Disclaimer: The content on these webpages appears as a courtesy to site visitors and is for general informational purposes only. To obtain a copy of the official applicable policy or regulation, please contact Brookdale’s Public Records Custodian via the Public Records webpage of the Brookdale website at https://www.brookdalecc.edu/about/public-records

I.  Title of Policy

4.7002 Information Security Program

II.  Objective of Policy

The College hereby establishes an information security program (“the InfoSec Program”) to comply with the “Safeguards Rule” promulgated by the Federal Trade Commission (FTC). The InfoSec Program is designed to develop, implement, and maintain a comprehensive information security program that contains administrative, technical, and physical safeguards that are appropriate to the size and complexity of the College, the nature and scope of the College’s activities, and the sensitivity of any of the College’s information at issue. The InfoSec Program is purposefully intended to protect the College’s data and information, any loss of which may represent a threat to the well-being of the College, the College community, or persons.

III.   Authority

The Safeguards Rule, 16 C.F.R. § 314.3, has been promulgated by the FTC in the FTC’s implementation of sections 501 and 505(b)(2) of the Gramm-Leach-Bliley Act of 1999, an extension of the FTC’s Protection of Nonpublic Personal Information code, 15 U.S.C. 6801(b), 6805(b)(2).

IV.  Policy Statement

The Safeguards Rule requires that any institution that houses customer information (broadly defined as any record containing nonpublic personal information, as articulated in 16 CFR 313.3(n), about a customer of a financial institution, whether in paper, electronic, or other form) establish an information security program that defines administrative, technical, or physical safeguards utilized to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customer information. The Safeguards Rule further stipulates that institutions must designate an employee or employees to coordinate the information security program.

The President will develop College Regulations and procedures as required to ensure compliance with the InfoSec Program which shall include reasonable steps to:

1.  Insure the security and confidentiality of nonpublic personal customer (i.e. student, staff, and faculty) information;

2.  Protect against any anticipated threats or hazards to the security or integrity of such information;

3.  Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer (i.e. student, staff, and faculty member); and

4.   Ensure that the InfoSec Program is updated periodically to reflect changes in risks to College consumers and to the safety and soundness of the College’s information.

V.  Responsibility for Implementation



Lodged: 4/24/2018
Approved: Board of Trustees 5/15/2018

PDF Policy 4.7002 Information Security Program