Skip to content

Cybersecurity and Privacy Substitute Training

All users who receive electronic access to Penn State Health/College of Medicine network resources are required, by law and by institutional policy, to receive cybersecurity and privacy training. Internal users who attend new employee orientation will complete the training during that process, and users with Penn State Health ePass IDs may be assigned training directly in COMPASS, the institutional learning management system.

The word "Compass," with the "o" stylized to look like a compass rose.This information is designed to provide users with general information and links related to the substitute training process as outlined in Penn State Health Policy CS-301 (Penn State Health ePass login required), which is to be used by those who cannot complete the training in the standard way. This may include clinical research sponsors/monitors, some contractors and others.

Those with questions about how to complete the required training and whether this substitute training process applies should consult with their immediate supervisor or sponsor.

Jump to topic


How to Complete the Mandatory Substitute Training

Registering for a COMPASS account Expand answer

Any monitors, sponsors or other external personnel must first create a COMPASS account.

At that link, the external person should provide the appropriate personal information (name, email address and password).

Once all fields are completed, users should click the “Log In” button.

Finding and completing the training Expand answer

Once logged in to Compass, in the Search field at the upper right, users should type “Cybersecurity.” Of the results, users should find “2021 Cybersecurity & Privacy Awareness Training – New Hire” and click on the course title.

Note that while this says “New Hire,” it is the approved training for external parties as well.

A screenshot shows a course description in Penn State College of Medicine/Penn State Health's COMPASS learning management system.

Users should then click “Launch” to begin the training.

A screenshot of the Cybersecurity and Privacy Training module shows a menu at left with various segments of the training to complete, the Penn State Health logo and the photo of a hospital building.

Once the training is completed, the system will record successful completion of the requirements and users will be presented with the ability to view a certificate. This should be printed and presented to the appropriate supervisor or sponsor upon request.

Disclaimer Expand answer

Those who access Penn State Health/College of Medicine systems will see and agree to the following disclaimer on login:

Use of this or any other Penn State Health interest computer system constitutes consent to monitoring at all times.

This is a Penn State Health computer system. All Penn State Health computer systems and related equipment are intended for the communication, transmission, processing, and storage of official Penn State Health or other authorized information only. All Penn State Health computer systems are subject to monitoring at all times to ensure proper functioning of equipment and systems including security devices and systems, to prevent unauthorized use and violations of statutes and security regulations, to deter criminal activity, and for other similar purposes. Any user of a Penn State Health computer system should be aware that any information placed in the system is subject to monitoring and is not subject to any expectation of privacy. If monitoring of this or any other Penn State Health computer system reveals possible evidence of violation of criminal statutes, this evidence and any other related information, including identification information about the user, may be provided to law enforcement officials. If monitoring of this or any other Penn State Health computer systems reveals violations of security regulations or unauthorized use, employees who violate security regulations or make unauthorized use of Penn State Health computer systems are subject to appropriate disciplinary action up to and including immediate termination.

For details Expand answer

For further information related to this training, email the Office of Cybersecurity and Privacy at