Service Provider Oversight
Service Provider Oversight
Policy
________________________________________
Document Number: REDFLAG--117 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 01/03/2012
________________________________________
General Description
Description: Information about service provider oversight relative to Red Flags Identity Theft Policy.
Purpose: Delineation of policy.
Scope: All faculty, staff, students, and administrators
Responsibility: Executive VP
VP of Business and Finance
________________________________________
Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes
Terms and Definitions: Additional training
Corrective Action
Fine
Loss of privilege, general
Termination
________________________________________
Policy Provisions
1. Service Provider Oversight
1. The University will periodically review all service provider agreements and activities no less than annually.
2. A service provider with direct access to CSI must provide proof of, and maintain, their own Identity Theft Prevention Program that is consistent with, or exceeds, the University’s industry regulations.
3. A service provider that has indirect access to CSI shall comply with this Identity Theft Prevention Policy.
________________________________________
Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate
Consequences: Further training
Job Termination
________________________________________
Subject Experts
The following may be consulted for additional information.
Executive VP
VP of Business and Finance