Service Provider Oversight
________________________________________
Document Number: REDFLAG--117
Revision #: 2.0
Document Owner: VP of Business and Finance
Date Last Updated: 04/25/2018
Primary Author: VP of Business and Finance
Status: Approved
Date Originally Created: 01/03/2012
________________________________________
General Description
Description:
Information about service provider oversight relative to Red Flags Identity Theft Policy.
Purpose:
Delineation of policy.
Scope:
All faculty, staff, students, and administrators
Responsibility:
VP of Business and Finance
________________________________________
Requirements
Relevant Knowledge:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes
Terms and Definitions:
Additional training
Corrective Action
Fine
Loss of privilege, general
Termination
________________________________________
Policy Provisions
1. Service Provider Oversight
1. The University will periodically review all service provider agreements and activities no less than annually.
2. A service provider with direct access to CSI must provide proof of, and maintain, their own Identity Theft Prevention Program that is consistent with, or exceeds, the University’s industry regulations.
3. A service provider that has indirect access to CSI shall comply with this Identity Theft Prevention Policy.
________________________________________
Performance Evaluation
Performance Metrics:
Compliance with standard policy and procedure
Compliance with federal mandate
Consequences:
Further training
Job Termination
________________________________________
Subject Experts
The following may be consulted for additional information.
VP of Business and Finance