Section 4000.200  Training to be Provided by Department of Innovation and Technology

a)         Every employee shall annually undergo training by the Department of Innovation and Technology concerning cybersecurity.  (Section 25(b) of the Act).

b)         The training shall include, but not be limited to, detecting phishing scams, preventing spyware infections and identity theft, and preventing and responding to data breaches. (Section 25(b) of the Act).

c)         DoIT shall provide access to electronic-based, in-person, or paper-based cybersecurity training, with reasonable efforts made to provide training in the format requested to accommodate the needs of the employee and his or her employing agency.

1)         All employees are encouraged to complete cybersecurity training through electronic means.

2)         In-person training may include a web conference service component. 

d)         DoIT shall establish a minimum of two training periods per year. Tentative training dates will be provided by DoIT, via electronic mail, to each Designated Contact by January 15^th of each calendar year.

e)         DoIT shall confirm training dates at least 60 calendar days prior to the training to each Designated Contact.