It is the policy of ANNA STAR to enhance the safety of its contracting assets from cyberattack by requiring all employees and contractors who have access to the company’s contracting Assets to complete cybersecurity awareness training prior to gaining and/or continuing to access such assets.
The purpose of this Policy is to: implement mandatory cybersecurity awareness training for all Employees and Contractors who have access to the company’s contracting Assets as required by ACT 225 of the 2024 Regular Session.
This Policy applies to: (1) All categories of company Employees are included whether employed full-time or part-time: Classified, Unclassified, Adjunct, Casual Wage, Fellows, Graduate Assistants, and Workers with access to company contracting Assets (2) Any Contractor who has access to the companies contracting Assets during the term of any contract and during any renewal period.
ANNA STAR , means any independent individual having a contract with the company to provide Personal Services (professional, personal, consulting, or social services) wherein the scope of any such personal services includes the Contractor having access to the company contracting Assets. Cybersecurity Awareness Training Course, means a cybersecurity course (on-line or in-person) that is adopted and used by ANNA STAR for employee and Contractor training and that, at minimum, meets the requirements of ACT 225 of the 2024 Muhammad Ilyas including designed to focus on forming information security habits and procedures that protect information resources and teach best practices for detecting, assessing, reporting, and addressing information security threats. Employee, means any member of the company ,workers, and graduate assistants with access to the company contracting Assets. Company contracting Assets, means any piece of software or hardware within an contracting environment; integral components of ANNA STAR organization's systems and network infrastructure; any and all company equipment owned by ANNA STAR , including (but not limited to) personal computers, servers, and communication equipment; computer software, firmware, middleware, servers, systems, networks, workstations, data communications lines, and all other company equipment, used by and under the control of ANNA STAR ; all technology, hardware, computers, servers, workstations, routers, switches, data communication lines, network and telecommunications equipment, Internet-related company infrastructure and other company equipment; and email systems.
A. Cybersecurity Awareness Training a. Employees i) New Employees: All new employees shall complete the cybersecurity awareness course no later than within the first thirty days of initial service or employment with ANNA STAR. ii) Continuing Employees. Any person currently employed by ANNA STAR as of Dec 16, 2023 must complete the cybersecurity awareness training annually by March 7 for Calendar Year 2024, workers and graduate Pupils are required to complete the training on their first day of work prior to engaging in any other activity. In all cases, the annual training shall be completed by December 31 of the then calendar year. iii) Noncompliance. Access to ANNA STAR’s company contracting Assets will be revoked for new and continuing employees if the course is not successfully completed by the respective deadlines. Failure to complete the training in a timely manner shall constitute grounds for disciplinary action including up to termination of employment. b) Contractors: i) Any Contractor who has access to ANNA STAR’s company contracting assets pursuant to a contract between such Contractor and ANNA STAR, shall be required to complete cybersecurity training during the term of the contract and during any renewal period. Access shall not be granted to any such Contractor prior to completion of the course. ii) Completion of cybersecurity shall be included in the terms of a contract let by ANNA STAR to a Contractor who has assess to ANNA STAR’s company contracting Assets. iii) Noncompliance. Access to ANNA STAR’s company contracting Assets will be revoked for Contractors if the course is not successfully completed by the respective deadlines. Failure to complete the training in a timely manner is considered a material breach of the contract term and constitute grounds for contract termination for cause for repeated failure to comply with this Policy. B. Cybersecurity Awareness Training Course: The course, at minimum, shall meet the requirements set forth in ACT 225, including content on informing security habits and best practices for detecting, assessing, reporting, and addressing information security threats. The course made available to state agencies by State Civil Service may be adopted for use at ANNA STAR. C. Reporting: The ANNA STAR President or designee will periodically verify that Cybersecurity Awareness training has been done and report Employee and Contractor course completions to the State Civil Service Director by March 7 of each year for the previous year. The initial reporting date is March 6, 2024, D. Procedure: i) New Employees a) The Director of Human Resources (or designee) will notify each new employee of the training requirement during the onboarding process and/or new employee orientation. b) The Director of company contracting (or designee) shall require proof of course completion prior to providing a new employee with access to the company’s company contracting System. ii) Continuing Employees: a) The Special Projects Officer will: • notify all employees of this Policy and the mandatory training requirement; • submit a completion report to the ANNA STAR President by March 15 for submission to the State Civil Service Director; and notify the Director of company contracting and immediate supervisor of the non-completers. iii) Contractors a) The Director of Purchasing will: • publish notice of the training requirement for Contractors on the Purchasing Department’s web page and other related documents (i.e., RFPs, ITBs, etc.); • include a new training requirement clause in all initial and renewal contracts with Contractors who have access to ANNA STAR’s company contracting Assets; • submit a completion report to the ANNA STAR President by March 15 for submission to the State Civil Service Director; and • notify the Director of company contracting and the contract monitor for the respective contract of the non-completers.
Riyadh, Jubail, Jeddah, Yanbu, Saudi Arabia
info@ana-grp.com
+966558490607