SEHD Wiki

A source for policies, procedures, handbooks and other resources from the School of Education and Human Development

User Tools

Site Tools

You are here: Welcome to the SEHD Wiki! » SEHD Policies and Procedures » Data Privacy Policies » Privacy and Security Training
policy:data_privacy:security_training

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
policy:data_privacy:security_training [2019/05/20 21:52] tonyromeropolicy:data_privacy:security_training [2019/06/12 19:31] (current) tonyromero
Line 3: Line 3:
 ==== University of Colorado IT Security Program Policy ==== ==== University of Colorado IT Security Program Policy ====
  
-All data and information resources of the SEHD are subject to University of Colorado's IT Secuirty Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. Within the policy it describes employee training:+All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. Within the policy it describes employee training:
  
-  -+  - Supervisors shall ensure that employees are adequately trained to fulfill their IT security responsibilities. Employees with elevated computing privileges (e.g., server support technicians, user account managers, or webpage administrators) may require additional, specialized training for carrying out their IT security responsibilities effectively. 
 +  - All University employees including associates and other individuals, who require the use of University IT resources to perform their duties, shall receive initial training and periodic refresher training relevant to their IT security responsibilities. 
 +  - Supervisors shall coordinate their local IT security training initiatives with the campus Information Security Office
  
-<font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>Supervisors</font><font inherit/inherit;;inherit;;inherit>shall ensure that</font><font inherit/inherit;;inherit;;inherit>employ</font><font inherit/inherit;;inherit;;inherit>ees</font><font inherit/inherit;;inherit;;inherit>are adequately trained to fulfill their</font><font inherit/inherit;;inherit;;inherit>IT security</font><font inherit/inherit;;inherit;;inherit>responsibilities.</font><font inherit/inherit;;inherit;;inherit>Employees</font><font inherit/inherit;;inherit;;inherit>with elevated computing privileges (e.g., server support technicians, user account managers, or web</font><font inherit/inherit;;inherit;;inherit>page administrators) may require additional, specialized training for ca</font><font inherit/inherit;;inherit;;inherit>rrying out their</font><font inherit/inherit;;inherit;;inherit>IT security</font><font inherit/inherit;;inherit;;inherit>responsibilities effectively.</font>+Required information security Skillsoft Training (required in first three months of employment): [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_u00063_0001|Click here. ]]
  
-  -+==== University of Colorado Denver HIPPA Policy ====
  
-<font 14px/Arial,Helvetica,sans-serif;inherit;;inherit>> Supervisors</font> shall ensure thatemployeesare adequately trained to fulfill theirIT securityresponsibilities.Employeeswith elevated computing privileges (e.g., server support technicians, user account managers, or webpage administrators) may require additional, specialized training for carrying out theirIT securityresponsibilities effectively.</li>/Arial,Helvetica,sans-serif;;inherit;;inherit>All University </font>employees including associates and other individuals, who require the use of University IT resources to perform their duties, shall receive initial training and periodic refresher training relevant to their IT security responsibilities.+As applicablethe most secure SEHD data are subject to the UCD [[http://www.ucdenver.edu/research/Research Administration Documents/7.2 Training.pdf|HIPPA Training Policy]]. As stated on the [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/training.aspx|UCDenver HIPPA Website]]:
  
-  - <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>Supervisors</font> shall coordinate their local IT security training initiatives with the campus Information Security Office+<font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>All members of the UCD community with access to individually identifiable health information need to be "hip to HIPAA" - the federal law that requires us to protect patient confidentiality. This includes research subjects.</font><font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>Mandatory for most of the UCD workforce. As a faculty member, any other type of employee, student, trainee, or volunteer of the UCD (or a faculty member who bills through UPI), **//you must complete// HIPAA training //within 30 days of your hire date//** for new employees.</font>
  
-==== University of Colorado Denver Security Management HIPPA Policy ====+Required HIPAA Skillsoft training link: [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_a00020_0001|Click here.]]
  
-As applicable, the most secure SEHD data are subject to the UCD Security Management HIPPA policy. As stated on the [[http://www.ucdenver.edu/research/ORC/HIPAA/Pages/training.aspx|UCDenver HIPPA Website]]:+==== Required Trainings for CU-SIS Access ====
  
-> <font 14px/Arial,Helvetica,sans-serif;;inherit;;inherit>Mandatory for most of the UCD workforceAs a faculty memberany other type of employeestudenttraineeor volunteer of the UCD (or a faculty member who bills through UPI), **//you must complete// HIPAA training //within 30 days of your hire date//** for new employees.</font>+To gain access to CU-SIS you must complete two courses. 
 + 
 +  - [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_u00049_0001|CU: Family Education Rights and Privacy Act (FERPA).]] This 45-minute course covers how federal law protects student education records. 
 +  - [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_a00140_0001|CU: Introduction to CU-SIS Campus Solutions. ]]This 45-minute course covers the basic functionality and conceptssuch as loginnavigationmenu items and shortcutsshared by all CU-SIS Campus Solutions modules for all CU campuses. 
 + 
 +==== Required Trainings for SEHD's Secure Data Warehouse ==== 
 + 
 +To gain access to SEHD's Secure Data Warehouse you must have completed the following courses within the past year. 
 + 
 +  - [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_u00049_0001|CU: Family Education Rights and Privacy Act (FERPA).]] This 45-minute course covers how federal law protects student education records. 
 +  - [[https://universityofcolorado.skillport.com/skillportfe/custom/login/saml/login.action?courseaction=summary&assetid=_scorm12_cu_a00020_0001|HIPAA Regulations: the General HIPAA Course]]. This 30-minute course covers the privacy and security segments of the Health Insurance Portability and Accountability Act (HIPPA) 
 + 
 +Then on an annual basis you must complete the following course.
  
  
policy/data_privacy/security_training.1558389159.txt.gz · Last modified: 2019/05/20 21:52 by tonyromero