Question PPPR-12
Do you have an information security awareness program?
| Weight | 15 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
State plans to implement an information security awareness program.
Answering "YES"
Summarize your information security awareness program.
Reason for Question
Setting the expectation of security-related responsibilities throughout an organzation is favored in an information security awareness program. Vendors without an information security awareness campaign should be met with scrutiny on how security policies and procedures are implemented in their environment.
Follow-Up Inquiries
Follow-up inquiries for information security awareness programs will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]