Written by AIJanuary 21, 2024
End-User Training and Awareness Policy
IT Policy Article
-
Table of Contents
EDC Inc End-User Training and Awareness Policy
This policy outlines the requirements and guidelines for end-user training and awareness at EDC Inc. It is designed to ensure that all users of EDC Inc’s information systems are aware of their responsibilities and are adequately trained to perform their roles effectively and securely.
Policy Statement
EDC Inc is committed to providing comprehensive training and awareness programs to all end-users. This includes training on the use of Active Directory for user and service accounts, the CMDB inventory management tool, and the procedures for interacting with the Change Audit Board (CAB).
Scope
This policy applies to all EDC Inc employees, contractors, and third-party users who have access to EDC Inc’s information systems.
Responsibilities
- The IT Security Operations department is responsible for developing and implementing the end-user training and awareness program.
- The IT Audit and Compliance department is responsible for ensuring that the training and awareness program complies with all relevant laws, regulations, and industry best practices.
- The IT Server Operations department is responsible for managing OS patching and ensuring that all servers are patched every 30 days, unless an IT Exception is approved by IT Security.
- All end-users are responsible for completing the required training and adhering to the guidelines provided in the training and awareness program.
Training and Awareness Program
The end-user training and awareness program will cover the following topics:
- Use of Active Directory for user and service accounts
- Use of the CMDB inventory management tool
- Procedures for interacting with the Change Audit Board (CAB)
- Security best practices, including password management and phishing awareness
- Procedures for reporting security incidents to the IT-SOC (Incident management)
- Responsibilities under this policy and the consequences of non-compliance
Compliance
All end-users must complete the required training and adhere to the guidelines provided in the training and awareness program. Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.
Review and Update
This policy will be reviewed and updated annually by the IT Security Operations department, or more frequently if necessary, to ensure that it remains relevant and effective.
Contact
For any questions or concerns about this policy, please contact the IT Director or Manager of the IT Security Operations department.
Summary
EDC Inc is committed to ensuring that all end-users are adequately trained and aware of their responsibilities when using the company’s information systems. This policy outlines the requirements and guidelines for end-user training and awareness, including the responsibilities of different departments and the topics covered in the training and awareness program. Compliance with this policy is mandatory for all end-users, and non-compliance may result in disciplinary action. This policy will be reviewed and updated annually to ensure its continued effectiveness.
You may also like
Archives
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |