Awareness, Training and Education
Program oversight responsibilities include providing communication, appropriate documentation and sufficient training related to the Information Security Program.
Each Business Process Owner or System Owner will take steps to ensure those authorized to access PIRN have received training in the specific responsibilities and procedures associated with that area. They will also ensure that one or more individuals in those areas receive training or education in information security and privacy.
Department managers and supervisors will take steps to ensure that individuals in their area who are working with processes involving PIRN have appropriate and sufficient training, as well as access to relevant tools and IT support services to enable compliance with this Program.
Individuals are expected to be aware when they are part of a process that includes PIRN. They are also expected to avail themselves of relevant training and guidance offered by Business Process Owners, System Owners or their department.