{"id":3209,"date":"2026-05-29T17:23:56","date_gmt":"2026-05-29T17:23:56","guid":{"rendered":"https:\/\/www.tarleton.edu\/technology\/?page_id=3209"},"modified":"2026-05-29T17:27:40","modified_gmt":"2026-05-29T17:27:40","slug":"tarleton-oits-security-awareness-and-training-standard","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/technology\/tarleton-oits-security-awareness-and-training-standard\/","title":{"rendered":"Tarleton OITS Security Awareness Training Standard"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h1 class=\"wp-block-heading\">Tarleton Office of Innovative Technology Solutions (OITS) <br>Security Awareness Training Standard<\/h1>\n\n\n\n<p>Effective: February 11, 2020<\/p>\n\n\n\n<p>Revised:&nbsp; May 29, 2026&nbsp;<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image alignright size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.tarleton.edu\/technology\/wp-content\/uploads\/sites\/170\/2021\/12\/Tarleton_TonTexas.svg\" alt=\"The Tarleton State University logo\" class=\"wp-image-670\" style=\"width:159px;height:auto\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity has-vivid-cyan-blue-to-vivid-purple-gradient-background has-background is-style-wide\" \/>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedure Summary<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Understanding the importance of information security and individual responsibilities and accountability&nbsp;pertaining to&nbsp;information security are paramount to achieving organization security goals. This can be&nbsp;accomplished&nbsp;with a combination of general information security awareness training and targeted, product-specific training. The security awareness and training information&nbsp;should to&nbsp;be ongoing and updated as needed.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Tarleton information resources are strategic assets which, as property of the State of Texas, must be managed as valuable state resources in accordance with <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm\">Texas Government Code Chapter 2054<\/a>. The purpose of this standard is to describe the requirements for ensuring that each user of university information resources receives adequate training related to information security issues. This standard applies to all users of Tarleton State&nbsp;University&nbsp;information resources, including, but not limited to: full-time employees (faculty and staff), student workers, third-party contractors, vendors, Tarleton Today teachers, etc.. <\/p>\n\n\n\n<div class=\"wp-block-group word-wrap: normal is-layout-flow wp-block-group-is-layout-flow\">\n<p>The assessment of potential risks and the application of appropriate mitigation measures will be determined by the information resource owner or their designee. In accordance with <a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\">Texas Administrative Code (TAC) Chapter 202 \u2010 Information Security Standards<\/a>, each department and\/or resource owner may elect not to implement some or all of the risk mitigation measures provided in this standard based on information security risk management decisions and business functions. Such risk management decisions must be documented and reported to the designated information security officer.<\/p>\n\n\n\n<p>Please see the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\"><\/a><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/awareness-and-training-at\/\">Tarleton Security Controls Catalog, specifically the Awareness and Training (AT) family<\/a>, for additional information and requirements.<\/p>\n<\/div>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedures and Responsibilities<\/strong>&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The Security Awareness Training Policy and associated controls, in the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/awareness-and-training-at\/\">Tarleton Security Controls Catalog, specifically the Awareness and Training (AT) family<\/a>, are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code&nbsp;<a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=76\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.76<\/a>,&nbsp;<a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=74\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.74<\/a>, Texas Government Code&nbsp;<a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.519\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.519<\/a>,&nbsp;<a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.5191\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.5191<\/a>,&nbsp;<a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.5192\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.5192<\/a>, Texas A&amp;M University System (TAMUS)&nbsp;<a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Regulation 29.01.03, Information Security<\/a>, and Tarleton\u2019s&nbsp;<a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Rule 29.01.99.T1, Information Resources<\/a>.&nbsp;<\/li>\n\n\n\n<li>As stated in&nbsp;<a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/awareness-and-training-at\/at-2-literacy-training-awareness\/\">Tarleton Security Control AT-2, Literacy Training and Awareness<\/a>, all Tarleton employees who use information resources and third-party vendors that require a Tarleton account are required to comply with the policy and procedures related to Information Security Awareness (ISA) training and must acknowledge they have read, understand, and will comply with university requirements regarding computer security policies and procedures.\n<ul class=\"wp-block-list\">\n<li>Tarleton employees must complete ISA training within 30 days of their hire date.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Third-party vendors and contractors requiring a Tarleton vendor account must complete training prior to receiving their account credentials.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Tarleton requires employees and applicable third-party vendors to complete TAMUS and\/or DIR approved ISA training annually.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Departments may&nbsp;require&nbsp;additional&nbsp;incidental, role-based training and require acknowledgement as&nbsp;determined&nbsp;by the department in accordance with <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/awareness-and-training-at\/at-3-role-based-training\/\">Tarleton Security Control AT-3, Role-Based Training<\/a>.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Departmental information technology personnel shall&nbsp;establish&nbsp;and maintain a process to communicate new security program information, security bulletin information, and security items of interest to departmental personnel, as needed.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Definitions<\/h2>\n\n\n\n<p><strong>Information Resources (IR)<\/strong>: the standards, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Information Security Officer (ISO) \/ Chief Information Security Officer (CISO)<\/strong>: responsible for administering the information security functions within the university and reports to the information resources manager (IRM).&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Owner of an Information Resource<\/strong>: an entity responsible for a business function and for determining controls and access to information resources supporting that business function.&nbsp;&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Related Statutes, Policies, or Requirements<\/strong>&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\" target=\"_blank\" rel=\"noreferrer noopener\">Title 1, Texas Administrative Code (TAC 202), Information Security Standards for Institutions of Higher Education<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01.pdf\">TAMUS Policy 29.01, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-02.pdf\">TAMUS Regulation 29.01.02, Use of Licensed Software<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-03.pdf\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-04.pdf\">TAMUS Regulation 29.01.04, Accessibility of Electronic and Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-05.pdf\">TAMUS Regulation 29.01.05, Artificial Intelligence<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-06.pdf\">TAMUS Regulation 29.01.06, Covered Applications and Prohibited Technologies<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_03_T0_01.pdf\">Tarleton SAP 29.01.03.T0.01, Information Resources &#8211; Acceptable Use<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\">Tarleton Rule 29.01.99.T1, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\">Tarleton Security Controls Catalog<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Contact Office<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Office of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>AVP and CIO of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>254-459-5685&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tarleton Office of Innovative Technology Solutions (OITS) Security Awareness Training Standard Effective: February 11, 2020 Revised:&nbsp; May 29, 2026&nbsp; Procedure Summary&nbsp; Understanding the importance of information security and individual responsibilities &#8230;<\/p>\n","protected":false},"author":94,"featured_media":580,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-fullwidth.php","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-3209","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/technology\/author\/jgeorge\/","display_name":"jgeorge"},"relative_dates":{"created":"Posted 18 hours ago","modified":"Updated 18 hours ago"},"absolute_dates":{"created":"Posted on May 29, 2026","modified":"Updated on May 29, 2026"},"absolute_dates_time":{"created":"Posted on May 29, 2026 5:23 pm","modified":"Updated on May 29, 2026 5:27 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/3209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/comments?post=3209"}],"version-history":[{"count":2,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/3209\/revisions"}],"predecessor-version":[{"id":3212,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/3209\/revisions\/3212"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/media?parent=3209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}