Which of the following does a user not need to be aware of regarding their organizations information security policy?