Information Security

STATEMENT OF POLICY

The College operates an ongoing Information Security Program (“ISP”) to safeguard the confidentiality, integrity, and availability of College records and the security of College information systems.

The College has designated the Vice President of Academic Affairs as its ISP Coordinator.

The ISP Coordinator(s) will oversee and coordinate with the appropriate personnel to do the following:

  • identify and assess external and internal risks to the security, confidentiality, and integrity of covered information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other mishandling of such information.
  • design and implement safeguards, as needed, to control the risks identified in assessments. These safeguards shall include technical measures and procedures for preventing, detecting, and responding to intrusions, misuse, and other system failures. These safeguards shall also include training of staff in proper handling of covered information. 
  • develop and incorporate requirements for service providers to implement and maintain appropriate safeguards for covered information. 
  • evaluate and adjust the ISP as needed.
The ISP documentation may incorporate by reference related policies and procedures that the College has implemented in the letter or spirit of federal and state information privacy and security laws and regulations, including but not limited to: FERPA, HIPAA, GLBA, FACT Act, and FTC regulations

DEFINITIONS

“Covered information” shall mean any record maintained by the College containing “nonpublic personal information” about a student or other third party who has a continuing relationship with the College, where such information is obtained in connection with the provision of a service or product by the College.

“Customers” shall mean students, employees, alumni, and any other third party engaged in a financial transaction with the College.

“Financial institution,” as defined in the GLBA, means any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including “making, acquiring, brokering, or servicing loans” and “collection agency services.”

“Information Technology (IT) Resources” shall mean all tangible and intangible computing and network assets provided by the College or by authorized third parties, regardless of whether those resources or assets are accessed from on-campus or off-campus locations or via devices. E.g., hardware, software, wired and wireless network and voice telecommunications assets and related bandwidth, desktop computers, tablets and phones, and printers.

“Privacy” shall mean a personal right that reflects an individual’s freedom from intrusion. Protecting privacy means ensuring that information about individuals is not disclosed to unauthorized parties without the individual’s consent.