We recommend Cybersecurity and Privacy Operations Center management update existing policies and procedures to include repercussions when an individual does not complete their required role-based security training in the designed 45-day time frame.