To Home Page To Home Page
General Description
Requirements
Policy Provisions
Performance Evaluation
Subject Experts
Plan for a Loss or Breach
Policy

Document Number: REDFLAG--110 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 12/15/2011

General Description
Description:

Information about the plan for a loss or breach relative to Red Flags Identity Theft Policy.


Purpose:

Delineation of policy and procedure.


Scope:

All faculty, staff, students, and administrators


Responsibility: Administration
Executive VP
VP of Business and Finance

Back to Top

Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes

Terms and Definitions: Additional training

Corrective Action

Loss of privilege, general

Back to Top

Policy Provisions
1.

Plan for a Loss or Breach


1.1

Information Security Audits


The Identity Theft Prevention Officer is authorized to conduct security audits of any area containing CSI at anytime to ensure the safety and security of that information.

 


1.2

Discovery of a Breach in the Workplace


1. Employee Protocol

· Do not disturb the area.

· Secure the area.

· Notify manager or supervisor.

· Manager will contact Identity Theft Prevention Officer

· Document the event.

· Submit to Identity Theft Prevention Officer.

 

2. Manager or Supervisor Protocol

· Ensure affected area is secure. Do not let anyone use the phone or computer in that area.

· Gather visitor logs, employee time sheets, list everyone who had access before, during, and after the incident.

· Interview employee witness(es).

· Contact ISO.

· Identity Theft Prevention Officer Protocol

· Determine that there is a breach

· Interview Employee Witness

· Review Security Incident Report

· Contact the University attorney

· Make a police report

· Notify potential victims according to legal statutes.

· Public relations and continuity considerations.

 


1.3

Discovery of a Breach Through Accusation


1. Employee Protocol

· Be sympathetic to the potential victim

· Do not confirm or deny their allegations

· Document the conversation

· Document contact information

· Inform them that your Identity Theft Prevention Officer will contact them.

 

2. Identity Theft Prevention Officer Protocol

· Interview Employee Witness

· Review Security Incident Report

· Contact potential victim.

· Ask them to reiterate their story.

· Assure them that you will look into it.

· Contact your attorney.

· Determine that there is a breach

· Assess the extent of damage

· Make a police report

· Notify potential victims according to legal statutes.

· Public relations and continuity considerations

 


Back to Top

Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate

Consequences: Further training
Loss of privileges

Back to Top

Subject Experts
The following may be consulted for additional information.
Executive VP

VP of Business and Finance

Back to Top

This page created 03/07/2014 using Zavanta® version 6.0