Platform X - Training Program: Standard
Describes the Standards related to the Platform X Training Program
- Purpose
- The purpose of this document is to provide role-based security training standards.
- Definitions
- Electronic Protected Health Information (ePHI): Any individually identifiable health information protected by HIPAA that is transmitted or stored in electronic media.
- Standards
- Prior to granting access to the information system, all users must complete role-based training.
- Administrators are responsible for identifying required and optional courses for each role.
- Training must address all relevant security features necessary to reduce the risk of improper access, uses and disclosures.
- Required and optional courses must be reviewed annually, and when new features or roles are introduced to the platform.
- When new required training is added to a role, all employees in that role must complete training within 30 days.
- Users must provide evidence of training completion.
- Administrators must verify and retain records on completion of training.
- Administrators must ensure that all users have knowledge of, and access to, training and other relevant security-related documentation
- Administrators must provide at least quarterly basic security awareness training to all users, topics include:
- Software patching
- Anti-virus and anti-malware software
- Login monitoring
- Password and MFA management
- Administrators must communicate, via quarterly security reminders, new and important issues.
- Administrators must provide all users with contact information for the Security Official for the Information System. The Security Official should be contacted if there are any security issues.
- Prior to granting access to the information system, all users must complete role-based training.
- Applicable NIST Controls
- Related Standards, Policies and Procedures