Cybersecurity Awareness Training Program

Section 5 of the policy discussed non-compliance and states that ITS will cut off access to university systems pending completion of training. I recognize that ITS needs to have some compliance “sticks” (although one could argue carrots are better), but here are some concerns I have:

• What if an employee is on FMLA or other approved leave (NIA, etc.) and is not checking their work email (since they should not do so while on FMLA)? 
• What if the employee's supervisor is on FMLA and can't request an extension?
• Can ITS provide notice to supervisors that within 5-7 days of employees that need to complete training before they lose access? This way supervisors can work with employees to become compliant.
• The policy says that once training is complete that access is “automatically” restored. What does “automatically” mean? Does it mean within minutes? Or does it mean that the supervisor/employee doesn't have do anything? Or both? 
• How does a supervisor request an extension and to whom?

This policy needs a procedures section to address the non-compliance and explain notification, requesting extension, and other questions raised.

Are there any exemptions or alternate requirements for part-time, seasonal, or adjunct employees who may have limited system access or irregular schedules. It’s not clear if the training timeline or access restrictions apply differently for these roles. 
Additionally, how are training deadlines handled in cases of extended leave, such as FMLA, medical leave, or sabbaticals? Is there a defined process for pausing compliance requirements in these situations?