TITLE 80: PUBLIC OFFICIALS AND EMPLOYEES SUBTITLE J: TECHNOLOGY
CHAPTER I: DEPARTMENT OF INNOVATION AND TECHNOLOGY
PART 4000 MANDATORY CYBERSECURITY TRAINING
SECTION 4000.205 RESPONSIBILITY OF EMPLOYEES AND EMPLOYER AGENCIES, BOARDS AND COMMISSIONS

 

Section 4000.205  Responsibility of Employees and Employer Agencies, Boards and Commissions

 

a)         Each agency, board and commission with an employee required to complete cybersecurity training shall designate an internal contact to monitor and track compliance with the cybersecurity training requirements. 

 

b)                  The agency, board or commission shall promptly notify DoIT of its selection, including contact information for that Designated Contact.  This information shall be submitted at security.training@illinois.gov.

 

c)         To facilitate delivery of training materials, each agency, board and commission with employees required to complete annual cybersecurity training shall maintain a list identifying each employee who is required to complete annual cybersecurity training. The Designated Contact shall notify DoIT of the number of employees in its agency required to complete cybersecurity training.

 

d)         Upkeep of the employee list referenced in subsection (a) is the sole responsibility of the employer agency, board or commission.  

 

1)         The Designated Contact shall provide to DoIT the employee list, as well as the email address of each employee, and any further information DoIT may request, no later than 30 calendar days prior to the training launch. DoIT's notice of the training will include what information the Designated Contact is required to provide.

 

2)         The Designated Contact shall be responsible for providing paper copies of the training materials to those employees within his or her agency who do not have State-issued computers.

 

3)         The Designated Contact shall annually provide to DoIT the list of those employees who have completed cybersecurity training.

 

e)                  Each agency, board and commission is responsible for responding to audit requests for information regarding completion of cybersecurity training within that specific agency, board or commission.

 

f)                   Each employee is responsible for ensuring that he or she is able to timely complete the mandatory cybersecurity training in person, online, or in paper form.  In the event that the training is not completed, disciplinary action may be enforced by the employee's supervising agency.