This policy summarizes Miami University’s comprehensive written information security program mandated by the Federal Trade Commission’s Safeguards Rule and the Gramm – Leach – Bliley Act (“GLBA”). This document describes how Miami University intends to (i) ensure the security and confidentiality of nonpublic financial records, (ii) protect against any anticipated threats or hazards to the security of such records, and (iii) protect against the unauthorized access or use of such records or information in ways that could result in substantial harm or inconvenience to customers. This information security program incorporates existing Miami University’s policies and procedures and is in addition to any institutional policies and procedures that may be required pursuant to other federal and state laws and regulations.
This policy applies to any record containing nonpublic financial information about a student or other third party who has a relationship with Miami University, whether in paper, electronic or other form, which is handled or maintained by or on behalf of the university or its affiliates. For these purposes, the term nonpublic financial information shall mean any information:
The Federal Trade Commission (FTC) requires financial institutions to establish policies and procedures for safeguarding customer financial information by complying with the Gramm-Leach-Bliley Act (GLBA).
The Assistant Vice President for Security, Compliance, and Risk Management is designated as the ISP Coordinator. The ISP Coordinator may designate other individuals to oversee and/or coordinate particular elements of the ISP.
The ISP Coordinator will identify and assess external and internal risks to the security, confidentiality, and integrity of nonpublic financial information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromises of such information. The ISP Coordinator will provide guidance to appropriate personnel in the central administration, academic units, and other university units in evaluating their current practices and procedures and in assessing reasonably anticipated risks to nonpublic financial information in their respective areas. The ISP Coordinator will work with appropriate personnel to establish procedures for identifying and assessing risks in the following areas:
The ISP Coordinator will coordinate with appropriate personnel to design and implement safeguards, as needed, to control the risks identified in assessments and will develop a plan to regularly test or otherwise monitor the effectiveness of such safeguards. Such testing and monitoring may be accomplished through existing network monitoring and problem escalation procedures.
The ISP Coordinator, in conjunction with the Office of the General Counsel and the Office of Strategic Procurement, will assist in instituting methods for selecting and retaining service providers that are capable of maintaining appropriate safeguards for nonpublic financial information. The ISP Coordinator will work with the Office of the General Counsel to develop and incorporate standard, contractual provisions for service providers that will require providers to implement and maintain appropriate safeguards. These standards will apply to all existing and future contracts entered into with service providers to the extent required under GLBA.
The ISP Coordinator will evaluate and adjust the ISP as needed, based on the risk identification and assessment activities undertaken pursuant to the ISP, as well as any material changes to Miami University’s operations or other circumstances that may have a material impact on the ISP.
Any exceptions to this policy require approval from the Assistant Vice President for Security, Compliance, and Risk Management before they can be implemented. All exceptions will be reviewed every 12 months to ensure they are still appropriate and necessary.
This policy will be reviewed by the Assistant Vice President for Security, Compliance, and Risk Management every 12 months.
Initial Approval:Joe Bazeley on September 13, 2016
Most Recent Approval:Joe Bazeley on September 13, 2016
Most Recent Review Date:June 3, 2019
501 E. High Street
Oxford, OH 45056
1601 University Blvd.
Hamilton, OH 45011
4200 N. University Blvd.
Middletown, OH 45042
7847 VOA Park Dr.
(Corner of VOA Park Dr. and Cox Rd.)
West Chester, OH 45069
Chateau de Differdange
1, Impasse du Chateau, L-4524 Differdange
Grand Duchy of Luxembourg
217-222 MacMillan Hall
501 E. Spring St.
Oxford, OH 45056, USA