Request invite
  • Home
  • /
  • Security Awareness and Training Policy

Security Awareness and Training Policy

Last Updated: August 18, 2025

1. Purpose

The purpose of this policy is to ensure all employees, contractors, and third-party partners of TheAgencyFounder are aware of their security responsibilities, receive appropriate training, and understand the importance of safeguarding Meta’s and our clients’ data. This policy also establishes role-based security training requirements in line with Meta’s TPA compliance standards.

2. Scope

This policy applies to:

  • All TheAgencyFounder employees (full-time, part-time, and interns).
  • Contractors, consultants, and third-party vendors with access to TheAgencyFounder systems, applications, or data.
  • Any party with access to Meta-provided information, platforms, or confidential data.

3. Policy Statement

TheAgencyFounder enforces a mandatory Security Awareness and Training Program that includes:

  1. General Security Awareness Training – All personnel must complete baseline training on cybersecurity threats, phishing prevention, password hygiene, and safe handling of data.

  2. Role-Based Security Training – Additional training tailored to the specific roles and responsibilities of employees (e.g., IT administrators, developers, operations, and marketing teams handling Meta data).

  3. Annual Refresher Training – All personnel must complete updated training at least once per year, or when significant security changes occur.

  4. Onboarding Training – All new hires must complete security awareness training before being granted system access.

  5. Specialized Compliance Training – For employees working on Meta-related projects, additional training modules will be provided to ensure compliance with Meta’s security and privacy requirements.

4. Roles and Responsibilities

  • Security Officer / Compliance Lead – Responsible for developing, maintaining, and delivering the training program, tracking completion, and reporting non-compliance.
  • Department Heads / Managers – Ensure team members complete assigned training and adhere to security protocols.
  • All Employees and Contractors – Must participate in required training, comply with security policies, and report any security incidents promptly.

5. Training Content Areas

  • Cybersecurity fundamentals and common threats (phishing, malware, ransomware).
  • Data protection, encryption, and handling of Meta-related data.
  • Password and access control best practices.
  • Incident reporting procedures.
  • Social engineering awareness.
  • Secure use of company devices and remote work guidelines.
  • Role-specific security protocols (e.g., developers handling secure coding practices).

6. Training Records & Compliance

  • All training completions will be recorded and stored for a minimum of 3 years.
  • Reports will be made available to Meta upon request as part of TPA compliance verification.
  • Failure to complete required training may result in disciplinary action, up to and including termination of employment or contract.

7. Review and Updates

This policy will be reviewed annually or upon major changes in technology, business processes, or Meta TPA requirements.