Part of implementation of the security policy may be realized by technical actions incorporated in information systems. A greater portion, however, depends on the decision and activities of the persons in charge and users in the organization. Thus to raise and maintain security consciousness, HiTRUST provides on-site training and education, designed based on the organization security policy so that all staffs, including the executives, recognize the importance of IT security, and understand and carry out the policy.

Education and training are important to protect information systems against unauthorized accesses, computer viruses, information leakage by insiders, attacks from the outside, etc.

As some organizations may require, HiTRUST could also design test to the staffs, ensuring they understand their organization's policies and procedures. The testing and training rosters will be provided to the organization as proof that CIO have not only drafted regulations for protecting information, but that he has trained each person, to guarantee that organization policies are fully understood.