All vendor personnel should undergo security training during orientation and receive ongoing security training throughout their tenure with the vendor. The vendor should establish best practices for recording the completion date of each security training for each employee that completes it and have a documented timetable for completion. The goal of the security training should be to raise awareness of potential security threats and provide information about processes and procedures that improve security posture and mitigates risks.

Rob Boschen
Rob Boschen, Vice President IT Operations & Security, Marathon Health