Cybersecurity Training Deadline and Compliance

June 22, 2020 • Keith McLemore

Cybersecurity Training Deadline and Compliance

All local government employees—anyone who has access to a local government computer system or database and elected officials—were required to complete a cybersecurity training program by June 14, 2020.

This training must be certified by the Texas Department of Information Resources (DIR) or provided by the dedicated information resource cybersecurity officer employed by the district. A district utilizing its information resource cybersecurity officer must file an exemption form with DIR as required by law.

Covered entities were required to certify their training compliance by the following day (June 15) via this form. This is the only mechanism for the DIR to monitor compliance with the law. Entities must also conduct periodic audits to ensure compliance with the law.

Local governments can track their compliance in any method they choose and are not required to submit training records, employee certificates of completion, or audit records to the DIR. However, verification of training should be documented and retained.

Ensuring compliance

According to the DIR, the June 14, 2020 deadline applied to anyone hired as of the effective date of the law (June 14, 2019). Employees hired after the effective date are required to complete the training any time before their work anniversary.

If an employee has not completed the required training, the employer should first confirm the individual’s hire date to determine the applicable deadline. Anyone employed on or before June 14, 2019, should be required to complete the training as soon as possible.

Many school districts required employees to complete the training during the COVID-19 closures while they were idle and receiving pay. An employee who didn’t complete the training during this time can be required to complete the training over the summer months.

If the individual is a 10-month employee, the district is obligated to pay the employee for the training time occurring outside the work calendar for which their salary is intended to cover. The employer is not obligated to pay the employee’s regular rate of pay for the training time.

Additional resources

More information related to the required cybersecurity training can be found in Policies CQB and  DMA (LEGAL), Texas Government Code § 2054.5191(a-1), and the DIR website.

Keith McLemore is an HR and compensation consultant at TASB HR Services. Send Keith an email at

Stay up to date with all the latest HR news and trends by joining the HRX mailing list!

Subscribe to HRX


Tagged: "HR training", "Professional development"