Information Security Training
CSU policy requires annual information security training for all employees that access Level 1 data. The CSU Learn System is centrally managed by the Chancellor’s Office and is the tool used to deliver the annual baseline security training for Data Security and FERPA (student record privacy).
To view PDF files, please download Adobe Reader.
All employees are required to take the annual training. In addition, users must provide a current copy of their Data Security and FERPA certificate of completion before access is granted to the following systems:
- CS, EAB
- VPN or SEC shares that access/store Level 1 data
Assignments and Registration
CSU Learn has the ability to automatically assign the training to new employees/users and track & assign annual renewal training courses using global assignments. SF State uses global assignments to the Data Security and FERPA curriculum. This course was migrated to a curriculum-based training as of May 1, 2020. That means that once the global assignment is triggered, a user must register for the learning activity before the course will launch. Using curriculum-based learning activities gives campuses more flexibility in grouping and tracking related training activities. To learn more about how to register, go to the How to Register for a CSU Learn Curriculum instructions on HR's Professional Development website.
Annual renewal training is set on a rolling basis where the schedule is based on the user’s past month of completion month. For example, if Scott completed his annual Data Security and FERPA training in July 2019, then the global assignment in CSU Learn will assign him the renewal training in June 2020. He will have 30 days to complete training once it is assigned. In addition, a new notification process has been enabled for 2020 and users will receive an email when they have completed the Data Security and FERPA course to keep for their records.
Managers and supervisors are responsible for monitoring mandatory training completion for their employees. The Information Security Office will escalate the names of employees who are non-compliant with the Data Security and FERPA training to appropriate management for corrective action.