Information Security and Data Protection training course
Links and guidance for the University’s mandatory Information Security and Data Protection training course, which must be completed annually by all staff
Security enables our core mission of teaching and research
Every day, academics, researchers, staff and students at the University handle valuable information, from world-leading research and reading lists to personal data and payroll. Keeping this information secure is essential for protecting our people, our work, the systems we rely on, and for demonstrating our commitment to secure digital systems to partners and collaborators.
The University’s 50-minute, online Information Security and Data Protection training course is mandatory. It must be completed at least once a year by all staff using University systems. It has been designed to help you feel confident navigating today’s digital landscape safely and responsibly. From 1 June 2026, new measures have been introduced to support compliance across the University community. For further information, please refer to the recently updated Frequently Asked Questions (FAQs) below.
We are operating in an environment of increased cyber threats around the world, but simple actions such as recognising phishing emails, protecting passwords, handling sensitive data correctly, and reporting concerns quickly can make a big difference. The decisions you make online every day matter.
This training will help you:
- Understand your responsibilities around information security and data protection as good digital citizens at Oxford
- Recognise and respond to common cyber threats
- Protect University, research, student and personal information
- Work securely whether on campus, at home, or while travelling
- Build practical digital safety habits that are useful both professionally and personally
Why is this training so important?
Information security is not only about technology and being able to continue using the systems we rely on for research, teaching, learning and administration; it is about people.
The training was really useful for brushing up on info sec and data protection. It’s definitely helped me feel more confident about handling data safely and keeping in line with the legal bits.
Kaye Yeung, Internal Recruitment Consultant, Temporary Staffing Service
All staff have a responsibility to complete this Information Security and Data Protection training every 12 months to support the University's compliance with UK Data Protection legislation
This online course takes approximately 50 minutes to complete. It is delivered with MetaCompliance, the University's security awareness training provider. There is no fee for the course. There is a quiz at the end, which you are required to pass with a minimum score of 80% in order to receive the certificate which indicates course completion.
The content is broken down into the following sections:
- Introduction from Gill Aitken, University of Oxford Registrar
- Information classification
- Data protection
- Accessing and sharing information
- Working securely
- Phishing and malware
- Information rights
- Third-party services
- Reporting issues
- End of course quiz
Each section includes a short video, which you need to watch in full, and a communication slide to read. You must select 'next' on each section for it be marked as complete, and all sections must be marked as complete in order to finish the course. Unless you have received a certificate of completion at the end of the course, you are not considered to have completed the course.
You will need to log in using your University SSO (Oxford Single Sign-On), using multi-factor authentication (MFA). IT support with SSO and MFA can be found here.
Information Security Training is mandatory. Staff who do not complete the training may have their email access suspended until the training has been completed.
If you experience any problems or have questions about this course, please see our Frequently Asked Questions. If you still require support, please contact grc@infosec.ox.ac.uk who will be happy to help.
Please note: If you handle university data as part of your studies or have been asked to provide a certificate to your department as proof of completion of the information security training, you should complete the Information Security and Data Protection course for students, which is equivalent to the staff training. You are recommended to complete this every 12 months to ensure the University is compliant with UK Data Protection legislation.
Take the Information Security and Data Protection course for students
For all other students, we invite you to take the short course below, aimed at keeping you safe online at Oxford. It takes around 10 minutes to complete and consists of short videos about phishing and social media, the dangers of social networking and student scams.
There is also an interactive activity within the course which we are aware some people with accessibility issues may not be able to do, so we have also offered an accessible version of the course which replaces the interactive activity with a video which conveys the same information.
As a student at Oxford, it’s important you have the knowledge, life skills and resources to navigate the digital landscape securely and that you know how to play your part in protecting University systems. Understanding cyber security is not just a precaution, it's a necessity. You are not required to complete the student training course, but we would strongly encourage you to do so.
You will need to login using your SSO (Oxford Single Sign-On), with multi-factor authentication (MFA).
Please also visit the page for students for more information, resources, and practical steps towards a safer digital future.
If you have any problems or questions with the training course, please see our Frequently Asked Questions. If you still require support, please contact the University's central IT Service Desk who will be happy to help you.
How to keep safe online
How to keep safe online - Accessible version
If you are a member of staff who would like to review the student course, please contact Information Security to request participation in the Student Review Course.
Further information
Please read these answers to Frequently Asked Questions about the University's Information Security and Data Protection training course.
If you require further support, please contact grc@infosec.ox.ac.uk, whose advisers will be happy to help.
If you require access to data on who has and hasn't completed this training, on behalf of your department or college, please request access to the Compliance Report and Mandatory Training Action Summary using the Self-Service Training Data Reports suite below.
Please note that in the report, the latest version of the course is named 'Information Security and Data Protection Course'.
Once you have access: Use the step by step instructions to create your report
