The data that allows CU to deliver on our academic and research missions is critical to our success and protecting it from compromise is a priority for the CU Board of Regents, administration, and campus chancellors. 

For that reason, the Information Security Awareness training course is a required course that must be completed by all CU employees (faculty, staff, and student employees) within the first 60 days of employment and every two years thereafter.

The Information Security Awareness training course covers essential security principles related to data management at CU:

  • How to report a suspected or actual security incident.
  • Your responsibility when managing sensitive university data.
  • Recognizing phishing scams through practical examples.
  • Key features of a strong password.
  • The importance of multi-factor authentication.
  • Indicators of possible insider threat.

Supervisors are key in helping the university reach our training compliance goals by ensuring employees in their departments follow the new requirement.

Which CU policy supports required security training?

The APS 6005 IT Security Program policy provides the following requirements for employee training.

  • All university employees, including associates and other individuals, who require the use of university IT resources to perform their duties, will receive initial training and periodic refresher training relevant to their IT security responsibilities.
  • Supervisors will ensure employees are trained to fulfill their IT security responsibilities.
  • Employees with elevated computing privileges (e.g., server support technicians, user account managers, or web page administrators) may require specialized training for fulfilling their IT security responsibilities effectively. 

What constitutes an employee and student employee?

An employee is anyone who is paid through Employees Services. A student employee is any student who is paid through Employee Services. This includes graduate, work-study, and international students.

Retirees are not required to complete the course.

How long does it take to complete the course?

It takes approximately 30 minutes to complete the course and pass the quiz. 

How do I access the Skillsoft Percipio training?

This link should take you directly to the course after passing the portal authentication. If you experience an issue, you can locate the course by typing its title—Information Security Awareness—into the search box at the top of the Skillsoft Percipio screen, as shown below. Select the course title from the dropdown list.

Screenshot of Percipio's search box with course title and dropdown of options. The proper selection is highlighted. indicating the course is completed and showing the actions dropdown menu with restart course highlighted.
 

Click on CU: Information Security Awareness.

Screenshot of Percipio's search options and the proper course is listed first.

 

If the course is marked Not Started,  click Launch and complete the course. If the course is marked Completed, click the Actions icon (three dots) on the top right side of the course description and click Restart.

Screenshot of Percipio showing the launch button.

 

Please complete the survey at the end of the course. After you close the course, wait until a standard feedback window displays. You can close that window without giving feedback.

You may also visit the Employee Services Skillsoft Help webpage for instructions. 

If you have technical difficulties while taking the course (e.g., frozen screen, continuous buffering), Skillsoft Support recommends relaunching the course using your browser’s incognito feature. You should be able to restart the course and click “next” until you reach your previous endpoint.

For questions or further help, contact system.training@cu.edu.

I cannot recall when I last completed the training course. How do I view my record of training completions?

To view your real-time record in Skillsoft:

  • Log on to your campus portal (https://my.cu.edu).
  • Go to Learning Transcript.
  • Select Add Filters.
  • Choose a Status (All, Started, Completed).
  • Apply more filters, if wanted (Type or data range).
  • Click Apply.

Employees may also access training records from their portal by using the Training Summary.

I am affiliated with the university but am not paid as an employee (often referred to as a person of interest or POI). Does the training requirement apply to me?

At this time, university volunteers and affiliates, or persons of interest (POIs), are not required to complete the training; however, it is highly recommended that POIs with access to CU’s confidential or highly confidential data or information systems complete the training.

POIs include volunteer faculty, off-campus Work-Study employers, employees of University Physicians, Inc. (UPI) and visiting scholars.

Are there any other security training courses that I am expected to complete?

CU’s Office of Information Security (OIS) highly recommends that employees, students, contractors, and POIs with elevated computing privileges complete the Information Security for IT Service Providers (u00064) training course.

The course:

  • Provides an overview of security practices and policies for IT services providers.
  • Has a target audience that includes employees, students, contractors, and POIs who serve as programmers, server/workstation support, account administrators, webmasters, and others.
  • Covers policy, security management, access management, physical and environmental security, and incident detection and reporting.
  • Includes a 10-question quiz that learners must pass with 100% to receive credit.
  • Requires learners to acknowledge they will uphold confidentiality and agree to access data only as needed for authorized tasks.

OIS also recommends that departments establish the training as an annual requirement for those within the targeted audience since the course is updated annually.

Note: This course replaces the IT Confidentiality Agreement (u00087) training course, which was retired on July 14, 2023, and is no longer available.

Visit Available Training to learn about other security courses.

For Supervisors: How do I check training completions for my team?

Download the step-by-step guide, Running a Training Completion Report. It explains how to run a student or employee completion report out of CU-Data (Cognos).

For Supervisors: What about employees on leave of absence?

Employees on leave do not need to complete the training until they have returned to work. If you have any questions, please contact your campus HR.

For Supervisors: Are POIs required to complete the Information Security Awareness training course?

At this time, people employed as persons of interest (POIs) are not required to take the training course; however, it is highly recommended that POIs with access to CU’s Confidential or Highly Confidential data or information systems complete the training.

POIs include volunteer faculty, off-campus Work-Study employers, employees of University Physicians, Inc. (UPI) and visiting scholars.

Who should I contact for more information or questions about information security?

Visit OIS About for contact details, including emails, phone numbers, and websites specific to your campus.