ACER tracks the date on which a person complied with a particular acknowledgement or certification.

The following policy dictates how long a compliance is good for:

Terminology and Specifications

• Compliance item
  • An acknowledgement, certification or similar action which is tracked by ACER

  • Examples:

    Item
    University of Hawaii General Confidentiality Notice (GCN)
    UH Information Security Awareness Training Certification (ISAT)

• Comply
  • To successfully finish or pass a compliance item.
• Date of compliance
  
  • The most recent date (and time) on which a person complied with a particular item.
  • Other names we may use for this:
    • ack date
    • compliance date
• Compliance Period
  
  • A period always begins on an October 1st at 00:00:00, the Federal Fiscal Year demarcation, which is memorable and has minimal impact on key academic and fiscal business cycles.
  • A period always ends on a September 30 at 23:59:59.
  • A period can be one year long or several years long.

  • Each compliance item defines its own period length:

    Item	Period Length
    GCN	1 year
    ISAT	2 years

  • Every person observes the same periods regardless of their date of compliance.  There is no sliding window based on a person's date of compliance.

  • The periods are standardized for everyone by assuming that all periods began on October 1st, 2000:

    Period Length	Periods
    1 year	Simple one-year periods: 10/1/2000-9/30/2001 10/1/2001-9/30/2002 ... 10/1/2018-9/30/2019 10/1/2019-9/30/2020
    2 years	Two-year periods that always start and end on even-numbered years: 10/1/2000-9/30/2002 10/1/2002-9/30/2004 ... 10/1/2016-9/30/2018 10/1/2018-9/30/2020
    3 years	10/1/2000-9/30/2003 10/1/2003-9/30/2006 ... 10/1/2015-9/30/2018 10/1/2018-9/30/2021
    7 years	10/1/2000-9/30/2007 10/1/2007-9/30/2014 10/1/2014-9/30/2021

• Renewal window
  • The number of months ahead that a person can comply for a period.
    • We use months so that renewal windows always begin on the first day of a month.
    • Using days could lead to inconsistent renewal windows (60 days = renewal begins on August 2nd)
  • Complying during the renewal window means the person is complying with two periods (the current period that is about to end, and the upcoming period)

  • Each compliance item defines its own renewal window:

    Item	Renewal Window
    GCN	1 month
    ISAT	2 months

• Effective period
  
  • It spans the period(s) where a person is compliant for a given item
  • If the person complied inside the renewal window, the effective period spans two periods:
    • the period that applies to the date of compliance, and
    • the subsequent period.
  • If the person complied outside the renewal window, the effective period is simply
    
    • the period that applies to the date of compliance.

Data for developers

• The date that a person complied is recorded in the uhAcknowledgement LDAP attribute.
  • Note that the uhAcknowledgement value is not deleted when the compliance expires.
    • This gives us the flexibility to change the above compliance policy.
  • You should use uhReleasedGrouping as described below, but if you really need to read the date that a person complied, here's what you should know:
    
    • ISAT completion dates are sent as a batch to LDAP at 1:45 AM.
    • All other completion dates are sent live to LDAP.
• Applications should read uhReleasedGrouping to determine whether a person is GCN or ISAT compliant.
  
  • These values are updated once a day, around 2:45 AM.
  • Using these uhReleasedGrouping values is convenient and flexible because any change in policy is automatically reflected in them.