IV.Definitions

Gensec Systems , means any independent individual having a contract with the company to provide Personal Services (professional, personal, consulting, or social services) wherein the scope of any such personal services includes the Contractor having access to the company contracting Assets. Cybersecurity Awareness Training Course, means a cybersecurity course (on-line or in-person) that is adopted and used by Gensec Systems for employee and Contractor training and that, at minimum, meets the requirements of ACT 225 of the 2024 Muhammad Ilyas including designed to focus on forming information security habits and procedures that protect information resources and teach best practices for detecting, assessing, reporting, and addressing information security threats. Employee, means any member of the company ,workers, and graduate assistants with access to the company contracting Assets. Company contracting Assets, means any piece of software or hardware within an contracting environment; integral components of Gensec Systems organization's systems and network infrastructure; any and all company equipment owned by Gensec Systems , including (but not limited to) personal computers, servers, and communication equipment; computer software, firmware, middleware, servers, systems, networks, workstations, data communications lines, and all other company equipment, used by and under the control of Gensec Systems ; all technology, hardware, computers, servers, workstations, routers, switches, data communication lines, network and telecommunications equipment, Internet-related company infrastructure and other company equipment; and email systems.

V. Policy Procedure

A. Cybersecurity Awareness Training a. Employees i) New Employees: All new employees shall complete the cybersecurity awareness course no later than within the first thirty days of initial service or employment with Gensec Systems. ii) Continuing Employees. Any person currently employed by Gensec Systems as of Dec 16, 2023 must complete the cybersecurity awareness training annually by March 7 for Calendar Year 2024, workers and graduate Pupils are required to complete the training on their first day of work prior to engaging in any other activity. In all cases, the annual training shall be completed by December 31 of the then calendar year. iii) Noncompliance. Access to Gensec Systems’s company contracting Assets will be revoked for new and continuing employees if the course is not successfully completed by the respective deadlines. Failure to complete the training in a timely manner shall constitute grounds for disciplinary action including up to termination of employment. b) Contractors: i) Any Contractor who has access to Gensec Systems’s company contracting assets pursuant to a contract between such Contractor and Gensec Systems, shall be required to complete cybersecurity training during the term of the contract and during any renewal period. Access shall not be granted to any such Contractor prior to completion of the course. ii) Completion of cybersecurity shall be included in the terms of a contract let by Gensec Systems to a Contractor who has assess to Gensec Systems’s company contracting Assets. iii) Noncompliance. Access to Gensec Systems’s company contracting Assets will be revoked for Contractors if the course is not successfully completed by the respective deadlines. Failure to complete the training in a timely manner is considered a material breach of the contract term and constitute grounds for contract termination for cause for repeated failure to comply with this Policy. B. Cybersecurity Awareness Training Course: The course, at minimum, shall meet the requirements set forth in ACT 225, including content on informing security habits and best practices for detecting, assessing, reporting, and addressing information security threats. The course made available to state agencies by State Civil Service may be adopted for use at Gensec Systems. C. Reporting: The Gensec Systems President or designee will periodically verify that Cybersecurity Awareness training has been done and report Employee and Contractor course completions to the State Civil Service Director by March 7 of each year for the previous year. The initial reporting date is March 6, 2024, D. Procedure: i) New Employees a) The Director of Human Resources (or designee) will notify each new employee of the training requirement during the onboarding process and/or new employee orientation. b) The Director of company contracting (or designee) shall require proof of course completion prior to providing a new employee with access to the company’s company contracting System. ii) Continuing Employees: a) The Special Projects Officer will: • notify all employees of this Policy and the mandatory training requirement; • submit a completion report to the Gensec Systems President by March 15 for submission to the State Civil Service Director; and notify the Director of company contracting and immediate supervisor of the non-completers. iii) Contractors a) The Director of Purchasing will: • publish notice of the training requirement for Contractors on the Purchasing Department’s web page and other related documents (i.e., RFPs, ITBs, etc.); • include a new training requirement clause in all initial and renewal contracts with Contractors who have access to Gensec Systems’s company contracting Assets; • submit a completion report to the Gensec Systems President by March 15 for submission to the State Civil Service Director; and • notify the Director of company contracting and the contract monitor for the respective contract of the non-completers.

VI.Policy Management

Responsive Executive: Vice President for Company Services and Workers Success Responsible Officers for Policy Management • Director of Human Resources – new employee onboarding and/or orientation • Director of company – course content • Director of Purchasing – contract clauses and contractor compliance • Special Projects Officer - training management

VIII. NA Exclusions

NA

IX. Effective Date

The effective date of this policy is the date it is adopted and signed by the President.