Annual Data Security Awareness Training in CSU Learn

This article will explain the annual Data Security Awareness Training requirement at Chico State, including who must complete it, how it is assigned, and compliance expectations.

Quick Links: | Data Security Awareness Training Overview | Training Eligibility | Accessing and Completing Training | CSU Policy, Compliance, and Consequences | 

Data Security Awareness Training Overview

All individuals affiliated with California State University, Chico, including faculty, staff, student employees, auxiliary employees, volunteers, and other authorized users, are required to complete annual Data Security Awareness Training.

This training ensures the campus community understands its responsibility to protect university data, systems, and personal information.

Previously, training requirements varied based on data classification levels and completion timelines. This has been replaced with a single, standardized approach that:

• Uses one training format for all employees
• Requires completion annually
• Updates content each year to reflect current cybersecurity threats and best practices

This change provides a consistent, campus-wide training standard and supports ongoing security awareness.

Training Eligibility

The following groups are required to complete the training annually:

• Faculty
• Staff
• Student employees
• Auxiliary employees

New employees are automatically assigned the training shortly after onboarding and must complete it within the timeframe listed in their CSU Learn notification.

Accessing and Completing Training

• The training is assigned automatically annually through CSU Learn (SumTotal).
• Employees receive an email notification when the course becomes available.
• The completion deadline is listed in the assignment details.
• Automated reminder emails are sent before the due date.
• Each year’s course is new; prior completions do not meet the current requirement.
• Manual assignments or direct links may be requested only in special cases by contacting training@csuchico.edu.

CSU Policy, Compliance, and Consequences

This requirement aligns with the California State University Systemwide Information Security Policy, which states:

“All employees must participate in security awareness training.”

View the CSU Information Security Policy

Completion of the annual Data Security Awareness Training is mandatory.

Failure to complete the training by the assigned deadline may result in:

• Notification to the employee’s supervisor or department head
• Possible restriction of access to university systems until training is completed

 Still need help? Contact IT Support Services for further assistance.
  
 Help us improve our Knowledge Base! Click Yes or No below, then let us know what worked — or what didn’t. Your feedback helps us improve our content and provide the best possible support.