The Chief Information Security Officer (CISO), or designee, is responsible for ensuring that the measures described in this Control are implemented.

It is the responsibility of the CISO, or designee, to:

• 1.1

  Document and monitor staff information security training activities, including;

  • 1.1.1

    Security Awareness Training; and

  • 1.1.2

    Role-based information resource security training as specified in Security Control AT-3.

• 1.2

  Retain staff training records based on university document retention policies.