I need to complete the Data Security and FERPA training

Annual Data Security Awareness Training

Overview

All California State University, Chico employees — including faculty, staff, student employees, and auxiliary employees — are required to complete annual Data Security Awareness Training.
This training ensures everyone understands their responsibility to protect university data, systems, and personal information.

Background

Previously, data security training requirements were based on two level data classification levels, which were required annually (Level 1) and every three years (Level 2).

This has now been replaced with a single, standardized requirement:

  • One training format for all employees
  • Training required annually
  • Content changes each year to address current cybersecurity risks and best practices

Policy Requirement

This requirement aligns with the California State University Systemwide Information Security Policy, which mandates that:

“All employees must participate in security awareness training.”

📄 View the CSU Information Security Policy

CSU Chico complies with this policy by providing annual data security awareness training to all faculty, staff, student employees, and auxiliary employees.

Who Must Complete the Training

The following groups are required to complete the training annually:

  • Faculty

  • Staff

  • Student employees

  • Auxiliary employees(Associated Students, Chico State Enterprises etc.)

New employees in any of these categories will be automatically assigned the training shortly after onboarding and must complete it within the timeframe specified in their CSU Learn assignment notification.

When and How

  • The training is assigned automatically annually through the CSU Learn (SumTotal) platform.

  • Employees receive an email notification when the course is available.

  • The completion deadline is listed in the assignment details.

  • Automated reminders are sent prior to the due date.

  • Each year’s course is new, and prior completions do not satisfy the current year’s requirement.

  • Direct link and manual training assignments can be requested only in special cases by submitting a ticket to training@csuchico.edu

Why the Change

  • Provides a consistent, campus-wide training standard.

  • Ensures employees stay informed on the latest cybersecurity threats and best practices.

  • Aligns with CSU systemwide information security and compliance standards.

Compliance and Consequences

Completion of the annual Data Security Awareness Training is mandatory for all covered employees.
Failure to complete the training by the deadline may result in:

  • Notification to the employee’s supervisor or department head

  • Possible restriction of access to university systems until training is completed

Resources

Print Article