Policy Reference
| Category | Security and Privacy |
| Approval Date | 01-20-2010 |
| Scope | All Personnel |
Purpose
The purpose of this policy is to increase employee awareness of the importance of IT security best practices within the City. Employee day-to-day actions are critical in ensuring confidential information is kept secure.
Policy
- The City will have an employee awareness policy for security and confidentiality.
- Require all employees to acknowledge in writing that they have read and understand the security policies and procedures.
- Maintain a a training plan to address initial and ongoing training and skills development, materials, manuals, procedures, help, service desk support, key user identification, and evaluation.
- Ensure that new-hires, and newly authorized staff, contractors, and vendors are trained appropriately according to the assurance levels of the information and systems they are working with.
- Methods such as poster and booklets will be created to make employees aware of security.
Compliance
- Verify the organization has implemented a formal security awareness training program for all employees. § 12.6, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2
- The City must ensure all employees read and understand the security policy and procedures at least annually by signing a statement acknowledging this fact. § 12.6.2, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2
- The organization must ensure employees have access to different types of training materials in order to become better aware of the security program of the organization. § 12.6.1, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2