I each of these Agencies, at the highest level office, down to the Area Offices, there are a couple of positions.
An IT Security Officer
A Physical security Officer
It is their job to make sure that the managers in each department get all employees, including themselves, to take the training using the online training program that keeps track of it all. In the Department of the Interior, it is called DOI Learn.
If a name is not on the list as having taken it by the required date, this information is reported to the managers and these Security officers who are required to insists that they be taken.
If someone in Hillary’s position willfully refuses to take it, then they ultimately are to be removed from their position of trust until they take it and pass it.
The records are kept by the agencies. The mails to Hillary telling her she needed to take it, and then that she missed her dates, would be on her server...but that would be her copy. The people who sent it would have their copy on the agency server which should be easy to find and document.
I work in IT in the healthcare industry (always seem to end up at healthcare related companies!) Anyway, a previous employer in that industry required that we take HIPAA training, failure to do so was grounds for termination with no option to be rehired. But I guess having access to top government intel as well as intel on other countries is not as important. I mean, clearly, the number 3 position in the US government is not as important as the number 15,235 position in some private sector company.... /sarc-off