INFIMA's Custom Training Policy - Insurance and Compliance
With more regulatory and compliance chatter, Partners and clients are finding plenty of use for INFIMA’s custom Training Policies, so it’s only right we give you a breakdown of how they’re put together - and why they’re so effective.
If you’re a Partner or client of INFIMA, your Policy is included and right there for you in the dashboard.
Now, if you’re running a security awareness training program there’s a good chance you spent some time researching before you decided on a provider.
Might I ask you…
How simple did you find that research?
How long did it take you to nail down exactly what training courses you need to give your team? How about determining how often it has to be delivered to hit your targets?
It was a nightmare, right?!
“What security awareness training do I need to provide?” is a tricky question to answer, for any organization.
Because nobody tells you! Your regulators require it; your cyber insurer won't cover you without it.
Industry to industry, sector to sector, compliance bodies make cryptic, confusing references to providing security awareness training, but nowhere do they tell you exactly how to tick that box.
Talk about frustrating!
We love you, so we set out to make training requirements clear, ensuring you know exactly what you need to do.
You can’t deliver an effective program without a methodology, at least not if you want to see results. And you can't claim to be “compliant” if you’re not clear on the rules you’re supposed to be following!
That’s where INFIMA’s Training Policy comes in.
WE make sure you're training who, what, and when you need to be to maintain compliance with your Policy.
Here, let’s take a made-up example…
Acme Insurance Co. deals with patients’ medical records routinely…
So that puts them squarely in the territory of HIPAA regulations.
Now, Acme Health is a forward-thinking organization that wants to do right by their staff, and their business.
So they look up the HIPAA requirements for Security Awareness Training.
And what does HIPAA say?...
“A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information ... as necessary and appropriate for the members of the workforce to carry out their functions…
...A covered entity must document that the training … has been provided...
Implement a security awareness and training program for all members of its workforce (including management)”
Let’s translate that quickly, with a focus on Security Awareness Training…
“An organization covered by HIPAA must implement a Security Awareness Training Program, as necessary and appropriate for staff to carry out their functions. They must also document that training and delivery.”
Sounds great, right?
Now look for the details you need to make good on that.
What counts as “necessary and appropriate”?
Does that mean staff who work at a computer all day should train more than staff who use them less?
Is some training content more, or less necessary for different departments?
What should be documented?
You can see how this gets pretty confusing, right?!
Now, INFIMA comes on the scene [cue applause]
INFIMA issues the CIO with a Security Awareness Training Policy, built for Acme Health Co.
The policy lays out what training will be provided, how often it will be delivered, who will receive the training and when it’s going to happen.
In addition, INFIMA adds consistent “phish-testing” as a way to monitor training efficacy over time. It also serves to highlight your riskiest users - and we take care of that remediation, too.
Training is delivered exactly as outlined in the policy.
All ACME Health Co. has to do is let their people know there will be training course invites arriving periodically in their inbox. Each one only takes 10 minutes to complete - no excuses!
Reports for INFIMA’s platform are sent directly to the CIO (or their chosen training coordinator), and the training program runs itself - all in line with their Security Awareness Training Policy.
All training documented as it’s implemented?
Check.
Training delivered in line with INFIMA’s research into behavioral psychology and optimized for retention… as “necessary and appropriate”?
Check.
Training delivery that complies with your Security Awareness Training Policy?
Check.
And the best thing for Acme Health Co?
Training delivery is zero-touch.
That means the only time they dedicate is checking out periodic progress reports.
Time-saving, money-saving, sanity-saving security awareness training…
That’s one less thing to worry about.
And it’s not just healthcare...
INFIMA delivers security awareness training built around the needs of any industry, making sure your training is delivered in line with policy.
And these custom policies are part of the package for every INFIMA client!
Let INFIMA take the worry out of your Security Awareness Training.
Partners can get in touch with us today, and see how easy INFIMA makes it to get your team training on policy.
Disclaimer: As you may have noticed, we aren't attorneys, so we do not offer any of the above as legal advice. We're here to empower your Security Awareness Training program! Please seek out counsel for specific compliance-related questions.