Service Provider Oversight

Service Provider Oversight
Policy

________________________________________
Document Number: REDFLAG--117 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 01/03/2012
________________________________________
General Description
Description: Information about service provider oversight relative to Red Flags Identity Theft Policy.

Purpose: Delineation of policy.

Scope: All faculty, staff, students, and administrators

Responsibility: Executive VP
VP of Business and Finance
________________________________________
Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes
Terms and Definitions: Additional training

Corrective Action

Fine

Loss of privilege, general

Termination
________________________________________
Policy Provisions
1. Service Provider Oversight

1. The University will periodically review all service provider agreements and activities no less than annually.
2. A service provider with direct access to CSI must provide proof of, and maintain, their own Identity Theft Prevention Program that is consistent with, or exceeds, the University’s industry regulations.
3. A service provider that has indirect access to CSI shall comply with this Identity Theft Prevention Policy.

________________________________________
Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate

Consequences: Further training
Job Termination
________________________________________
Subject Experts
The following may be consulted for additional information.
Executive VP

VP of Business and Finance