Platt College is Becoming Part of Concordia University, St. Paul

The College, as part of the program, identifies and assesses external and internal risks to the security, confidentiality, and integrity of nonpublic financial information that could result int he unauthorized disclosure, misuse, alteration, dectruction or compromise of such information.  In implementing the program, the Coordinator of IT has establised procedures for identifying and assessing such risks in each relevant area of the College's operations including:

• Employee training and management. While direct supervisors are ultimately responsible for ensuring compliance with information security practices, the Coordinator of IT trains employees regarding information security who have access to covered data.
• Information Systems and Information Processing and Disposal. The Coordinator of IT works with the College's third party vendor, My Tech, to assess the risks to nonpublic financial information associated with the Institution’s information systems, including network and software design, information processing, and the storage, transmission and disposal of nonpublic financial information. This evaluation includes assessing the Institution’s current polices and procedures relating to Acceptable Use of the Institution’s network and network security, as well as backups and the destruction/disposal of retired equipment that may store college data. The Coordinator of IT also assesses procedures for monitoring potential information security threats associated with software systems for updating such systems by, among other things, implementing patches or other software fixes designed to deal with known security flaws.
• The Coordinator of IT works with appropriate departments in the creation of policies on document retention and destruction for paper records that contain nonpublic financial information.
• Detecting, Preventing and Responding to Attacks. The Coordinator of IT, in conjunction with My Tech, evaluates procedures for and methods of detecting, preventing and responding to attacks or other system failures and existing network access and security policies and procedures, as well as procedures for coordinating responses to network attacks and developing incident response teams and policies.