The University maintains records of information security training and monitors them for compliance.


  • The Chief Information Security Officer (CISO), or designee, is responsible for ensuring that the measures described in this Control are implemented.


  • 1

    It is the responsibility of the CISO, or designee, to:

    • 1.1

      Document and monitor staff information security training activities, including;

      • 1.1.1

        Security Awareness Training; and

      • 1.1.2

        Role-based information resource security training as specified in Security Control AT-3.

    • 1.2

      Retain staff training records based on university document retention policies.