About the Information Security Program

The objective in developing and implementing this information security program is to create resources that will assist with effective administrative, technical and physical safeguards to protect personal information that is handled by the faculty, staff and students of WMU. Program sections include the requirements for accessing, managing, recovering, mitigating, securing, and protecting personal information. The program covers all forms of personal information, whether it is maintained on paper, digital, or other media.

For purposes of the program, protected or personal information shall have the meaning set forth in the data classification policy as is defined under the category of restricted/confidential data. Employees handle and have access to protected information in order to perform their job duties. This includes permanent and temporary employees as well as student employees whose job duties require them to access protected information, or who work in a location where there is access to protected information.  Departments are responsible for maintaining a high level of awareness and sensitivity to safeguarding protected information and should periodically remind employees of its importance.  Seemingly minor changes to office layout and practices could significantly compromise protected information if a culture of awareness is not present. It is this awareness that the program is intended to communicate to the campus community.

Department representatives are responsible for ensuring that staff are trained in the relevant Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA) concepts and requirements, Payment Card Industry standards (PCI), and the Red Flag rules. The program sections and accompanying training materials relative to GLBA and HIPAA are being developed by the GLBA Committee, HIPAA Privacy Compliance Office and the Office of Information Technology. More information on all training material will be made available later.

See also Gramm-Leach-Bliley compliance