Skip to Content

Human Resources Department

Employee Resources

9-2 Information Technology Use and Security Policy Manual - Chapter VIII: Security Awareness Training and Education Policy

Information Systems Department

Return to IT Use and Security Policy Manual Table of Contents

Approved by: Board of Supervisors of the County of Sonoma (“County”), and the Boards of Directors of the Northern Sonoma County Air Pollution Control District, the Russian River County Sanitation District, Sonoma Valley County Sanitation District, Occidental County Sanitation District, South Park County Sanitation District, and the Board of Directors of the Sonoma County Agricultural Preservation and Open Space District (collectively referred to hereinafter as “Special Districts”), and the Sonoma County Water Agency (“Agency”), and the Board of Commissioners of the Sonoma County Community Development Commission (“Commission”). The County, Special Districts, Agency and Commission are collectively referred to herein as “Local Agencies” or singularly as “Local Agency.”

Read next: Acknowledgment

What's on this Page

  1. Security Awareness Training

A. Security Awareness Training

Security awareness training is designed to educate Users of their responsibilities to protect Local Agency IT resources and data, and to provide the knowledge and skills necessary to fulfill IT security responsibilities for the Local Agency.


  1. Users must be made aware of County/Local Agency information and technology security policies and their security responsibilities, prior to accessing Local Agency IT resources and data.
  2. Users must receive appropriate security awareness training and education relevant to their assigned job function, addressing topics including:
    1. Appropriate use of Local Agency IT resources and data;
    2. Responsibilities to report and/or respond to Information Security incidents; 
    3. Incident response procedures;  
    4. Expectation of privacy;  
    5. Right to monitor;  
    6. Ownership and classification of data;   
    7. Personally owned devices; and   
    8. Virus and malicious code protection.
  3. Users will have their security awareness training not less than every two years or upon a change in their access to Local Agency IT resources and data. 
  4. As applicable, Users must be informed of updates and/or changes to County/Local Agency Information Technology Security Policies.
  5. Users must be provided periodic reminders that cover general security topics.
  6. Records of User security awareness training must be documented and maintained by the Local Agency Department Head/General Manager or Designee.

Back to top