Non-functional Requirement - Awareness and Training

Category: Security

Context: Awareness and Training

Goals: System administrative personnel have the knowledge and skills to effectively implement, manage and maintain the system sufficient to meet non-functional requirements.

Rationale: System administrative personnel must have the skills, knowledge and/or experience to effectively implement requirements defined by Federal or State law, statute, regulations, contractual agreements, Board Policies, System Procedures or Operating Instructions, and non-functional requirements.

Requirement: System administrative personnel must have knowledge, skills and/or experience according to Metric.

Metric:

Level A:

A1. System administrator(s) must have, or be under the guidance of an individual, who has an applicable industry accepted certification or no less than 5 years of experience implementing, managing or maintaining a similar system.

Level B:

B1. System administrator(s) must complete applicable modules from Information Security Training Program. 

Level C:

C1. System administrator(s) must be offered at least forty hours of job-related formal training per year.
C2. System administrator(s) must complete Public Jobs: Private Data D2L courses; Data Security in Your Job, Securing Your Computer Workstation and Using Data in the Workplace, Data Security for Faculty, Managers and Supervisors, Managing Student Data Securely, Managing Financial Data Securely and Managing Personnel Data Securely annually.

Level D:

D1. IT system administrator(s) must complete Public Jobs: Private Data courses: Data Security in Your Job, Securing Your Computer Workstation and Using Data in the Workplace Scale: Training Hours, Industry Certifications, Years of Experience

Stakeholders: ​System Managers, Operations

Implications: If this requirement is not met, the organization will incur increased risk of person-induced security and availability incidents.

Applicability: See Enterprise Requirements Framework

Tags: Training, Experience

Status: Approved, Requirement

Author: <Author>

Revision: <Revision>

Note: 

The intent of this requirement is to ensure system administrative personnel have the skills, knowledge and/or experience to effectively implement requirements defined by Federal or State law, regulations, contractual agreements, Policies, Procedures or other non-functional requirements.

For more information, see NFR Summary 
Subscribe to: Posts (Atom)