Complete Cybersecurity Training or you could lose access to systems!

UCSF will begin to limit or revoke access to systems for anyone whose Cybersecurity training has expired as of May 21, 2025.

In response to the increasing threat of cyberattacks, University of California President Dr. Michael Drake and the UC Regents issued a system-wide cybersecurity mandate. As part of this, all UC faculty and staff are required to complete annual cybersecurity training. UCSF has taken steps to streamline compliance, including more accurate reporting, to help achieve this 100% completion mandate.


Your vigilance helps keep UCSF resilient and secure!

Cybersecurity training is available to complete in the UC Learning Center.

What happens if you don’t complete training?

To protect our systems and data, UCSF will enforce the following steps for expired training:
  1. Reminder emails - You will receive notifications as your training nears expiration.
  2. Missed deadline - If you do not meet the training deadline, your MyAccess account will be disabled, blocking access to systems like BearBuy, HBS/MyTime, DocuSign and MyExpense.
  3. 30 days overdue - You’ll be required to change your Active Directory account password daily.
  4. 60 days overdue - Your Active Directory account will be disabled, effectively revoking access to all UCSF systems including email and Apex. To maintain patient care, an emergency process is in place to help those with revoked access.
Cybersecurity Training Noncompliance Systems Access Consequences FAQs

UC Learning Center Guidance