The Education, Training and Awareness portfolio includes documents related to training, rules of behavior, compliance agreements, and sanctions for non-compliance.
Education, Training and Awareness addresses IT-related information that faculty, staff, and students should understand in order to properly act within their role at UW. The cybersecurity-related policies in this portfolio are mapped to the NIST SP 800-53 control families.
- Accounting Services - Credit Card Merchant Services and PCI Compliance (training, disposal) (on bussvc.wisc.edu)
HIPAA (on compliance.wisc.edu)
- 8.7 Destruction/Disposal of PHI
- 9.1 HIPAA Privacy and Security Training
- 9.2 Responding to Employee Noncompliance related to HIPAA
- 9.3 Responding to Student Noncompliance related to HIPAA
- Electronic Devices Policy (main entry: Configuration and Maintenance)
- Disposal and Reuse Policy and Procedures (main entry: Configuration and Maintenance)
- Security Education, Training, and Awareness Implementation Plan (SETA) (under development)
- Password Standard (main entry: Identity and Access Management)
UW System (on wisconsin.edu)