Subject: STANDARDS FOR SAFEGUARDING EMPLOYEE AND STUDENT
This regulation is
concerned with “safeguarding” all records containing nonpublic personal
information on an employee or student.
A) The Chief Technology Officer shall coordinate all aspects of the program and shall:
1) Identify current and foreseeable internal and external risks to the confidentiality, and integrity of employee and student information.
2) Assess the sufficiency of any safeguards in place to control identified risks.
3) Minimally, include the following in the assessment:
1) Employee Records
2) Student Records
3) Information systems and access
4) Detecting, preventing, and responding to intrusions or system failures
4) The safeguards developed will be tested and/or monitored for effectiveness.
5) Evaluate external service providers to assure they are capable of maintaining appropriate safeguards for information received or transmitted by Amberton.
6) Evaluate and adjust the ISP in light of any material change that could impact safeguards.
B) Program will be evaluated annually or more often as changes dictate.