Policy

Service Provider Oversight

________________________________________
Document Number: REDFLAG--117
Revision #: 2.0
Document Owner: VP of Business and Finance
Date Last Updated: 04/25/2018
Primary Author: VP of Business and Finance
Status: Approved
Date Originally Created: 01/03/2012
________________________________________
General Description

Description:
Information about service provider oversight relative to Red Flags Identity Theft Policy.

Purpose:
Delineation of policy.

Scope:
All faculty, staff, students, and administrators

Responsibility:
VP of Business and Finance
________________________________________
Requirements

Relevant Knowledge: 
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes

Terms and Definitions:
Additional training
Corrective Action
Fine
Loss of privilege, general
Termination
________________________________________
Policy Provisions

1. Service Provider Oversight

1. The University will periodically review all service provider agreements and activities no less than annually.
2. A service provider with direct access to CSI must provide proof of, and maintain, their own Identity Theft Prevention Program that is consistent with, or exceeds, the University’s industry regulations.
3. A service provider that has indirect access to CSI shall comply with this Identity Theft Prevention Policy.



________________________________________
Performance Evaluation

Performance Metrics:
Compliance with standard policy and procedure
Compliance with federal mandate

Consequences:
Further training
Job Termination
________________________________________
Subject Experts

The following may be consulted for additional information.

VP of Business and Finance