|
Training Resources
Overview and Requirements
Adequate employee training and education is a key factor in carrying out NIH’s mission. Without proper training and education, individuals would be less effective in their roles and limited in their career development. NIH staff members are required to complete specific training regarding issues like computer security awareness training, privacy awareness training, amongst others. Individuals are also encouraged to participate in voluntary training in order to improve job efficiency and positively affect those with whom they work.
Roles and Responsibilities (e.g., POCs)
NIH Manual 1745 - Information Technology (IT) Privacy Program:
https://www3.od.nih.gov/oma/manualchapters/management/1745/
Education and Outreach
HHS Privacy Awareness Training:
http://hhsu.learning.hhs.gov/PrivacyAwareness/index.html
HHS PIA Training:
Pending release by Secure One HHS
Mandatory Online NIH Information Security and Privacy Awareness Training:
http://irtsectraining.nih.gov/
NIH PIA Training Presentation:
Color - http://oma.od.nih.gov/ms/privacy/Training2008.ppt
Black and White - http://oma.od.nih.gov/ms/privacy/Training2008bw.ppt
Directions for IC Privacy Coordinators to Track NIH Privacy Awareness Training:
http://oma.od.nih.gov/ms/privacy/Directions for IC Privacy Coordinators to Track Privacy Awareness Training.doc
FOIA Training Resource (DoJ):
The lead Federal agency for Freedom of Information Act (FOIA) information and offers excellent FOIA training. The National Advocacy Center (NAC) is operated by the Department of Justice, Executive Office for United States Attorneys. Programs for Federal government personnel are provided by the Office of Legal Education (OLE). The courses include: Introduction to FOIA, FOIA Overview, Advanced FOIA, FOIA Administrative Forum and FOIA for AAP/PA (attorneys, paralegals and information officers):
http://www.usdoj.gov/usao/eousa/ole/
FOIA/Privacy Resource (USDA Grad School):
Chartered in 1921, the Graduate School, has a rich history of excellence in professional training and currently conducts more than 900 different courses at locations throughout the country. Course # PMGT7000D entitled “Freedom of Information and Privacy Act Workshop” teaches you how to respond to Freedom of Information Act (FOIA) and Privacy Act (PA) requests. The course is designed to teach you to become skilled at how to properly release records to the public while safeguarding necessary information. Course # LAWS3335C entitled “The Freedom of Information Act and the Privacy Act” is about the Freedom of Information Act (legislative history, publication requirements, processing requests, exemptions, fees) and the Privacy Act (definitions, limitations of disclosure, access to records, publication requirements, exemptions and new systems reports). The course is designed to train administrative and legal personnel who work with these acts:
http://www.grad.usda.gov/index.php?option=com_frontpage&Itemid=1
Privacy Professional Associations
The International Association for Privacy Professionals (IAPP):
Offers individual memberships and its members receive an extensive array of benefits designed to aid the busy privacy professional; including a member directory, certification training programs for corporate (CIPP) and government privacy professionals (CIPP/G), conference discounts, access to research studies, and member-only content on the website. Its goal is to keep its members informed of the changing privacy landscape:
https://www.privacyassociation.org/
American Society of Access Professionals (ASAP):
A non-governmental, independent, educational, not-for-profit association. It was founded in 1980 by concerned Federal government employees and private citizens in the fields of information access through the Freedom of Information Act (FOIA), the Privacy Act (PA), and laws and regulations. ASAP is the leading organization providing quality professional educational programs. ASAP draws upon the highest caliber of government FOIA and Privacy instructors along with known experts in the public requester field to teach and discuss common problems in an open-dialogue forum during annual symposiums and training conferences in the D.C. area:
http://www.accesspro.org/
Frequently Asked Questions (FAQs)
1. Is SPORT Tool training available? If so, how do I go about requesting it?
2. Is it mandatory that I take NIH Privacy Awareness training?
- Yes. As mandated by FISMA and OMB Memorandum 07-19, all NIH employees and contractors are required to take privacy awareness training. It is imperative that NIH employees possess a general understanding of the importance of privacy protection. Privacy training will also inform NIH staff of relevant privacy policy, guidelines, and procedures. Training must be completed annually.
Definitions
Awareness, Training, and Education: Includes (1) awareness programs that set the stage for training by changing organizational attitudes towards realization of the importance of security and the adverse consequences of its failure; (2) teaching people the skill that shall enable them to perform their jobs more effectively; and (3) education is more in-depth than training, and is targeted for security professionals and those whose jobs require expertise in IT security. (Defined in NIST SP 800-26, Appendix C).
References
OMB Memorandum M-07-19 issued in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf
HHS Security Education and Awareness Website:
http://intranet.hhs.gov/infosec/education.html
Federal Trade Commission Identity Theft Website:
http://www.ftc.gov/idtheft
Mandatory Online NIH Informatoin Security and Privacy Awareness Training:
http://irtsectraining.nih.gov
NIH PIA Training Presentation:
Color - http://oma.od.nih.gov/ms/privacy/Training2008.ppt
Black and White - http://oma.od.nih.gov/ms/privacy/Training2008bw.ppt
NIH Office of the Chief Information Officer:
http://ocio.nih.gov
NIH Encryption Web Page:
http://ocio.nih.gov/security/HHS_Encrypt_Policy_Guidance_Tools.html
Return to the top
|