security Office will escalate the names of employees who are non-compliant with the Data Security and FERPA training to management for corrective action.