Information Technology Policies and Standards

Title
Employee IT Security Certification - Testing Methods
Type
Procedure
Related Policy
Employee IT Security Certification Policy
Category
Security
Status
Superseded
Approved
07/20/2006
To Be Reviewed
07/17/2008
Scope
Applies to all City employees who possess or apply for credentials (e.g., User ID and password) to access City information technology assets.
Procedure
  1. The certification process uses an objective multiple choice testing method to assess employee awareness and understanding of City IT security policies, procedures and guidelines. The test consists of ten randomly selected questions. The test is scored as complete/incomplete, not on a pass/fail basis.
  2. The questions and answers are managed within a City standard database system. This database is populated with users via a daily update from the City’s help desk system.
  3. An individual e-mail, sent on the anniversary of the employee's hire date, serves as notification to the employee of the annual certification requirement. The notification shall include instructions for completing the online certification and contact information for the certification test administrator.
  4. Upon notification, the employee completes the online certification as instructed in the notification e-mail.
  5. Employees who have not completed certification receive a second email notification twenty-three days after the anniversary of their City hire date informing them of their annual IT Security Certification responsibility and policy mandated consequences of non-compliance. Continued non-compliance for an additional seven days results in an email notification to the employee and their Department Director.
  6. Employees requiring assistance with the certification process may contact the ISD Help Desk or the certification test administrator.
  7. Data regarding employee compliance with the Employee IT Security Certification Policy remains in the testing database for at least twelve months from first notification.
Rationale
Ensures that every employee who uses City information technology assets is regularly informed of expectations concerning the safe and secure use of those assets.

Contact: Sharon I. Schultz, (505) 768-3723