Customer information that must be safeguarded
These requirements apply to all customer information in Omega Recording Studio School’s possession, regardless of whether it pertains to students, parents, or other individuals the school has a customer relationship with or pertains to the customers of other financial institutions that have provided such information to the school. Customer information means any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of the school or school’s affiliates.
As a financial institution covered under these information security requirements, Omega Recording Studios School must develop, implement, and maintain a comprehensive information security program. The information security program must be written in one or more readily accessible parts and contain administrative, technical, and physical safeguards that are appropriate to the size and complexity of the school, the nature and scope of its activities, and the sensitivity of any customer information at issue.
The safeguards shall be reasonably designed to achieve the following objectives:
- insure the security and confidentiality of customer information,
- protect against any anticipated threats or hazards to the security or integrity of such information, and
- protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
Required Elements of an Information Security Program
Designated Coordinators:
Your school must designate an employee or employees to coordinate its information security program.
- Omega Recording Studios School designated Shannon Follin, General Manager as the coordinator of the school’s Information Security Program
Risk Assessment and safeguards:
Your school must identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information and assess the sufficiency of any safeguards in place to control these risks.
- Omega Recording Studios has identified internal risks to the security of customer information and have established the policy that only specified Omega Recording Studios administrators can access customer information. All customer electronic records require password access at individual terminals by these authorized staff members only. All customer physical records are stored in locking cabinets and offices, the keys to which only the authorized staff have access. These administrative staff members have been trained to understand the sensitivity of customer information as well as the appropriate means to keep such information protected. This includes but is not limited to keeping all technology system terminals password protected when not present, keeping all cabinets and offices locked when not present, not distributing customer information in any way including but not limited to verbally releasing any information to any persons not specifically designated by the customer in writing.
- Omega Recording Studios has identified external risks to the security of customer information including electronic and physical protection of files. All electronic files are stored on the Omega Recording Studios network, which has been properly protected by an outside service provider and is routinely assessed for attacks, intrusion or other system failures. To further ensure safe retention of electronic files the specific administrative staff members routinely back up their computer hard drives onto an external device. Once a customer has ceased attendance the file is transferred to a fire safe cabinet. If any portion of a customer’s personal file needs to be disposed of it is shredded immediately.
Evaluation and adjustment.
The school must evaluate and adjust its information security program in light of the results of the required testing and monitoring, as well as for any material changes to your operations or business arrangements or any other circumstances that it has reason to know may have a material impact on your school’s information security program.
- If the Omega Recording Studios School were to become aware of any data breaches on the network or server the school would contact the contracted outside service provider.
Overseeing service providers.
A service provider is any person or entity that receives, maintains, processes, or otherwise is permitted access to customer information through its provision of services directly to your school. Your school must take reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue and require your service providers by contract to implement and maintain such safeguards.
- Omega Recording Studios School contracts with an outside service provider to monitor and maintain the security and condition of the school’s network and server. All service orders as well as integrity of the servicer are arranged and monitored by Shannon Follin, General Manager and Nicholas Springer, Director of Marketing.
Students attending Omega Recording Studios School have no unauthorized access to any terminal of the school’s technology system. Students found in violation of this may be suspended or terminated immediately.