Annual security awareness training must be completed by all personnel by August 31, 2025. The training modules cover phishing awareness, data handling procedures, and incident reporting protocols. Training can be accessed through the learning management system.