Western Michigan University values access, collaboration, research, and the freedom to pursue education. As an institution, however, we are obligated to be in compliance with regulations such as the Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry standards (PCI), and the Red Flag rules.
This information security program highlights the overall direction and vision of information security. It also brings a governance responsibility and ensures alignment with WMU's strategic plan. By breaking the program into sections, students, faculty, and staff are helped to understand how they relate to the basic goals of the program. It is the responsibility of all users of WMU information resources to know and abide by the rules governing information security.
The objective in developing and implementing this information security program is to create resources that will assist with effective administrative, technical and physical safeguards to protect personal information that is handled by the faculty, staff, and students of WMU. Program sections include the requirements for accessing, managing, recovering, mitigating, securing, and protecting personal information. The program covers all forms of personal information, whether it is maintained on paper, digital, or other media.
For purposes of the program, protected or personal information shall have the meaning set forth in the data classification policy as is defined under the category of restricted/confidential data. Employees handle and have access to protected information in order to perform their job duties. This includes permanent and temporary employees as well as student employees whose job duties require them to access protected information, or who work in a location where there is access to protected information. Departments are responsible for maintaining a high level of awareness and sensitivity to safeguarding protected information and should periodically remind employees of its importance. Seemingly minor changes to office layout and practices could significantly compromise protected information if a culture of awareness is not present. It is this awareness that the program is intended to communicate to the campus community.
Department representatives are responsible for ensuring that staff are educated in the relevant Family Educational Rights and Privacy Act (FERPA), the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA) concepts and requirements, Payment Card Industry standards (PCI), Red Flag rules and other areas of information technology security. The University has selected SANS Securing The Human, an online cyber security awareness training program to provide that education for full time and temporary employees of the University. The Office of Information Technology has created two courses in Elearning for students. One course is for all students and the second, in addition to the first, is for students, employed by the University, who use computers and/or access electronic or paper University data. More information about these education programs is found on this website.
See also Gramm-Leach-Bliley compliance