An Education (Culture Change) program is an essential component in the change program which helps an organisation gain the involvement of the staff in the securing of its data. The use of technology (i.e. security labelling programmes-Retro and Current labelling) for document flow either within or to and from the outside of an organisation is only efficient up to a point. People are the heartbeat of any organisation and they must want to help secure the information within that organisation.
A program of cultural change should be undertaken to explain and win over the staff to the idea that they are responsible for the information security alongside any system put in place. The Cultural Change program is designed to help integrate any new Information Classification and Handling Policy into the working practices of the workforce.
The program is designed to be flexible. Each organisation will want to undertake this element in a personalised way to cater for the differing parameters from department to department. The depth of the programs reach is similarly flexible to take into account the pre knowledge, the intensity of data use and of course the numbers of staff.
People are the heartbeat of your organisation- make them aware and responsible for the safety of your data- Train them.
The methodology used encompasses a short, online training programme for all staff to ensure that they are aware of the need for Data security, its pitfalls, its uses, labelling, how to use the software to label documents, emails, etc. and to provide guidelines for what level of protective marker to use. DataCube provides a portal service for this and provide a licensed package. The intent is to get all users to undertake the course and confirmed that they understand it in line with the enforcement labelling being deployed across the organisation.
The change programme is entitled ‘Understanding the need for Enforcement and how to use it.’ It is an education programme which provides an accreditation program that is taken as an e-learning short video course - (7 x 15 minute modules dealing with topics such as ‘Why Protecting Data Matters, Passwords, Safe Email and Web Use, Data Transmission, Backup and Storage, Protecting Data from Loss and Theft, Mobile Devices and Remote Access, How to use the Labelling system.)
Web hosted and accessed by organisation users at their desks followed by a short questionnaire/test which then accredits the user. . The system can be configured so that failure to complete the accreditation after a certain period of time results in the user being “locked out” of their workstations.
Fulfils ICO recommendation for 2 hours of staff training per year.
The on line education system fulfils the Information Commissioner's Office recommendation for two hours of Data Protection Act training each year. The course was originally developed to cover the topics described in and follows the British Computer Society Level 1 syllabus but has been extended as the scope of data protection has grown. It is updated periodically in light of changes in legislation, best practice and threat profile as well as includes a review of the principal security incidents reported to the ICO in the past 12 months of which all staff should be aware.
- Helps develop a security aware culture - Educates the staff about the need for and the consequences for the organisation. This helps re shape attitudes towards the protection of sensitive information.
- Trains staff on the DataCube Protective Marking System- Educates the staff how to assess the protective level of a document, and how to use the labelling enforcement part of the system.
- Benefit of a Learning Management System (LMS) As an on line system, it allows the individual to participate in an incremental, module driven course ending with a internal accreditation.
- Complements existing Information Governance requirements for the protection of personal data across many legislative and contractual requirements including: The Data Protection Act 1998 (DPA);Common Law Duty of Confidentiality; European Convention on Human Rights- Human Rights Act 1998; Health Act 2009; Freedom of Information Act 2000.