The intent of this document is to describe how the various components of the college’s information security program are in accord with, and support compliance with, the Gramm-Leach-Bliley Act Safeguards Rule (GLBA), and to provide references to additional materials and to applicable policies and guidelines.

GLBA Objectives and Requirements

In compliance with the Gramm-Leach-Bliley Safeguards Rule and regulations issued by the Federal Trade Commission pursuant to that Rule, the college has established this information security plan to:

  • Ensure the security and confidentiality of customer information.
  • Protect against anticipated threats to the security or integrity of customer information.
  • Guard against unauthorized access to or use of customer information that could result in harm or inconvenience to any customer.
  • Comply with applicable Gramm-Leach-Bliley rules as published by the Federal Trade Commission.

Consistent with its efforts to meet these objectives, the college will:

  • Designate one or more staff members to oversee and coordinate the Information Security Plan.
  • Conduct risk assessments to identify foreseeable internal and external risks that could lead to unauthorized disclosure or misuse of confidential information.
  • Implement plans to control the risks.
  • Contractually require third-party service providers to implement and maintain confidentiality safeguards.
  • Periodically evaluate and adjust the Information Security Plan to ensure ongoing protection of confidential information.

Coordination of the GLBA Information Security Plan

The following staff play a role in coordinating the various aspects of the information security plan:

  • The Chief Technology Officer coordinates the college-wide IT security program and assists units in their security implementation.
  • The GLBA Committee, chaired by the Chief Technology Officer, evaluates specific GLBA-required standards to ensure they are incorporated into the overall plan.