Policy

Transferability

________________________________________
Document Number: REDFLAG--108
Revision #: 2.0
Document Owner: VP of Business and Finance
Date Last Updated: 04/26/2018
Primary Author: VP of Business and Finance
Status: Approved
Date Originally Created: 12/15/2011
________________________________________
General Description

Description:
Information about transfer-ability of information relative to Red Flags Identity Theft Policy.

Purpose:
Delineation of policy.

Scope:
All faculty, staff, students, and administrators

Responsibility:
Administration
VP of Business and Finance
________________________________________
Requirements

Relevant Knowledge:
Current University policy
Federal statutes
Standard company policies
Standards of good practice
State statutes
Local statutes

Terms and Definitions:
Additional training
Corrective Action
Loss of privilege, general
________________________________________
Policy Provisions

1. Transfer-ability

1.1 Spoken Word

1. Company representatives must identify and verify callers as authorized before releasing any CSI over the phone.

2. Company representatives may not release any CSI to a third party unless the third party was previously authorized in writing.

3. Employees may only discuss CSI with University-authorized individuals for a legitimate business purpose.

4. Under no circumstances are company representatives permitted to leave CSI messages on voicemail systems.


1.2 Hard Copy Transfer-ability

1. Clean Desk Policy
•Company representatives shall keep desks and workspaces clear of CSI when not in use.

2. Dry Erase, Chalk, and Bulletin Boards
•Employees must not print, post, or make known any CSI on any dry erase boards, chalk boards, or bulletin boards in public or operations areas. Dry erase and chalk boards must be wiped clean after every use.

3. Transporting Information
•Confidential and Sensitive information shall be transported from one external location to another in the locked trunk of a vehicle.
•An inventory must be kept of all CSI hard copy that is shipped.

4. Facsimiles (FAX)
•FAX machines must not be physically located in a public area. Electronic FAX delivery will occur using the safest and most encrypted platform reasonably available in the marketplace.
•Every outgoing fax must contain a cover sheet containing the senders and receivers names. Each coversheet will contain the University’s Confidential and Sensitive Information Disclaimer.
•Employees sending a FAX containing CSI shall notify the recipient that the FAX is being sent.
•Any unnecessary CSI must be masked or deleted before faxing.


1.3 Soft Copy Transfer-ability

1. Personal Electronic Devices
•Company representatives and service providers are only permitted to bring personal electronic devices into University facilities that are approved by University Administration.

2. E-mail Transferability
•All outgoing email containing CSI must be encrypted.
•Employees shall not respond to emails requesting CSI unless they first contact the sender and verify that the sender is authorized to have the information being requested.

3. Portable Electronic Device Transferability
•Portable electronic devices must be secured when transported from one location to another. The physical security of these devices is the responsibility of the authorized user.





________________________________________
Performance Evaluation

Performance Metrics:
Compliance with standard policy and procedure
Compliance with federal mandate

Consequences:
Further training
Loss of privileges
________________________________________
Subject Experts

The following may be consulted for additional information.

VP of Business and Finance