Documentation
HECVAT Full v3.0.6
Policies, Procedures, and Processes
PPPR-13

Question PPPR-13

Is security awareness training mandatory for all employees?

Weight15
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

State plans to make security awareness training mandatory for all employees.

Answering "YES"

Summarize your security awareness training content and state how frequently employees are required to undergo security awareness training.

Reason for Question

Setting the expectation of security-related responsibilities throughout an organzation is favored in an information security awareness program. Vendors without an information security awareness campaign should be met with scrutiny on how security policies and procedures are implemented in their environment.

Follow-Up Inquiries

Follow-up inquiries for information security awareness programs will be institution/implementation specific.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]