| Authority/Reference(s) | |
|---|---|
| Revision Date | December 20, 2024 |
Policy
To mitigate cybersecurity threats and risks in state government contracting, DFPS requires that contractors, their subcontractors, officers, and employees who access any DFPS systems, networks, or resources complete cybersecurity training annually. Training is provided through Department of Information Resources (DIR).
For a newly executed contract, contractors must ensure all applicable personnel complete the required training in within 30 calendar days of the contract execution.
For any newly hired personnel, the contractor must ensure that the new hire completes the required training within 20 calendar days of their start date.
Contractors must complete and submit the certification of completion of training annually by the last business day in June.
To obtain a list of DIR certified trainings, visit the DIR Website.
DFPS staff augmentation contracted employees satisfy cybersecurity training requirements through training facilitated and administered by OIS.
Certification of Cybersecurity Training
Annually in June, contractors must complete and submit Form 4530 DFPS Cybersecurity Training Certification to attest that identified personnel and subcontractors who have access to any DFPS systems, networks, or resources received the required cybersecurity training by the time the certification is submitted.
Contractors are required to maintain documentation that includes:
- Individuals who are required to take the training.
- Documentation of the completed training.
- Name of the entity that performed the training.
- Title of the cybersecurity course.
The 4530 DFPS Cybersecurity Training Certification is submitted to the contract manager annually, by the last business day in June. The certification must be signed by the contractor's:
- Contract signatory, or designee; or
- Human resources director.