====== Privacy and Security Training ======
==== University of Colorado IT Security Program Policy ====
All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. Within the policy it describes employee training:
- Supervisors shall ensure that employees are adequately trained to fulfill their IT security responsibilities. Employees with elevated computing privileges (e.g., server support technicians, user account managers, or webpage administrators) may require additional, specialized training for carrying out their IT security responsibilities effectively.
- All University employees including associates and other individuals, who require the use of University IT resources to perform their duties, shall receive initial training and periodic refresher training relevant to their IT security responsibilities.
- Supervisors shall coordinate their local IT security training initiatives with the campus Information Security Office
Required information security Skillsoft Training (required in first three months of employment): [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_u00063_0001|Click here. ]]
==== University of Colorado Denver HIPPA Policy ====
As applicable, the most secure SEHD data are subject to the UCD [[http://www.ucdenver.edu/research/Research Administration Documents/7.2 Training.pdf|HIPPA Training Policy]]. As stated on the [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/training.aspx|UCDenver HIPPA Website]]:
> All members of the UCD community with access to individually identifiable health information need to be "hip to HIPAA" - the federal law that requires us to protect patient confidentiality. This includes research subjects.Mandatory for most of the UCD workforce. As a faculty member, any other type of employee, student, trainee, or volunteer of the UCD (or a faculty member who bills through UPI), **//you must complete// HIPAA training //within 30 days of your hire date//** for new employees.
Required HIPAA Skillsoft training link: [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_a00020_0001|Click here.]]
==== Required Trainings for CU-SIS Access ====
To gain access to CU-SIS you must complete two courses.
- [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_u00049_0001|CU: Family Education Rights and Privacy Act (FERPA).]] This 45-minute course covers how federal law protects student education records.
- [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_a00140_0001|CU: Introduction to CU-SIS Campus Solutions. ]]This 45-minute course covers the basic functionality and concepts, such as login, navigation, menu items and shortcuts, shared by all CU-SIS Campus Solutions modules for all CU campuses.
==== Required Trainings for SEHD's Secure Data Warehouse ====
To gain access to SEHD's Secure Data Warehouse you must have completed the following courses within the past year.
- [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_u00049_0001|CU: Family Education Rights and Privacy Act (FERPA).]] This 45-minute course covers how federal law protects student education records.
- [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_a00020_0001|HIPAA Regulations: the General HIPAA Course]]. This 30-minute course covers the privacy and security segments of the Health Insurance Portability and Accountability Act (HIPPA)
Then on an annual basis you must complete the following course.