Policy

Purpose of Red Flags Identity Theft Policy

________________________________________
Document Number: REDFLAG--100d
Revision #: 2.0
Document Owner: VP of Business and Finance
Date Last Updated: 04/25/2018
Primary Author: VP of Business and Finance
Status: Approved
Date Originally Created: 01/03/2012
________________________________________
List:

1. Purpose of the Red Flags Identity Theft Policy

The protection of Confidential and Sensitive Information assets and the resources that support them are critical to the operation of Cumberland University (known from this point as “the University”). As information assets are handled they are placed at risk for potential threats of employee errors, malicious or criminal actions, theft, and fraud. Such events could cause the University to incur a loss of confidentiality or privacy, financial damages, fines, and penalties.

The purpose of this policy is to reduce the risk of a loss or breach of Confidential and Sensitive Information through guidelines designed to detect, prevent, and mitigate loss due to errors or malicious behavior. The University recognizes that absolute security against all threats is an unrealistic expectation. Therefore, the goals of risk reduction and implementation of this policy are based on:

•An assessment of the Confidential and Sensitive Information handled by the University.
•The cost of preventative measures designed to detect and prevent errors or malicious behavior.
•The amount of risk that the University is willing to absorb.

These policy guidelines were derived through a risk assessment of the University methods of handling Confidential and Sensitive Information. Determination of appropriate security measures must be a part of all operations and shall undergo periodic evaluation.




________________________________________
Subject Experts

The following may be consulted for additional information.

VP of Business and Finance
________________________________________
Regulations

federal mandate
Peer review standards
Standards of good practice
University governance