Compliance and Ethics
Training
Page Content
Training represents a core component of USM's compliance program by providing the information necessary for individuals to understand the laws. Moreover, training promotes an organizational culture that fosters a commitment to compliance with the applicable laws. Within each submenu, you will find information about our training program.
- NEW COMPLIANCE TRAINING VENDOR- VECTOR SOLUTIONS
- USM's compliance vendor, Get Inclusive, has been purchased by Vector Solution.
- As of October 25th, the new Vector Solutions system will be online to replace the prior Get Inclusive system.
- The Vector Solutions system contains entirely new compliance courses.
- BIANNUAL TRAINING
- Training is required every two years.
- All employees must complete their biannual training by February 25, 2025 using the new Vector Solutions system.
- iTECH FACILITATED COURSES
-
- USM Cybersecurity Awareness Training
- General Data Protection Regulation (GDPR)
- Gramm-Leach-Bliley Act (GLBA)
- HIPAA
-
iTech will oversee the rollout of additional compliance courses provided by InfoSec. For questions about cybersecurity training, email infosecFREEMississippi.
-
REQUIRED VECTOR SOLUTIONS COMPLIANCE COURSES
FOR STAFF
- FERPA- (duration 20 minutes)- This course addresses training related to student education records subject to the Family Education Rights and Privacy Act, including, but limited to, rules regarding confidentiality and disclosure, the rights of students to access and inspect their own education records kept by the school. Read the policy in PolicyStat- https://usm.policystat.com/policy/token_access/5feaa979-e9c2-4e71-a884-ec2992baf7fd/
- Code of Ethical Conduct (duration-26 minutes)- This course provides a review of USM's Code of Ethical Conduct, including the three principles of ethical conduct (be honest, ethical and truthful; obey the law; and follow university procedures and policies), the four basic principles (Respect for Governance, Respect for Others, Respect for Information and Respect for Property), and overview of Conflict of Interest/Conflict of Commitment considerations and procedures for reporting illegal, unethical or concerning behaviors, . Read the policy in PolicyStat- https://usm.policystat.com/policy/token_access/92808c34-d466-4620-bb8a-696f4f963361/
- Alcohol and Drug Prevention Training-(duration 14 minutes)- This courses provides information as to the prevalence, impact, and signs of substance abuse as well as workplace policies along with information on support and resources. Read the policy in PolicyStat- https://usm.policystat.com/policy/token_access/12672125-a6bc-474e-a9f9-04dd7af99264/
- Building Supportive Communities: Clery Act and Title IX- (duration-60 minutes)- This course examines the issues of sexual harassment, including sexual assault, relationship violence and stalking in higher education as well as reviewing Clery Act reporting responsibilities. Read the Title IX Policy in PolicyStat- https://usm.policystat.com/policy/token_access/417dff9b-c5c0-49a9-8683-a50682dc02e2/
FOR STUDENTS
- Alcohol EDU Ongoing Education- (duration 65 minutes)- This course educates incoming first-year students on alcohol and other drugs, as well as bystander intervention training. This course also provides differentiated learning paths for students based on their drinking experiences, including dedicated learning paths for non-drinkers and students in recovery. Read USM's Alcohol and Drug Policy- https://usm.policystat.com/policy/token_access/12672125-a6bc-474e-a9f9-04dd7af99264/
- Sexual Assault Prevention for Undergraduates- (duration 75 minutes)- This course provides learners the knowledge to recognize sexual assault and harassment behavior, identify healthy and unhealthy relationship practices, practice skills to navigate consent-focused conversations, and safely engage in bystander intervention. Read the Title IX policy at https://usm.policystat.com/policy/token_access/417dff9b-c5c0-49a9-8683-a50682dc02e2/
- Use the appropriate link below to access USM compliance courses through the Vector
platforms.
- There are two separate platforms: one for students and one for faculty and staff
- Use the following credentials to log in:
-
Username: Your email address (example-jennifer.lewisFREEMississippi)
Password: The first five characters of your username, all lowercase (example- jenni)
-
- COURSES ON OTHER SYSTEMS
- InfoTech system- email infosecFREEMississippi
- USM Cybersecurity Awareness Training-
- General Data Protection Regulation (GDPR)
- Gramm-Leach-Bliley Act (GLBA)-
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry (PCI) Awareness Training (duration 21:43 minutes)- This module details the training, policies and procedures required for Payment Card Industry Security Standard (PCI-DSS) compliance for handling branded credit cards from major vendors.
- CITI Training-for information on CITI training requirements see the Office of Research Integrity CITI Training Requirements page- https://www.usm.edu/research-integrity/citi-training-requirements.php
- InfoTech system- email infosecFREEMississippi
- USM reserves the right to add additional courses based on the needs of the institution.
- COURSE DISCLOSURES
- The courses listed below have specific course disclosures that apply to them. Please review the disclosure applicable to the course that you have been assigned.
- TITLE IX COURSE DISCLOSURES
Sensitive Nature of Training - Disclosure- The two Title IX Courses-
- Sexual Assault Prevention for Undergraduates (Student course)
- Building Supportive Communities: Clery Act and Title IX (Faculty and Staff course)
- The contents of the Title IX training course contain some sensitive material involving sexual violence prevention.
- If you need sexual violence survivor's support during the training, contact one of
the following:
-
- The Student Counseling Center at 601-266-4829
- The Shafer Center for Crisis Intervention at 601-264-7777
- For additional information about Title IX, view the Title IX website at https://www.usm.edu/title-ix/ or email titleixFREEMississippi
-
- The two Title IX Courses-
- REQUIRED COURSES - Full and part-time Faculty and staff and benefit eligible adjuncts as well as affiliates are
required to complete the following courses biennially or every two (2) years:
- FERPA- (duration -20 minutes)- This course addresses training related to student education records subject to the Family Education Rights and Privacy Act, including, but limited to, rules regarding confidentiality and disclosure, the rights of students to access and inspect their own education records kept by the school. Read the policy in PolicyStat- https://usm.policystat.com/policy/token_access/5feaa979-e9c2-4e71-a884-ec2992baf7fd/
- Code of Ethical Conduct (duration-26 minutes)- This course provides a review of USM's Code of Ethical Conduct, including the three principles of ethical conduct (be honest, ethical and truthful; obey the law; and follow university procedures and policies), the four basic principles (Respect for Governance, Respect for Others, Respect for Information and Respect for Property), and overview of Conflict of Interest/Conflict of Commitment considerations and procedures for reporting illegal, unethical or concerning behaviors, . Read the policy in PolicyStat- https://usm.policystat.com/policy/token_access/92808c34-d466-4620-bb8a-696f4f963361/
- Alcohol and Drug Prevention Training-(duration 14 minutes)- This courses provides information as to the prevalence, impact, and signs of substance abuse as well as workplace policies along with information on support and resources. Read the policy in PolicyStat- https://usm.policystat.com/policy/token_access/12672125-a6bc-474e-a9f9-04dd7af99264/
- Building Supportive Communities: Clery Act and Title IX- (duration-60 minutes)- This course examines the issues of sexual harassment, including sexual assault, relationship violence and stalking in higher education as well as reviewing Clery Act reporting responsibilities. Read the Title IX Policy in PolicyStat- https://usm.policystat.com/policy/token_access/417dff9b-c5c0-49a9-8683-a50682dc02e2/
-
- USM Cybersecurity Awareness Training-(duration 14 minutes) (provided by iTech)- email infosecFREEMississippi%20for additional information. [iTech determines the frequency of this training].
COURSES REQUIRED OF SPECIFIC GROUPS OF FACULTY AND/OR STAFF
- ON DEMAND COURSES ROLE-BASED COURSES - Faculty, staff, benefit eligible adjuncts and affiliates serving in certain roles
may be required to complete one or more of the following courses:
- Bloodborne Pathogens - (duration 35 minutes)-Course details how to protect yourself and others and appropriate handling procedures.
- Child Abuse Prevention courses: (for those working at USM camps or at camps at USM
properties who are defined in the Minors on Campus policy as Authorized Adult/Program
Staff Members)- both of these courses must be completed annually and are available
for assignment by filing out the form- https://usmforms.formstack.com/forms/child_abuse_compliance_course_access (Email complianceFREEMississippi with questions)
- Preventing Youth: Abuse and Neglect-(duration 90 minutes)- Recognize the signs of child abuse and neglect and understand reporting requirements. Review the Minors on Campus policy at https://usm.policystat.com/policy/token_access/51f31613-f050-4f72-b1ea-1c5b648f9325/
- Minors on Campus-(duration 35 minutes)- This course reviews the consequences of child abuse, reviews the definition of child abuse in Mississippi, distinguishes between the types of child abuse and their indicators/signs, explains your reporting obligations, indicates who to contact about suspected abuse, and explains how the USM Minors on Campus policy functions to protect minors.
- Clery Act Course- (automatically assigned to those that function as Campus Security Authorities) - This course reviews the history and purpose of the Clery Act, explains the roles and responsibilities of campus authorities (CSAs), describes the Clery Act requirements for higher education institutions, discusses procedures for receiving and reporting information on crimes subject to Clery reporting, and provides an overview on bystander intervention. [This course must be completed annually.]
- Gramm Leach Bliley (GLBA) (duration- approximately 15 minutes) (provided by iTech in the InfoSec system)- The Gramm Leach Bliley Act (GLBA) is a comprehensive, federal law affecting institutions including higher education institutions. Per the requirements of the law, institutions that handle financial information must develop, implement and maintain administrative, technical and physical safeguards to protect the security, integrity and confidentiality of customer information. [By law, this training must be completed annually annual for those in roles that involve dealing with confidential financial information. This training is required per the Safeguards Rule, 16 CFR 314.4. The training requirement is expounded upon in the interagency guidance that recommends the training provided be aimed at assisting staff in "recogniz[ing] and respond[ing] to schemes to commit fraud or identity theft." Moreover, the guidance notes that training should indicate to staff how to dispose of customer information properly and provide computer security training for those who oversee the "building" or maintenance of "computer systems".] To review the interagency guidance, go to http://www.federalreserve.gov/bankinforeg/interagencyguidelines.htm. For additional information email infosecFREEMississippi
- Health Information Portability and Accountability Act (HIPAA) - (duration 32- minutes) (provided by iTech in the InfoSec system)- These course modules review portability in terms of ensuring that individuals maintain healthcare coverage and benefits when they switch jobs or leave the workforce and reviews accountability in terms of protecting individual's healthcare information and medical records from fraud, theft, and misuse as well as ensuring access to properly requested health information.
- Payment Card Industry (PCI) Awareness Training (duration 21:43 minutes- provided by iTech on the InfoSec system)- This module details the training, policies and procedures required for Payment Card Industry Security Standard (PCI-DSS) compliance for handling branded credit cards from major vendors.
If any law (either Federal or State) or if an institutional policy needs to be communicated, The University of Southern Mississippi may elect to use an online system to educate the entire Campus community or any group within the community as a whole. A variety of federal laws affect how the University must handle certain matters and indicate what information needs to be distributed to the campus community as a whole.
ALCOHOL AND DRUG TRAINING
Required pursuant to the Drug-Free Schools and Communities Act (as articulated in the Education Department General Administrative Regulations (EDGAR) Part 86.1 of the Drug-Free Schools and Campuses Regulations requiring Institutions of Higher Education who are receiving Federal Funds or Financial assistance to develop and implement a program to prevent the unlawful possession, use, or distribution of illicit drugs and alcohol by students and employees.
BLOODBORNE PATHOGENS TRAINING
Pursuant to OSHA, all employees who have the potential to be occupationally exposed
to blood or other infectious materials (OPIM) are subject to the training requirements
known as the OSHA Bloodborne Pathogens Standard. Read more about the OSHA Bloodborne
Pathogens Standard- https://www.osha.gov/laws-regs/regulations/standardnumber/1910/1910.1030
CLERY ACT TRAINING
In support of compliance with The Jeanne Clery Disclosure of Campus Security Policy
and Campus Crime Statistics Act ("Clery Act"), campus security authorities (CSAs)
are provided training aimed at ensuring that CSAs understand their responsibilities,
including, but not limited to, how to report incidents.
CYBERSECURITY TRAINING
Each of the laws below requires cybersecurity training:
Gramm-Leach Bliley Act (GLBA) applies to universities who act as financial institutions by taking payments and
therefore are required to implement safeguards to protect consumer information. The
Act requires personnel to be provided with updated security awareness training as
necessary to reflect risks identified by a risk assessment.
Health Insurance Portability and Accountability Act (HIPAA)
The Act applies to organizations creating, receiving, storing and transmitting "Protected
Health Information). Organizations are required to implement a security awareness
and training program for all members of the workforce (including management) and must
do so on an ongoing basis.
Payment Care Industry Data Security Standard (PCI DSS)
As an organization accepting credit cards, the University must comply with the requirements
including the requirement to mandate cybersecurity awareness training that makes all
personnel aware of the cardholder data security policy and procedures.
FISMA, FedRAMP, DFARS and CMMC
Any organization supplying goods or services to a federal agency is required to implement
a cybersecurity awareness training program.
The General Data Protection Regulation (GDPR)
Applies to data that is stored or transmitted in the European Economic Union. Under
Article 39 of the GDPR, the Data Protection Officer is tasked with "awareness raising
and training of staff involved in the processing operations." Article 43 of GDPR also
quires data protection training is required for those with permanent or regular access
to personal data.
SECTION 25-53-201, MISSISSIPPI CODE OF 1972-establishes an Enterprise Security Program for coordinating oversight of cybersecurity across state agencies. State agency directors or agency heads are required to develop a security program a component of which requires training as part of an overall cybersecurity program, as is best practice for a cohesive program aimed at avoidance of potential threats through cybersecurity awareness.
Questions: For questions, email infosecFREEMississippi.
The Family Educational Rights and Privacy Act (FERPA)
Compliance with FERPA requires an in-depth understanding of how to protect student records from unauthorized disclosure. Failure to comply with FERPA can have significant consequences on student privacy, institutional reputation and institutional federal financial aid eligibility.
Gramm Leach Bliley (GLBA)
Complying with the provisions of the Federal Trade Commission's safeguard rules that implement the applicable provisions of the GLBA requires safeguarding and confidentiality of customer financial information (covered data) along with other confidential financial information received (as well as held in the possession of) financial institutions such as banks and investment companies as well as institutions of higher education.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA requires institutions to implement training. More specifically, all workforce members must be trained on the organization's privacy policies and procedures, as "necessary and appropriate for them to carry out their functions." ( 45 C.F.R. § 164.530(b)) [https://www.hhs.gov/sites/default/files/privacysummary.pdf]
Payment Card Industry (PCI) Training
Universities handle cardholder data, including, but not limited to, accepting credit card payments for tuition, fees, and other services and as such are subject to The Payment Card Industry Data Security Standard (PCI DSS
Applicable PCI DSS Requirements-.
Requirement 12.6 mandates that organizations implement a security awareness program to educate employees on the importance of cardholder data security. Moreover, Requirement 12.6.3 requires that employees who handle cardholder data or sensitive account data must receive PCI training when hired and at least once a year thereafter.
Failing to comply with PCI standards may result in financial penalties and damage to a college or university's reputation.
Title IX Training
Required pursuant to Title IV of the Civil Rights Act of 1964 (42 U.S.C. § 2000c)
which prohibits public school districts and colleges from discriminating against students
on the basis of sex, among other bases.
Title IX of the Education Amendments of 1972 (Title IX), 20 U.S.C. §§ 1681 et seq., and its implementing regulations, 34 C.F.R. Part 106, prohibit discrimination on the basis of sex in education programs or activities operated by recipients of Federal financial assistance.
If any of the compliance course training content is not accessible using assistive technology, please email complianceFREEMississippi.
Should you have any questions or concerns, please email trainingFREEMississippi.
COURSE COMPLETION FREQUENCY:
Starting with the 2024 rollout of courses, courses will be completed biennially or every 2 years.