Policy

Transferability

Transferability
Policy

________________________________________
Document Number: REDFLAG--108 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 12/15/2011
________________________________________
General Description
Description: Information about transferability of information relative to Red Flags Identity Theft Policy.

Purpose: Delineation of policy.

Scope: All faculty, staff, students, and administrators

Responsibility: Administration
Executive VP
VP of Business and Finance
________________________________________
Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Standard company policies
Standards of good practice
State statutes
Local statutes
Terms and Definitions: Additional training

Corrective Action

Loss of privilege, general
________________________________________
Policy Provisions
1. Transferability

1.1 Spoken Word

1. Company representatives must identify and verify callers as authorized before releasing any CSI over the phone.

2. Company representatives may not release any CSI to a third party unless the third party was previously authorized in writing.

3. Employees may only discuss CSI with University-authorized individuals for a legitimate business purpose.

4. Under no circumstances are company representatives permitted to leave CSI messages on voicemail systems.


1.2 Hard Copy Transferability

1. Clean Desk Policy
• Company representatives shall keep desks and workspaces clear of CSI when not in use.

2. Dry Erase, Chalk, and Bulletin Boards
• Employees must not print, post, or make known any CSI on any dry erase boards, chalk boards, or bulletin boards in public or operations areas. Dry erase and chalk boards must be wiped clean after every use.

3. Transporting Information
• Confidential and Sensitive information shall be transported from one external location to another in the locked trunk of a vehicle.
• An inventory must be kept of all CSI hard copy that is shipped.

4. Facsimiles (FAX)
• FAX machines must not be physically located in a public area. Electronic FAX delivery will occur using the safest and most encrypted platform reasonably available in the marketplace.
• Every outgoing fax must contain a cover sheet containing the senders and receivers names. Each coversheet will contain the University’s Confidential and Sensitive Information Disclaimer.
• Employees sending a FAX containing CSI shall notify the recipient that the FAX is being sent.
• Any unnecessary CSI must be masked or deleted before faxing.


1.3 Soft Copy Transferability

1. Personal Electronic Devices
• Company representatives and service providers are only permitted to bring personal electronic devices into University facilities that are approved by University Administration.

2. E-mail Transferability
• All outgoing email containing CSI must be encrypted.
• Employees shall not respond to emails requesting CSI unless they first contact the sender and verify that the sender is authorized to have the information being requested.

3. Portable Electronic Device Transferability
• Portable electronic devices must be secured when transported from one location to another. The physical security of these devices is the responsibility of the authorized user.





________________________________________
Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate

Consequences: Further training
Loss of privileges
________________________________________
Subject Experts
The following may be consulted for additional information.
Executive VP

VP of Business and Finance