Mandatory Training FAQs

A comprehensive list of mandatory trainings for all roles, as well as other compliance trainings required based on job roles, can be found here external site (opens in a new window) .

Required trainings address priority issues across the entire UC enterprise. UCSF seeks to comply with all laws, rules and regulations that mandate relevant trainings. Additionally, being in compliance of all mandatory trainings is a UC Office of the President priority, with UCSF-specific compliance data being reviewed regularly by the UC Regents. To this end, the UC Regents have directed all campuses to focus on specific mandatory trainings that help educate all UC employees on important issues including cyber security, preventing harassment, supporting a diverse and equitable community, and addressing ethical issues like financial disclosures. Other required trainings not part of this project include those noted on the Learning & Development Compliance webpage external site (opens in a new window) and others that you may be notified separately about based on your position and/or job duties.

Completing these trainings is a responsibility that we all share as UC employees to maintain UCSF’s ethics-based environment and our community’s trust in UCSF as a public institution. The trainings are reviewed and updated periodically to remain relevant to current and ongoing issues and help with handling issues that can arise in day-to-day work and directly relate to our PRIDE Values of Professionalism, Respect, Integrity, Diversity and Excellence.

The mandatory trainings that are part of this compliance effort include:

• Preventing Harassment & Discrimination
• Ethics & Compliance Briefing
• Cybersecurity
• UCSF Foundations of Diversity, Equity and Inclusion.

More information on each of the mandatory trainings:

UC Preventing Harassment & Discrimination
(required every two years, mandated 2 hours for faculty and supervisors, approx. 1 hour for non-supervisors)

This course provides information about preventing and responding to sexual violence and sexual harassment and other forms of harassment and discrimination covered under UC policy, and what each of us can to do to make the UCSF campus culture safer for all. This course satisfies a California legal requirement. Learners who are survivors can request an alternative session with the UCSF CARE Advocate to satisfy this training requirement. There are no test out options for all other employees as they must complete one to two hours of training and review relevant materials. For additional information, please contact Office for the Prevention of Harassment and Discrimination (OPHD) external site (opens in a new window) .

Ethics & Compliance Briefing
(required every two years, approx. 30 - 60 min.)

Conveys important information about the UC disclosure requirements that apply to all employees and the specific disclosure requirements for researchers who accept extramural research funds. The requirement for all UC employees to complete one version of ethics training every two years is mandated by the UC Office of the President (UCOP) to satisfy federal agency requirements. UCOP generates the training content and there are no test out options as employees must review relevant materials and related policies to meet requirements. See additional information. 

Cyber Security
(required yearly, approx. 35min)

The UC Cybersecurity Awareness Fundamentals course fulfills UCSF’s learning requirements mandated by regulations, the UC System, and our Federal Funding Agency Agreements. It covers the most common cyber threats facing the University, workforce members, and students. The course is updated periodically to address a changing threat landscape and highlights minimizing risks to ourselves and the University from cyber threats. Test-out options are not available as employees must review current materials and related policies to meet requirements. Due to severe breaches that have harmed the University and many other institutions, the UC President is now requiring cybersecurity awareness training for 100 percent of all UC location employees, and UCSF will limit or revoke access to systems for anyone whose training has expired external site (opens in a new window) . UC policy and UCSF Policy require all employees to complete the training: UC BFB-IS-3: Electronic Information Security external site (opens in a new window) Section 5.2.3 | UCSF 650-16 Addendum A - UCSF Roles and Responsibilities for Securing Institutional Information and IT Resources external site (opens in a new window) Section on workforce member responsibilities. See additional information external site (opens in a new window) .

UCSF Foundations of Diversity, Equity and Inclusion
(required once, updated as relevant, approx. 1 hour)

This course introduces the UCSF community to foundational concepts of diversity, equity and inclusion and the common language to better understand why diversity is core to our work at UCSF. It serves an important first step in our collective effort to live our PRIDE Values external site (opens in a new window) and ensure that our Campus and Health system are free of bias, discrimination, and hate. UCSF Leadership requires all UCSF employees and learners to complete the Foundations of Diversity, Equity, and Inclusion (DEI) training one time. There are no test out options as employees and learners must review relevant materials. See additional information external site (opens in a new window) .

The UC Learning Center automatically sends reminders to employees when their training is due. The first notification is sent 30 days before a training is due. Trainings are overdue and expired when the due date has passed. If you are out of compliance, you will need to take your training(s) as soon as possible.

You can access the course via the UC Learning Center:

• Login to the UC Learning Center at: https://learning.ucsf.edu external site (opens in a new window) with your MyAccess credentials.
• Click on "Assigned Activities" in the "My Required Training" box.
• Click the "Start" button next to the course title to launch the training.

Relevant trainings are also linked directly on the Learning & Organization Development Compliance webpage external site (opens in a new window) . Clicking on the relevant training will take you to the UC Learning Center page to log in with your MyAccess credentials, then you will be taken directly to the training.

If you are taking a training on a mobile device, you will need to download the SumTotal Mobile application external site (opens in a new window) .

Once you take a training, it is tracked on your training transcript. You can view your training transcript in the UC Learning Center external site (opens in a new window) , or log into the UC Learning Center and locate the training transcript by:

• Once logged in, click on Self -> Reporting -> Training Transcript to see what you have completed, OR
• Once logged in, click on Development -> Training Analysis to see what is assigned to you.

It is recommended that you complete a training(s) in one sitting. However, if you need to exit and return to it, the program will remember where you left off. Completing the training within a few days or a week will help ensure no system access or log-in issues. You can reference the training’s Table of Contents for topics and number of sections being covered.

If you are experiencing issues logging into or viewing training record updates in the UC Learning Center, you can try our troubleshooting steps external site (opens in a new window) .

Please submit a support form ticket external site (opens in a new window) to the Learning & Organization Development's Learning Management System (LMS) team to correct any issues.

The UC Learning Center Knowledge Base external site (opens in a new window) has information around common solutions for problems.

If you are unable to access the UC Learning Center, please contact UCSF IT at 415-514-4100.

If you took your training(s) as required and are getting an out-of-compliance email/notification, please do not retake the training. Instead, submit a support form ticket external site (opens in a new window) to the Learning & Organization Development's Learning Management System team so that your training transcript may be reviewed.

If you took an equivalent training at another UC location, this can be counted toward your training requirements at UCSF. Please submit a support form ticket external site (opens in a new window) to the Learning & Organization Development's Learning Management System team, along with your certification of completion for the equivalent training. 

For information regarding equivalent training for the UC Cyber Security Awareness Fundamentals Course, please see the Cybersecurity and Cybersecurity Consequences FAQs in the next section on this page.

For other institutions, receiving training credit for a comparable training is evaluated on a case-by-case basis. Please submit a support form ticket external site (opens in a new window)  to the Learning & Organization Development's Learning Management System team with the institution name and training title that you believe is duplicative to help determine next steps.

Please review the Supervisor Guide for tips on how to best support your teams with their compliance efforts.

Employees: you may contact your supervisor if you need help with options or have issues taking trainings.

All members of the UCSF workforce including faculty/academics, staff, and learners at UCSF; UCSF Fresno; and UCSF Health, including Benioff Children’s Hospitals and Saint Francis and St. Mary’s Hospitals and affiliates.

To protect our systems and data, UCSF will enforce the following steps for expired training: 

1. Reminder emails - You will receive notifications as your training nears expiration. You may also check your status anytime in the UC Learning Center external site (opens in a new window) .
2. Missed deadline - If you do not meet the training deadline, your MyAccess account will be disabled, blocking access to systems like BearBuy, HBS/MyTime, DocuSign, and MyExpense.  You will only be able to access Learning Management System (LMS) training and UCPath from the MyAccess landing page external site (opens in a new window) . You will still retain access to critical systems like the LMS, email, APeX, and more.
3. 30 days overdue - You’ll be required to change your Active Directory account password daily.
4. 60 days overdue - Your Active Directory account will be disabled, effectively revoking access to all UCSF systems, including UCSF email and APex. To maintain patient care, an emergency process is in place to help those with revoked access. 

You can regain access by completing your assigned cyber awareness training. Once you have completed the training your access will be restored the following morning.

Additionally, you can contact the ServiceDesk external site (opens in a new window)  and they will restore your access for one day. You must complete your training that same day or your account will be disabled again.

Contact the ServiceDesk external site (opens in a new window) to restore your access. You must complete the training that same day or your account will be disabled the following morning at 8am.

If your access to MyAccess is restricted, the only systems and applications that will be available on MyAccess is the LMS training site and UCPath.

This means that your login credentials will be disabled. 

You will have to contact the ServiceDesk external site (opens in a new window) to restore your access to all UCSF applications and systems.  You must complete the required training the same day to avoid having your login credentials disabled again.

At UCSF, we understand that you may have access to other cybersecurity awareness training programs outside of the UC system. Good news — there’s a process in place if you'd like to have an outside course reviewed as a substitute for the required UC Cyber Security Awareness Fundamentals Course external site (opens in a new window) (available in UC Learn).

To request an evaluation of an alternate course:

Email: DataSecurityCompliance@ucsf.edu
Subject Line: Cybersecurity Awareness Training Course Evaluation Request

Include the following details in your email:

• The name of the organization offering the course
• The name of the course
• A contact person for the training provider

Once submitted, please allow 14–21 days for the review process. The Data Security Compliance Team will contact you with the results — letting you know if the course is approved to meet UCSF’s annual compliance requirements.

To view a list of all courses that have been evaluated for reciprocity (whether approved or not), along with each's compliance status, effective date, and expiration date, please see here external site (opens in a new window) . 

https://courses.learning.ucsf.edu/?eCourse=660813&system=learningCompliance external site (opens in a new window)

Our recommendation is to ensure that you are compliant in LMS for your cyber awareness training. UC Learning Center external site (opens in a new window)

All UC faculty and staff are required to complete annual cybersecurity training. There are some exceptions, such as those without salary, Emeritus, Volunteers, Clinical Volunteers, etc. 

Yes, Recall Faculty are required to take cyber awareness training.