MAINTAINING INFORMATION SECURITY PROGRAM
The University of Toledo has established and maintains a comprehensive information security program. This program includes the administrative, technical, and physical safeguards the University uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, and otherwise handle customer information. The safeguards achieve the following objectives:
- Insures the security and confidentiality of customer information
- Protects against any anticipated threats or hazards to the security or integrity of such information, and
- Protects against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer
The University includes all required elements of an information security program:
-
- Designated Coordinators. The University has designated employees to coordinate its information security program.
- Risk assessment. The University has identified reasonable foreseeable internal and external risks
to the security, confidentiality, and integrity of customer information that could
result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise
of such information, and assesses the sufficiency of any safeguards in place to control
these risks. The University’s risk assessment includes consideration of risks in
each relevant area of operations including:
- Employee training and management
- Information systems, including network and software design, as well as information processing, storage, transmission, and disposal
- Detecting, preventing, and responding to attacks, intrusions, or other systems failures
- Safeguards testing/monitoring. The University has implemented information safeguards to control the risks it identifies through risk assessment, and regularly tests and monitors the effectiveness of the safeguards’ key controls, systems, and procedures
- Evaluation & Adjustment. The University evaluates and adjusts its information security program in light of the results of the required testing and monitoring, as well as for any material changes to its operations or business arrangements or any other circumstances that it has reason to know may have a material impact on the University's information security program.
- Overseeing service providers. The University takes reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue and requires the service providers by contract to implement and maintain such safeguards.
For additional information about the University of Toledo's IT Security Office, click here
For additional information about the University of Toledo's IT policies, click here