Number: 140





     While Amberton University is not subject to the Gramm-Leach-Bliley Act (GLB Act, Nov. 12, 1999) because it is not “significantly engaged” in financial activities, the Administration of Amberton chooses to comply with the “Information Security Program” proposed by the Act because it supports the best interests of Amberton’s employees and students.


     This regulation is concerned with “safeguarding” all records containing nonpublic personal information on an employee or student.  Amberton University will maintain an “Information Security Program” (ISP) to assure compliance to its standards.


A)   The Chief Technology Officer shall coordinate all aspects of the program and shall:


     1)   Identify current and foreseeable internal and external risks to the confidentiality, and integrity of employee and student information.

     2)   Assess the sufficiency of any safeguards in place to control identified risks.

     3)   Minimally, include the following in the assessment:

          1)   Employee Records

          2)   Student Records

          3)   Information systems and access

          4)   Detecting, preventing, and responding to intrusions or system failures

     4)   The safeguards developed will be tested and/or monitored for effectiveness.

     5)   Evaluate external service providers to assure they are capable of maintaining appropriate safeguards for information received or transmitted by Amberton.

     6)   Evaluate and adjust the ISP in light of any material change that could impact safeguards.


B)   Program will be evaluated annually or more often as changes dictate.