Administrative Procedure 2.215, Mandatory Training on Data Privacy and Security , requires ALL UH employees, including student and graduate assistants to complete the Information Security Awareness Training (ISAT) annually. UH Foundation employees and selected RCUH employees are also subject to the training. A small group of employees may be exempt from the ISAT.
Where is the ISAT located and how do I access it?
The ISAT is available on Laulima. To access the training, click on the “ISAT Self Registration Link” below and you will be redirected to the Laulima login page. Enter your UH username and password to access the modules.
Once you have self-registered, the “ISAT V2” training tab will be available for future visits without having to re-register. Just login to Laulima with your UH username and password.
How long is the ISAT?
The ISAT takes less than an hour to complete. You are able to stop partway and return without losing your place.
How will compliance be tracked?
Chancellors and VPs are asked to designate an ISAT Compliance Coordinator who will be responsible for coordinating compliance requirements for your respective campus/UH System office. Chancellors and VPs will decide whether the individual will be tasked with managing compliance centrally or delegating the task out to the field (e.g., to the school/college or department level). ITS has developed a web interface to track those with valid and invalid ISATs based on anniversary dates. Training for those individuals on how to set up and use the web interface will be provided in January.
How will I know when I need to retake my ISAT?
You will receive an automatic email reminder 30 and 7 days prior to the one-year anniversary date of when you last took the ISAT. Additionally, you will be reminded by those tasked with monitoring compliance.
What if I miss re-taking the ISAT within one year and am out of compliance?
Failure to complete the requirements by the specified due date should be reported to the supervisor. Extenuating circumstances affecting an employee’s ability to complete the requirements on time shall be taken into consideration by the supervisor. A reasonable timeframe to complete the requirements will be set by the supervisor and communicated to the employee. Department chairs may assist faculty with temporary workload adjustments, as needed, to accommodate the completion of their training requirements.
Who is exempt from taking the ISAT?
Employees who meet the all of the following criteria:
- Their duties are not office- or classroom-based;
- Their duties do not involve working with Protected Data; and,
- They have limited access to technology at work.
Is there a way to tell if an individual received an exemption?
There is no official designation. The individual’s supervisor will determine if an employee is exempt. They will notify the person monitoring compliance to simply exclude the individual from the web application that lists whether a person’s ISAT is currently valid or not.
Why is this training required?
The training is critical to raising the University community’s awareness on how to keep our institutional assets safe as the frequency and sophistication of cybersecurity threats continue to increase. We continue to have data exposures and breaches, many of which could have been prevented. By integrating best practices around privacy and security into our daily work, we can reduce the risk of further exposures and breaches from occurring. Additionally, the University is subject to federal and state regulatory requirements and industry standards, all of which are requiring stronger privacy and security measures, and of which training is a key component.
Is an ISAT certificate of completion available?
If you have completed the ISAT, you may print a certificate of completion by going to the UH Acknowledgements and Certifications (ACER) website.
Do we still need to do the General Confidentiality Notice (GCN) acknowledgement?
No, the GCN will only need to be completed by new hires during the onboarding process. It was removed as an annual requirement to simplify the training requirement.