糖心vlog视频

In compliance with the Federal Trade Commission糖心vlog视频檚 Safeguards Rule and the , Lindenwood University (LU) created this document to summarize our Information Security Program (ISP).糖心vlog视频� This document describes the objectives of the GLBA standards safeguarding information (i) ensuring the security and confidentiality of student information, (ii) protecting against any anticipated threats or hazards to the security of such information, and (iii) protecting against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any student or individual.糖心vlog视频�舛寞&苍产蝉辫;

On December 9, 2021, the Federal Trade Commission (FTC) issued糖心vlog视频�糖心vlog视频�(Final Rule) to amend the Standards for Safeguarding Customer Information (Safeguards Rule), an important component of the Gramm-Leach-Bliley Act糖心vlog视频檚 (GLBA) requirements for protecting the privacy and personal information of consumers. The effective date for most of the changes to the Safeguards Rule is June 9, 2023.

Other Related Rules and Clarification

• Dear Colleague Letters
• Dear CPA Letter糖心vlog视频�
• CPA-19-01

Definition of 糖心vlog视频淐ustomer糖心vlog视频� for the purpose of GLBA Compliance

The regulations at 16 C.F.R. Part 314 use the terms 糖心vlog视频渃ustomer糖心vlog视频� and 糖心vlog视频渃ustomer information.糖心vlog视频� For the purpose of an institution or servicer糖心vlog视频檚 compliance with GLBA, customer information is information obtained as a result of providing a financial service to a student (past or present). Institutions or servicers provide a financial service when they, among other things, administer or aid in the administration of the Title IV programs; make institutional loans, including income share agreements; or certify or service a private education loan on behalf of a student.糖心vlog视频�舛寞&苍产蝉辫;

Requirements in the GLBA Safeguards Rule糖心vlog视频� 

The objectives of the GLBA standards for safeguarding information are to 糖心vlog视频撎切膙log视频�舛寞&苍产蝉辫;

• Ensure the security and confidentiality of student information.糖心vlog视频�
• Protect against any anticipated threats or hazards to the security or integrity of such information; and糖心vlog视频�
• Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any student (16 C.F.R. 314.3(b)).糖心vlog视频�舛寞&苍产蝉辫;

To achieve the GLBA objectives, LU and servicers are required to develop, implement, and maintain a written, comprehensive information security program. The FTC糖心vlog视频檚 regulations require that the information security program contains administrative, technical, and physical safeguards that are appropriate to the size and complexity of the institution or servicer, the nature and scope of their activities, and the sensitivity of any student information.糖心vlog视频�

厂肠辞辫别糖心vlog视频�

LU糖心vlog视频檚 written Information Security Program (ISP) includes the nine required elements included in .

Element 1 糖心vlog视频� 16 CFR 314.4(a)糖心vlog视频�

LU has designated the Chief Information Officer (CIO) as the Qualified Individual (QI) responsible for overseeing and implementing LU糖心vlog视频檚 ISP.糖心vlog视频�舛寞&苍产蝉辫;

Element 2 糖心vlog视频� 16 CFR 314.4(b)

LU intends, as part of the ISP, to undertake to identify and assess external and internal risks to the security, confidentiality, and integrity of nonpublic financial information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromises of such information through a risk assessment.糖心vlog视频� In implementing the ISP, the QI establishes and maintains procedures for identifying and assessing such risks in each relevant area of the Institution糖心vlog视频檚 operations, including:

• Acceptable Use Policy
• Privacy and Personal Data Protection

Element 3 糖心vlog视频� 16 CFR 314.4(c) (1) through (8)糖心vlog视频�舛寞&苍产蝉辫;

LU will continue to monitor/provide each of the following:糖心vlog视频�舛寞&苍产蝉辫;

• Access controls and user limits on accessible data.
• Management of data, users, and systems consistent with risk strategy.
• Encryption of customer information in transit over external networks and at rest糖心vlog视频�.
• Secure development practices for in-house developed software and applications that access or transmit customer information.
• Implementation of multifactor authentication or reasonably equivalent access controls糖心vlog视频�.
• Procedures for the periodic and secure disposal of customer information and review of data retention policies糖心vlog视频�.
• Procedures for secure change management of systems糖心vlog视频�.
• Controls to monitor and log activities of users and detect unauthorized access糖心vlog视频�.

Element 4 糖心vlog视频� 16 CFR 314.4(d)糖心vlog视频�舛寞 

LU will regularly test and monitor the effectiveness of the safeguards糖心vlog视频� key controls, systems, and procedures.糖心vlog视频� This will be accomplished through annual penetration testing and vulnerability assessments preformed bi-yearly.糖心vlog视频�舛寞&苍产蝉辫;

Element 5 糖心vlog视频� 16 CFR 314.4(e)糖心vlog视频�舛寞&苍产蝉辫;

LU will employ only capable information security professionals who will be provided with training sufficient to address relevant security risks while staying current with the evolving information security environment.糖心vlog视频� LU will also provide relevant information security training to personnel at the University identified from the risk assessment.糖心vlog视频�舛寞&苍产蝉辫;

Element 6 糖心vlog视频� 16 CFR 314.4(f)糖心vlog视频�舛寞&苍产蝉辫;

The QI will ensure that LU will only select and retain those service providers that are capable of maintaining appropriate safeguards for nonpublic financial information of students and other third parties to which they will have access.糖心vlog视频� In addition, the QI works with University Legal Counsel to develop and incorporate standard, contractual protections applicable to third-party service providers, that require such providers to implement and maintain appropriate safeguards.糖心vlog视频�舛寞&苍产蝉辫;

Element 7 糖心vlog视频� 16 CFR 314.4(g)糖心vlog视频�舛寞&苍产蝉辫;

The QI is responsible for evaluating and adjusting the ISP based on any risks identified from testing, monitoring, and/or assessment activities.糖心vlog视频�舛寞糖心vlog视频�舛寞&苍产蝉辫;

Element 8 糖心vlog视频� 16 CFR 314.4(h)糖心vlog视频�舛寞&苍产蝉辫;

LU has a regularly updated and documented incident response plan that addresses:糖心vlog视频�舛寞&苍产蝉辫;

• The goals of the incident response plan.糖心vlog视频�
• The internal processes for responding to a security event.糖心vlog视频�
• The definition of clear roles, responsibilities, and levels of decision-making authority.糖心vlog视频�舛寞
• External and internal communications and information sharing.糖心vlog视频�
• Identification of requirements for the remediation of any identified weaknesses in information systems and associated controls.糖心vlog视频�
• Documentation and reporting regarding security events and related incident response activities; and糖心vlog视频�
• The evaluation and revision as necessary of the incident response plan following a security event糖心vlog视频�.

Element 9 糖心vlog视频� 16 CFR 314.4(i)糖心vlog视频�舛寞 

The QI will create a written report to be presented to the LU Board of Trustees at least annually.糖心vlog视频� The report will cover the overall status of the ISP and its compliance.糖心vlog视频� The report will also cover material matters related to the ISP, addressing issues such as risk assessment, risk management and control decisions, service provider arrangements, results of testing, security events or violations and management’s responses thereto, and recommendations for changes in the ISP.糖心vlog视频�舛寞舛寞&苍产蝉辫;

Last revised: May 2023