19149 - IT Training

1. Does the organisation have training that covers:

Recognising and reporting Phishing emails

Recognising Tailgating and how to respond (challenging strangers, checking for ID etc.)

Disposal of confidential information

Dangers of using USB sticks being given away or finding one that looks like it has been dropped 

  • Reference:
    19149
  • Response:

    1. Does the organisation have training that covers:

    Recognising and reporting Phishing emails Yes

    Recognising Tailgating and how to respond (challenging strangers, checking for ID etc.) Yes

    Disposal of confidential information Yes

    Dangers of using USB sticks being given away or finding one that looks like it has been dropped In part

    2. Does the organisation allow the use of USB sticks? Yes

    3. Does the organisation deliver specialised training to key staff (those staff that could be targeted as part of a phishing email campaign, ie finance, execs etc.)? Not currently but will be shortly.

    4. Does the organisation perform confidentiality audits as per the Data Security& Protection Toolkit? Yes

    5. Can you also answer relating to the audits:

    Where the audits are undertaken would these be organised with the local team manager or the head of department ie the director etc? No, organised centrally

    Would an audit ever be carried out unannounced? yes

    Do you have a policy / procedure of how to conduct the audit? if so can you supply a copy. No

    Do you record the results on a checklist / report and return the key contact? if so can you supply a blank copy. No

    6. Does the organisation have confidential waste receptacles placed through the entire organisation and are they regularly emptied? Yes

    7. Does the organisations Exec board receive board level training relating to Cyber Awareness? Being given in March 2019

    8. How does the organisation provide Data Security & Protection Training to staff, does the organisation use (please select all the options that are applicable):

    Third party application package

     

    Third party Trainer / class room

     

    eLearning for Health Data Security Awareness

    X

    In house developed package

     

    Combination of any of the above

     

     

  • Area:
    Trust wide
  • Category:
    • Information Technology
    • Training
    • Estates
    • Risk and Governance
  • Month:
  • Year: