GLBA mandates that this Information Security Program be subject to periodic review and adjustment. The most frequent of these reviews will occur within Information Technology Security and Privacy where constantly changing technology and constantly evolving risks indicate the wisdom of regular reviews. Processes in other relevant offices of the University such as data access procedures and the training program should undergo regular review. It is the policy of Western Michigan University to conduct yearly security assessment reviews.
This Information Security Program, as well as the related Data Retention Policy, should be reevaluated annually in order to ensure ongoing compliance with existing and future laws and regulations.
Last revised: February 2019