Introduction – SharePoint Security Training Policy
Understanding the importance of SharePoint security, individual responsibilities, and accountability for SharePoint security are paramount to achieving organization security goals. This can be accomplished with a combination of general SharePoint security awareness training and targeted, product specific training. The philosophy of protection and specific security instructions needs to be taught to, and re-enforced with, SharePoint users. The SharePoint security awareness and training information needs to be continuously upgraded and reinforced. .
The [Organization] Security Training Policy applies equally to all individuals that use any [Organization] Resources.
The purpose of the SharePoint Security Training Policy is to describe the requirements to ensure each user of [Organization] SharePoint resources receives adequate training on SharePoint security issues.
SharePoint Security Training Policy
All new SharePoint users must attend an approved SharePoint Security Awareness training class prior to, or at least within 30 days of, being granted access to any [Organization] SharePoint resources.
All SharePoint users must sign an acknowledgement stating they have read and understand [Organization] requirements regarding SharePoint security policies and procedures.
All SharePoint users (employees, consultants, contractors, temporaries, etc.) must be provided with sufficient training and supporting reference materials to allow them to properly protect [Organization] SharePoint resources.
[Organization] security management must prepare, maintain, and distribute one or more information security manuals that concisely describe [Organization] SharePoint security policies and procedures.
[Organization] security management must develop and maintain a communications process to be able to communicate new SharePoint security program information, security bulletin information, and security items of interest.
SharePoint Security Training Policy Supporting Information
SharePoint Security awareness by [Organization] personnel must be continually emphasized, reinforced, updated and validated.
All [Organization] SharePoint users are responsible for managing their use of SharePoint and are accountable for their actions relating to SharePoint security. Users are also equally responsible for reporting any suspected or confirmed violations of this policy to the appropriate management responsible for SharePoint security incident handling.
Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [Organization] SharePoint access privileges, civil, and criminal prosecution.
Compliance / Regulation Contributed to by this Policy
Copyright Act of 1976
Foreign Corrupt Practices Act of 1977
Computer Fraud and Abuse Act of 1986
Computer Security Act of 1987
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)