Is HR running your employee security training? Here’s why that’s not always the best idea

Posted on by

“Any large-scale change or training initiative needs collaboration to be successful,” Hughes says. “At RSA, the HR, IT, legal, and security teams all collaborate on our annual compliance training to make sure that our team has what they need to continue working safely.”

HR has skin in the game for employee onboarding, compliance, and adherence to company policies and practices, according to Hughes. But they need to work hand in hand with the experts in the IT, legal, and security teams to ensure that the security awareness and compliance issues that relate to legal matters and privacy are properly covered.”

“One best practice we’ve made use of is compartmentalizing our training to allow each department to go as deep as they need to: I’m not weighing in on HR policies because that’s not my superpower,” he says. “Likewise, the other department leaders aren’t defining security training. By keeping each module independent of one another, every team can focus on what they know best.”