Purpose
The purpose of this Operating Standard is to establish mandatory annual information security awareness training for all individuals who hold at least one University of Pittsburgh Computing Account for use in accessing University Computing Resources. The security of University systems and the personal data of affiliates and customers of the University is a responsibility shared by users. People who receive annual training on an increasing variety of information technology (IT) security risks are less likely to respond inappropriately to threats intended to steal sensitive University or personal information.
Scope
This Operating Standard applies to all individuals with Primary or Sponsored University Accounts, whether affiliated with the University or engaged in University teaching, learning, research, or business requiring access to University systems.
Definitions
- Accountholder – the person assigned a University Computer Account used to access PittNet (wired and/or wireless) and/or University Computing Resources (as defined in University Policy AO 10: Access to and Use of University Computing Resources.
- University Computing Account – accounts granted to and used by a University Community Member that permits access to any or all University Computing Resources and PittNet (as defined in University Policy AO 10, referenced below)
- Primary Account – an account automatically generated for use by University students, faculty, staff, trustees, and other recognized affiliates. Each individual is assigned one and only one Primary Account.
- Sponsored Account – a type of account created for individuals, departments, resources, organizations, groups, as well as some University vendors and contractors. Sponsored accounts expire annually in July of any given year unless renewed by the sponsoring Responsibility Center.
- PittNet – the data communications network operated by the University to provide access to University Computing Resources as defined in Policy AO 38 – University Network.
- University Computing Resource – any computing device, system, or application provided by the University including, but not limited to the examples defined in Policy AO 10.
- University Community Members – students, faculty, staff, contractors, guests, and any members of the general public granted permission to access and use University Computing Resources.
Operating Standard
Each University Community Member who is assigned a Primary or Sponsored University Computing Account is required to complete all IT Security Training modules provided by Pitt Digital each year according to the schedule published and communicated by Pitt Digital Information Security.
Pitt Digital Information Security will establish training schedules for students, faculty, staff, and other University Community members and notify them of the annual due dates for these groups at least 30 days in advance. Reminders will be sent to those who have not completed the annual training at 14 and seven days in advance of the deadline to ensure completion prior to any action to be taken for noncompliance as described below.
Noncompliance
University Community Members must comply with this Operating Standard, University policy, and all applicable laws and regulations. Noncompliance may lead to disciplinary action consistent with University Policy, Staff Handbook, Faculty Handbook, Student Code of Conduct, or Collective Bargaining Agreements, and may also result in suspension or termination of access privileges. Concerns relating to noncompliance may be reported through the Pitt Concern Connection and will be referred to the appropriate University authorities for review.