Cybersecurity, Privacy Awareness and Research Security courses
Required training for UCalgary faculty and staff
At UCalgary, we are committed to safeguarding our institution from cyberthreats, protecting the personal information of our community, and ensuring the security of our research assets. As part of this commitment, UCalgary will be offering annual required cybersecurity and privacy awareness training for all faculty and staff, and annual required research security training for faculty and staff who perform and/or support research, starting Oct. 1, 2024. Graduate assistants will be required to complete this training starting in January 2025.
UCalgary faculty and staff will receive automatic course registration emails and can also access the courses through learning.my.ucalgary.ca. Courses must be completed within a 45-day window.
As the cybercrime, privacy and research security landscapes rapidly evolve, faculty and staff will be required to complete refresher courses every year.
Required courses for all faculty and staff
Additional required courses for faculty and staff who perform and/or support research
The research security courses are intended to provide foundational knowledge of the importance of research security and practical steps that researchers can take to safeguard their work from unwanted access, theft and misuse. Completing these courses is a component of new research security requirements for certain Tri-Agency and Canada Foundation for Innovation grant applications.
Did you know students have access to a Privacy and Cybersecurity Awareness course on D2L? Learn More
General FAQs
You will receive an enrolment email with a link to your “My Learning” page in Enterprise Learning. From there, you can find all your courses. Or learn how to search for your courses manually.
We recommend using the following browsers: Edge, Chrome, or Safari.
Please do not use Firefox.
We recommend using the following browsers: Edge, Chrome, or Safari.
Please do not use Firefox.
Possibly. To manage system load effectively, registration emails are sent out in batches over a one-week period. If you haven’t received your registration emails on Oct. 1, please be patient.
For each course that you are enrolled in, you will receive an enrolment email. Each of these emails will contain information specific to that course. Depending on how long you take to complete the course, you may also get reminder emails, one for each course.
When your direct reports are enrolled in these courses, you will get an email with an attached spreadsheet. This spreadsheet will provide you with a summary of all your direct reports enrolled on a given day, and what courses they are enrolled in. You may also get reminder emails with a spreadsheet attached summarizing who has yet to complete their training.
The length of each course will depend on individual learners, but the approximate length for each is 30 minutes.
No. You can independently choose when to complete each course, depending on your schedule, so long as they are all completed within the 45-day window.
Yes. Once you have started a course, you can exit at any point and finish it later. When you log back in to Enterprise Learning, navigate to the course and launch it again; a pop-up window* will appear giving you the option to resume where you left off. Learn how to search for your courses.
*Please note: You will need to ensure your browser has pop-ups allowed for the Enterprise Learning site. In some cases, when you try re-launching a course, a pop-up will appear asking if you want to pick up where you left off. If pop-ups are disabled, you won’t see this option and you will be placed back at the beginning of the course.
Both courses will empower you to make informed decisions about cybersecurity and privacy.
The Introduction to Cybersecurity course will improve your ability to protect personal and sensitive information from various cyberthreats.
Privacy Awareness will remind you about best practices to ensure compliance with privacy regulations.
Training is required annually. The initial training is meant to cover key information to ensure foundational awareness on critical topics. Subsequent years will have refresher courses on key topics that reflect the current cybersecurity, privacy and research security landscape.
Only the Introduction to Research Security (UIT_002) and Cyber Security for Researchers (UIT_003) courses completed after January 1, 2024 will be counted for credit towards Introduction to Research Security (RS_010) and Cybersecurity for Researchers (RS_020), respectively.
Cyber Security IT - Introduction to Phishing will not count for credit towards Introduction to Cybersecurity.
FOIP General Awareness will not count for credit towards Privacy Awareness.
All UCalgary faculty and staff are required to take privacy and cybersecurity training offered by the university as these courses provide UCalgary specific details.
No. Faculty and staff are already expected to comply with requirements under the university’s existing cybersecurity, privacy, and research security policies and procedures. This training is meant to help you better understand what those obligations are, and how to fulfill them.
The Enterprise Learning system will automatically record your completion status of the courses.
This initiative is focused on UCalgary faculty and staff and there is no requirement for contractors or general associates to complete the training at this time.
Graduate assistants will be required to complete the training starting in January 2025.
Research Security FAQs
Staff working in a research support capacity are essential to the security and success of the broader research enterprise. This training will help staff identify risks and support research security compliance requirements.
The required training provides researchers with information on potential risks to their research and knowledge of basic steps they can take to protect against these risks. It is in your own best interest and the interest of the broader academic community that you gain an understanding of why you should safeguard your research and how you can take practical steps to do so.
The National Security Guidelines on Research Partnerships require that individuals applying for Tri-Agency (CIHR, NSERC and SSHRC) or CFI grant programs involving one or more private sector partner include a risk mitigation plan as part of their funding application. Taking the Introduction to Research Security and Cybersecurity for Researchers courses is a risk mitigation measure and a necessary component of your grant application to be considered for federal funding.
Once you have completed the course, you will receive a certificate of completion. Please download and save a copy of the certificate as a record of your successful course completion.
The required research security courses, Introduction to Research Security and Cybersecurity for Researchers, were developed by the Government of Canada and are intended to be foundational training. Future annual refresher training to be developed by UCalgary will provide brief reviews and updates on key topics in research security and cybersecurity.
We welcome your feedback on the research security courses to help us ensure that the training is a positive and useful learning experience. You can send your feedback directly to the Research Security Division via email to researchsecurity@ucalgary.ca.
Reports-to-Manager FAQs
When your direct reports are enrolled in these courses, you will get an email with an attached spreadsheet. This spreadsheet will provide you with a summary of all your direct reports enrolled on a given day, and what courses they are enrolled in. You may also get reminder emails with a spreadsheet attached summarizing who has yet to complete their training.
The ELM system assigns the required training to individuals by their job code. It is possible that the ELM system did not auto-enrol the individual into the training because the individual is not required to complete the training. If you’ve checked the up-to-date list of your direct reports under “Team Learning” in “Manager Self Service” on ELM and there is incorrect or missing information, please contact UService for assistance.
Within ELM: There are some cases where an individual is no longer with the university, but still appears to be active in ELM. This issue is being addressed, but it will take some time to update the system. In these cases, you should contact UService to confirm the employee does not have an active job record. If there is no active job record, they can ignore any reminders they receive about training for this individual. If there is an active job record, you may wish to consider submitting termination forms for the individual.
Incorrect reports-to-managers/department information: Managers with incorrect reports-to or department information should contact UService for assistance.
You can find an up-to-date list of your reports and their course completion status by logging into learning.my.ucalgary.ca.
Under Manager Self Service, go to Team Learning to view a list of your direct reports, which courses they are enrolled in and the course completion status. A status of “Enrolled” means they have not yet started the course. “In-Progress” indicates that they have begun, but not yet completed the course, and “Completed” means they have met all the course’s requirements and are done.
To find the course due date for your direct report, click on the course title beside their name and, on the next screen, click “Search” without changing anything. You will then see the due date near the bottom of the page, under the “Class Syllabus” heading.
For more information, please review “View your team’s learning.”
- Communicate clearly and early: set expectations around the training requirements, deadlines, and importance.
- Prioritize learning: ensure that direct reports have sufficient time to complete the training during regular working hours.
- Integrate into daily work: help staff understand how the training relates to their specific roles and responsibilities.
- Monitor progress and offer support: keep on top of the notification emails about direct reports who have not completed training. Remind staff about the required training during team meetings and offer 1:1 encouragement, if needed.
The Enterprise Learning system will automatically record completion status of the courses.
At the request of the SLT member, reporting about completion status of individuals within a department ID can be generated.
Deans, department heads, and reports-to-managers are responsible for ensuring that the faculty and staff who report to them complete this process.
As a first step, you should arrange a 1:1 discussion with the faculty/staff member to determine the root of the refusal. If a solution is not identified and escalation is required, you should engage your HR Partner for advice and support.
Faculty and staff are not required to complete the training while on leave. They will receive auto-enrolment emails during their leave and should complete the training when they have returned to work.
More technical and troubleshooting questions and answers can be found in the IT Knowledge Base.