University of Arkansas at Little Rock
Policy Name: IT Security Awareness and Competencies
Policy Number: 208.8
Effective Date: August 2, 2021
Revised Dates: January 14, 2022
Most Recent Review Date: January 14, 2022
UA Little Rock recognizes the importance of information technology as part of the university’s processes. Human behavior, in addition to technical means, is a critical component of the controls and efforts to provide a secure and safe computing environment. This policy was developed to ensure all employees are competent with IT security best practices and are familiar with IT security threats.
This policy establishes standards for information security awareness training activities. Every UA Little Rock employee is responsible for doing their part to provide a secure and safe computing environment for every member of UA Little Rock campus and community. This policy applies to faculty and staff working for the university.
To ensure compliance with UA System policies, UA Little Rock policies, laws, and regulations, employees should complete new employee security awareness training. UA Little Rock provides the appropriate education and training necessary to ensure competency and comply with the policies, laws, and regulations.
Information security awareness training is part of every new employee’s onboarding process, and this training should be completed within four weeks of starting employment. All employees will be required to take additional mandatory or refresher training as the security landscape and/or threats against the campus technology landscape evolves.
Additional training courses such as HIPAA, PCI, or other security training, may also be assigned based on the business functions and tasks performed by the employee.
Failure to complete mandatory training in a designated timeframe may result in revocation of access, suspension of accounts, and disciplinary action.
Source: Initial Policy
Approved By: Christina S. Drale, Chancellor
Originator: Vice Chancellor for Finance and Administration
Custodian: Information Technology Services