§1267. Required training; cybersecurity
A.(1) The Department of State Civil Service shall institute, develop, conduct, and
otherwise provide for training programs designed to keep state agencies safe from
cyberattack. The programs shall be designed to focus on forming information security habits
and procedures that protect information resources and teach best practices for detecting,
assessing, reporting, and addressing information security threats. The department may make
the training available as an online course. The office of technology services shall provide
assistance to the Department of State Civil Service in the development of the training
program. The cost of instituting, developing, conducting, and otherwise providing
cybersecurity awareness training shall be paid in the manner established by R.S. 42:1383.
(2) The Department of State Civil Service shall make the education and training on
cybersecurity developed pursuant to Paragraph (1) of this Subsection available to agencies
within political subdivisions of the state at as minimal cost as possible to assist those
agencies in compliance with the provisions of this Section.
B.(1) Each state and local agency shall identify employees or elected officials who
have access to the agency's information technology assets and require those employees and
elected officials to complete cybersecurity training. Each new state and local agency official
or employee with access to the agency's information technology assets shall complete this
training within the first thirty days of initial service or employment with the agency.
(2) The agency head shall verify and report to the Department of State Civil Service
on the completion of cybersecurity training by agency employees. The agency head shall
periodically require an internal review to ensure compliance.
(3)(a) An agency shall require any contractor who has access to state or local
government information technology assets to complete cybersecurity training during the term
of the contract and during any renewal period.
(b) Completion of cybersecurity shall be included in the terms of a contract awarded
by a state or local government agency to a contractor who has access to its information
technology assets.
(c) The person who oversees contract management for the agency shall report each
such contractor's completion to the agency head and periodically review agency contracts to
ensure compliance.
(d) The agency head shall verify and report to the Department of State Civil Service
on the completion of cybersecurity training by each such contractor.
Acts 2020, No. 155, §1, eff. June 9, 2020; Acts 2020, 2nd Ex. Sess., No. 33, §1.