Administrative Procedure 2.215, Mandatory Training on Data Privacy and Security , requires ALL UH employees, including student and graduate assistants to complete the Information Security Awareness Training (ISAT) annually. UH Foundation employees and selected RCUH employees are also subject to the training. A small group of employees may be exempt from the ISAT.

To access the ISAT

1. Go to https://www.hawaii.edu/its/acer/
2. Click “Login,” then sign in using your UH username and password.
3. On the Acknowledgements and Certifications (ACER) table, locate the UH Information Security Awareness Training Certification and click on the link.
4. Click on “UH Login.”
5. You may see a message that says “Currently, you are not a member of the site called ISAT V2. Would you like to join and become a member of the site?” Click on “YES, ADD ME.” You will only need to do this once. You will be able to get in without being asked this question on subsequent returns.
6. In Laulima, click on the tab “ISAT V2.”

Navigating through the ISAT Quizzes

Those who are unfamiliar with using Laulima may find the “Instructions on Navigating through the ISAT Quizzes ” helpful. You must be logged into your UH email account to access the Google Doc. Your personal email (Gmail or other) will not work.

How long is the ISAT?

The ISAT takes less than an hour to complete.

Do I need to complete the ISAT in one session or can I stop partway?

You are able to stop partway and return without losing your place. However, your ISAT will not register as complete unless all lessons are completed within a 60-day window. That means you must complete the ISAT in its entirety within 60 days or you will need to retake any lessons beyond that timeframe.

How will compliance be tracked?

Chancellors and VPs are asked to designate an ISAT Compliance Coordinator who will be responsible for coordinating compliance requirements for your respective campus/UH System office. Chancellors and VPs will decide whether the individual will be tasked with managing compliance centrally or delegating the task out to the field (e.g., to the school/college or department level). ITS has developed a web interface to track those with valid and invalid ISATs based on anniversary dates. Training for those individuals on how to set up and use the web interface will be provided in January.

How will I know when I need to retake my ISAT?

You will receive an automatic email reminder 30 and 7 days prior to the one-year anniversary date of when you last took the ISAT. Additionally, you will be reminded by those tasked with monitoring compliance.

What if I miss re-taking the ISAT within one year and am out of compliance?

Failure to complete the requirements by the specified due date should be reported to the supervisor. Extenuating circumstances affecting an employee’s ability to complete the requirements on time shall be taken into consideration by the supervisor. A reasonable timeframe to complete the requirements will be set by the supervisor and communicated to the employee. Department chairs may assist faculty with temporary workload adjustments, as needed, to accommodate the completion of their training requirements.

Who is exempt from taking the ISAT?

Employees who meet the all of the following criteria:

1. Their duties are not office- or classroom-based;
2. Their duties do not involve working with Protected Data; and,
3. They have limited access to technology at work.

Is there a way to tell if an individual received an exemption?

There is no official designation. The individual’s supervisor will determine if an employee is exempt. They will notify the person monitoring compliance to simply exclude the individual from the web application that lists whether a person’s ISAT is currently valid or not.

Why is this training required?

The training is critical to raising the University community’s awareness on how to keep our institutional assets safe as the frequency and sophistication of cybersecurity threats continue to increase. We continue to have data exposures and breaches, many of which could have been prevented. By integrating best practices around privacy and security into our daily work, we can reduce the risk of further exposures and breaches from occurring. Additionally, the University is subject to federal and state regulatory requirements and industry standards, all of which are requiring stronger privacy and security measures, and of which training is a key component.

Is an ISAT certificate of completion available?

If you have completed the ISAT, you may print a certificate of completion by going to the UH Acknowledgements and Certifications (ACER) website.

Do we still need to do the General Confidentiality Notice (GCN) acknowledgement?

No, the GCN will only need to be completed by new hires during the onboarding process. It was removed as an annual requirement to simplify the training requirement.

Is an ADA compliant version of the ISAT available?

Yes, here are the links:

• Lessons: https://docs.google.com/document/d/17qWvbErXU6AwXvKB3FTamJFoRStBUpaxbZhvTehwQho
• Quiz: https://forms.gle/5fmp9KYYLwCPdbLt9

You will need to answer at least 11/15 questions correctly on the quiz to pass. Your ISAT score will be manually updated in the system. There will be a one day lag before your ISAT completion date will appear on the UH Acknowledgements and Certifications (ACER) website.