Guidelines: Dept Ed Dear Colleague Letter, 2019-Oct-30 Required procedures per 2019-Oct-30 Dear Colleague letter: - C.8.12.a. Verify that the institution has designated an individual to coordinate the information security program.
(See Title IV Information Security Program Responsibilities) - C.8.12.b. Verify that the institution has performed a risk assessment that addresses the three required areas noted in 16 CFR 314.4(b), which are
- (1) Employee training and management;
- (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and
- (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures.
(See Security Safeguards Program: Title IV Data)
- C.8.12.c. Verify that the institution has documented a safeguard for each risk identified from step b above.
(See Security Safeguards Program: Title IV Data)
DLP: LETU Data Loss Protection System |