Information Security Training Course

The security of client and internal information is critical for businesses. The consequences of information loss or theft are severe.

The loss or theft of commercially sensitive information may lead to lost revenues, damage to reputation, reduced consumer trust, and even affect a company's survival.

Failure to respect information security may lead to disciplinary measures, fines and even criminal prosecution under various laws.

Our Information Security Training Course helps employees understand information classification, data security, network security, access control to your offices, and prevent information loss or theft.

Request a Free Trial

Chevron Skillcast chevron graphic
Information Security Training Course

About this Course

Available as part of our Compliance Essentials Library and Global Compliance Library.

Learning objectives

This course will help your employees to:

  • Understand why information security is critical to our business
  • Recognise the consequences of data breaches
  • Learn how and why information is classified
  • Exercise caution when using the internet, emails and other electronic communications
  • Comply with Company procedures in relation to network access, portable media and devices, and physical security
  • Know how and when to report actual or suspected data breaches

Latest course updates

  • Course redesigned with a more modern feel
  • Full review conducted by an information security expert
  • Text & image updates throughout the course
  • 3 updated news stories to illustrate key information security issues
  • 6 updated activities & scenarios
  • Updated post-course assessment with 3 brand new questions added

Course Outline

Introduction

Why is information security important?

- Consequences of information security breaches
- What do you think?

Our information security policy

- What information is covered?

Information lifecycle

- Information classification
- You decide: Classifying information

Email security

- Best practice for using emails
- What do you think?
- Scenario: Alana's email

Information security on the move

- Best practice for securing information when travelling
- Scenario: On vacation
- Scenario: Corinna's trip
- Using portable media
- Portable media: What should you do?
- Scenario: Using portable media

Network access

- Access control: What should you do?
- Scenario: Jonathan's new job
- Password policy
- Password policy guidelines
- Scenario: Mark's event
- Best practice for accessing the internet
- Scenario: The suspected hack
- What are the risks of online meeting platforms?

Physical access

- Physical security measures
- What should you do?
- Scenario: Physical security

Preventing information security breaches

- Reporting breaches
- You decide: Report or not?
- Information security & the law

Summary

Affirmation

Assessment

Course Specifications

Structure

Structure

Approximately 45-minute long e-learning course followed by a 10-question assessment.

Audience

Audience

Suitable for all staff - examples and interactivities designed for staff at all levels. No previous knowledge or experience required.

Design

Design

SHARD-compliant, responsive display on all devices, accessibility on screen readers, visual design controlled via a client style sheet.

Fast track

FastTrack Option

Ability to offer optional test-out, whereby users can choose to skip the course content and complete the learning assignment simply by passing the assessment.

Compatibility

Compatibility

All Windows, Mac OSX, iOS, Android (Flash-free for mobile compatibility). AICC and SCORM 1.2-compliant, suitable for both hosted and deployed SCORM or AICC.

Tailoring

Tailoring

Fully customisable on Skillcast Portal CMS..

Translation

Translation

Pre-translated versions not available, but all text content can be exported for translation into all languages.

Localisation

Localisation

Based on UK legislation, but suitable for global audiences upon the removal of UK-specific references and translation as necessary.

Access Our Courses on Skillcast Plans

Our compliance training courses are available across Skillcast plans. Our plans cover businesses with small to large teams and offer a mix of tailored and off-the-shelf courses.

We have three plans available; simply choose the one that meets your needs below.

CoreCompliance

Skillcast CoreCompliance provides your own portal pre-loaded with the key compliance courses needed in your sector. It's the most comprehensive and cost-effective compliance training solution on the market for teams of up to 50 staff.

Prices start from £349 for 12 months.

Standard Plan

Skillcast Standard is a flexible plan for building your digital compliance portal. You start with our award-winning Learning Management System and select one or more course libraries to train your staff.

Later, you can add the Policy Hub for policy attestations, DSE self-assessment, Gifts and Hospitality register, and other features to streamline staff compliance.

Premium Plan

Skillcast Premium combines our innovative technology tools and features into one simple solution. The premium plan is designed for companies that want a fully featured, branded and managed portal to transform their staff compliance.

It enables you to create comprehensive user journeys to deliver learning and policies, obtain declarations and submissions, and consolidate data to achieve your compliance outcomes.

More on SMCR

In the United Kingdom, the Senior Managers and Certification Regime (SMCR) is designed to foster accountability among senior managers at financial services companies while elevating ethical and professional standards across the entire workforce.

The SMCR replaced the Approved Persons Regime (APR), which was previously applicable to key individuals in regulated entities. In the realm of insurance companies, this regime effectively superseded the Senior Insurance Managers Regime (SIMR), marking a significant shift in how financial services firms manage and hold their senior personnel accountable.

There are three key parts to the SMCR: Senior Managers Regime, Certified Persons Regime and Conduct Rules.

  • Senior Managers Regime
    This enforces a detailed and clear allocation of responsibilities between senior managers at each firm, with particular emphasis placed on key documents - 'Statements of Responsibilities' and 'Responsibilities Maps'. These help to record the distribution of responsibility to individual Senior Managers and to demonstrate to the regulators that there are no gaps or excessive overlaps. Always bear in mind that Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible".
  • Certification Regime
    This requires firms to check and confirm that employees performing roles relating to the firm's regulated activities are fit and proper, based on their qualifications, competence and personal characteristics. Once this has been confirmed, the firm needs to issue them with a certificate that must be renewed every year.
  • Conduct Rules
    This consists of a set of rules provided in the FCA's Code of Conduct Handbook (COCON) that covers all individuals:Senior Managers, Certified Persons and other employees.

How to comply with SMCR

1. Statement of Responsibilities - Set out the areas for which each Senior Manager is personally accountable
2. Responsibilities Map - This knits together the Statement of Responsibilities
3. Pre-approval for all Senior Managers - obtain this from the regulators before they carry out their roles
4. Duty of Responsibility - Ensure that Senior Managers understand their responsibilities and take reasonable steps to prevent regulatory breaches in their areas of responsibility
5. Identify all Certified Persons - These are all material risk takers
6. Fit and Proper Assessment - Of all Certified Persons, then re-assess on an annual basis
7. Training - Of all those who are subject to the Conduct Rules

SMCR Scope

SMCR rollout waves

The SMCR has been rolled out in three waves:

Wave 1: Banks, building societies, credit unions and large investment firms in March 2016 (updated July 2018)
Wave 2: Extended to insurance firms (those regulated by the FCA and PRA) in December 2018
Wave 3: The remaining financial services firms (otherwise known as 'solo-regulated firms' since they are regulated only by the FCA, not the FCA and PRA) came under the scope of this regime in December 2019.

SMCR categories

The third wave encompasses a wide variety of firms. To ensure that regulation is appropriate to their sizes and activities, the FCA has categorised them into three distinct groups:

Core: Firms that have to comply with the baseline requirements for solo-regulated firms
Limited scope: Firms that already had exemptions under the Approved Persons Regime, and are exempt from some requirements and require fewer senior management functions
Enhanced: Firms that have extra requirements - these are large, complex firms with potential impact on consumers or markets which warrant more attention from the FCA

SMCR & Duty of Responsibility

Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible". The FCA can take action against a Senior Manager (SM) where it can show that:

  • There was misconduct by the SM's firm,
  • At the time of the misconduct or during any part of it, the SM was responsible for the management of any of the firm's activities in relation to which the misconduct occurred, and the SM did not take such steps as a person in their position could reasonably have been expected to take to avoid the misconduct occurring or continuing.

The burden of proof for all these elements lies on the FCA. The SM does not need to show that they took reasonable steps - rather, it is for the FCA to prove that they did not. The defence against such action is if the senior manager can show that they took "the steps that are reasonable for a person in that position to take to prevent a regulatory breach from occurring".

Fitness and Propriety

The FCA must approve all senior managers, which assess whether they are fit and proper to perform the given function or responsibility.

Three key factors determine whether you are Fit and Proper:

  1. Honesty, integrity and reputation
  2. Competence and capability
  3. Financial soundness

When assessing a person's financial soundness, the FCA typically does not require a statement of the individual's assets or liabilities. Having limited financial means does not, by itself, impact the suitability of a person to perform a Senior Management Function (SMF).

When appointing a Senior Manager or Certified Person, firms must obtain regulatory references from all of their past employers from the past six years. This requirement also applies to the appointment of Non-Executive Directors (NEDs) who are not Senior Managers.

To meet this requirement, firms must keep records of disciplinary actions and fit and proper assessments for the past six years and avoid any agreements that would conflict with their disclosure obligations.

Want to learn more about SMCR?

This training aid is just one of 100+ free compliance training resources, including assessments, best practice guides, checklists, desk aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!

You can keep up to date with SMCR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, by subscribing to our FCA Compliance Bulletin.

Our SMCR Compliance roadmap will help you navigate the compliance landscape supported by a comprehensive library of SMCR Courses and a fully integrated SMCR 360 Compliance Toolkit to streamline, unify and automate your processes.

Finally, SkillcastConnect provides a unique opportunity to network with other compliance professionals in a vendor-free environment, as well as exclusive benefits, including access to our free online learning portal.

Try our courses for free...

Compliance Essentials Library is our best-selling comprehensive corporate training solution.

100+ e-learning and microlearning courses that help companies from SMEs to global corporates achieve compliance success.

Request a Free Trial

Chevron Skillcast chevron graphic
Compliance Essentials