/Institutions/Cumberland-University/json/2017-2018/University-Policy-local.json

/Institutions/Cumberland-University/json/2017-2018/University-Policy.json

Policy > Red Flags > Destruction

Destruction

________________________________________
Document Number: REDFLAG--107
Revision #: 2.0
Document Owner: VP of Business and Finance
Date Last Updated: 04/25/2018
Primary Author: VP of Business and Finance
Status: Approved
Date Originally Created: 12/15/2011
________________________________________
General Description

Description:
Information about destruction of records relative to Red Flags Identity Theft Policy.

Purpose:
Delineation of policy.

Scope:
All faculty, staff, students, and administrators

Responsibility:
Administration
VP of Business and Finance
________________________________________
Requirements

Relevant Knowledge:
Current University policy
Federal statutes
Standard company policies
Standards of good practice
State statutes

Terms and Definitions:
Additional training
Corrective Action
Loss of privilege, general
________________________________________
Policy Provisions

1. Destruction

1.1 Hard Copy Destruction

All hard copy CSI will be shredded when it no longer has a legitimate business use.

1.1.1 In-house storage awaiting Director of Human Resources

1. Is the responsibility of every department.

2. Hard copy material waiting to be shreded will be maintained in locked and secured boxes labeled “Confidential Shred Material.”

1.2 Destruction service providers

All destruction service providers must comply with the service provider oversight policies in this Identity Theft Prevention Policy.


1.2.1 Destruction service providers

1. All destruction service providers must be National Association of Information Destruction, Inc. (NAID, Inc) Certified.

2. The University must be provided a certificate of destruction every time material is released to be destroyed.

1.3 Soft Copy Destruction

All computers, telecommunications, or electronic devices must be “sanitized” or “wiped” clean before being sold, donated, or discarded. A member of senior management or an Information Technology professional is designated for this function.

________________________________________
Performance Evaluation

Performance Metrics:
Compliance with standard policy and procedure
Compliance with federal mandate

Consequences:
Further training
Loss of privileges
________________________________________
Subject Experts

The following may be consulted for additional information.

VP of Business and Finance