Why do I need Information Security and PCI training?

The scope of employee information security responsibility is increasing, becoming essential to sustaining and improving City services—and the preservation of City information resources. This training facilitates the City’s due care and diligence to meet several regulatory requirements and honor our custodial information security responsibilities.

I don’t use computers, why do I need to take this training?

Our number one defense against information theft and loss is you! Everyone is responsible for knowing and following our organization’s security policies and procedures.

When do I need to complete my training?

This module meets two requirements for the City, so there are two answers to this question:

1. If you process payment cards, then you must complete the training by 9/15/2018.
2. All other people must complete the training within the fiscal year, which ends on June 30^th each year.

How long will the training take?

The training is self-paced and can be completed within 40 minutes.

How do I take the training module?

The primary and preferred method is to use new CityLearner.

If you do not have access to CityLearner (example: contract employees), please contact Edith Brown in Information Security at x37059 or edith.brown@portlandoregon.gov.

I don’t have CityLearner access, how do I take the training?

If you do not have access to CityLearner (example: contract employees), please contact Edith Brown in Information Security at x37059 or edith.brown@portlandoregon.gov.

I don’t have access to a computer, how do I take the training?

If you do not have access to a computer (example: contract employees), please contact Edith Brown in Information Security at x37059 or edith.brown@portlandoregon.gov.

How does General Awareness help me in my job?

The scope of employee information security responsibility is increasing, becoming essential to sustaining and improving City services—and the preservation of City information resources.

What is PCI?

PCI stands for Payment Card Industry – Data Security Standard (PCI-DSS). All organizations that take payment with some form of credit card are required to have computer general awareness training.

Why combine general awareness and PCI into one training?

The PCI requirement for training is to have a General Security Awareness module. Since the goals of both PCI and our awareness effort are aligned, the training meets both requirements and is a good fit to produce only one training to rule them all. 

I don’t take payment cards (PCI), do I need to take the training?

Yes. General information Security Awareness is part of every job. 

“The scope of employee information security responsibility is increasing, becoming essential to sustaining and improving City services – and the preservation of City information resources…” -Serilda Summers-McGee

For more information please reference:

1. BHR Admin Rule 4.08 ß make this a link – newly simplified in 2018.
2. https://www.portlandoregon.gov/citycode/article/12209

I already have PCI training in my Bureau, do I need to take this training as well?

Yes. Employees in a bureau which has its own PCI training will continue with their bureau-specific PCI training for 2018 and will also have to complete the General Awareness + PCI training module by June 2019.