Ohio Department of Administrative Services
John Kasich, Governor
Robert Blair, Director
Stuart R. Davis, State Chief Information Officer
The Ohio Department of Administrative Services
Office of Information Technology | 30 East Broad Street, 39
th
Floor | Columbus, Ohio 43215
State of Ohio
Administrative Policy
IT Security Awareness and Training
No:
Information Technology
IT-15
Effective:
July 21, 2015
Robert Blair, Director
1.0 Purpose
This policy provides information technology (IT) security awareness and training requirements
for State of Ohio information system users, which includes employees, contractors, temporary
personnel and other agents of the state. This policy is not intended for the general population
that accesses electronic government services or applications.
A glossary of terms found in this policy is located in Appendix A - Definitions. The first
occurrence of a defined term is in bold italics.
2.0 Policy
State agencies shall conduct IT security awareness training in accordance with the requirements
outlined in this policy and shall ensure that all information system users adhere to the policy.
2.1 Basic IT Security Awareness Training. The Department of Administrative Services (DAS)
Office of Information Security and Privacy (OISP) shall provide basic information security
awareness training for agencies to use to conduct this training.
2.1.1 DAS OISP shall identify and provide a solution for delivering the basic IT security
awareness training statewide.
2.1.2 The DAS OISP training shall be updated annually to ensure it remains current,
addressing the latest security threats and best practices.
2.1.3 Agencies shall ensure that all information system users complete the DAS OISP
basic IT security awareness training.
2.1.3.1 Users shall complete the basic IT security awareness training within
two weeks of their initial hire date, annually thereafter; and when
required by role or system changes.