Institutional Compliance

MAINTAINING INFORMATION SECURITY PROGRAM

 

The University of Toledo has established and maintains a comprehensive information security program. This program includes the administrative, technical, and physical safeguards the University uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, and otherwise handle customer information.  The safeguards achieve the following objectives:

    • Insures the security and confidentiality of customer information
    • Protects against any anticipated threats or hazards to the security or integrity of such information, and
    • Protects against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer

The University includes all required elements of an information security program:

    • Designated Coordinators. The University has designated employees to coordinate its information security program.
    • Risk assessment. The University has identified reasonable foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks.  The University’s risk assessment includes consideration of risks in each relevant area of operations including:
      • Employee training and management
      • Information systems, including network and software design, as well as information processing, storage, transmission, and disposal
      • Detecting, preventing, and responding to attacks, intrusions, or other systems failures
    • Safeguards testing/monitoring. The University has implemented information safeguards to control the risks it identifies through risk assessment, and regularly tests and monitors the effectiveness of the safeguards’ key controls, systems, and procedures
    • Evaluation & Adjustment. The University evaluates and adjusts its information security program in light of the results of the required testing and monitoring, as well as for any material changes to its operations or business arrangements or any other circumstances that it has reason to know may have a material impact on the University's information security program.
    • Overseeing service providers. The University takes reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue and requires the service providers by contract to implement and maintain such safeguards.

For additional information about the University of Toledo's IT Security Office, click here

For additional information about the University of Toledo's IT policies, click here 

Last Updated: 6/30/19