Summary
This security policy outlines the key regulatory and compliance standards governing data protection, privacy, and cybersecurity. It provides references to federal, state, and industry regulations to ensure institutional compliance and safeguard sensitive information.
Body
Status: Final Draft
Last Revision Date: March 6, 2025
Regulatory and Compliance References
To ensure compliance with federal, state, and industry security standards, the following regulations and guidelines serve as foundational references:
-
U.S. Department of Education: Guidance Letter – Protecting Student Information
Student Privacy
-
U.S. Department of Education: Family Educational Rights and Privacy Act (FERPA)
FERPA Policy
-
U.S. Department of Homeland Security: Federal Information Security Management Act (FISMA)
FISMA Overview
-
Gramm-Leach-Bliley Act (GLBA)
GLBA Compliance
-
Federal Trade Commission (FTC) Red Flags Rule
FTC Red Flags Guide
-
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA Privacy Laws
-
International Organization for Standardization (ISO) Standards
ISO Standards
-
National Institute of Standards and Technology (NIST) Cybersecurity Framework
NIST Cybersecurity Framework
-
Payment Card Industry Data Security Standard (PCI DSS)
PCI Compliance
-
Sarbanes-Oxley Act (SOX) for Colleges and Universities
SOX Overview
-
Oregon Identity Theft Protection Act, ORS 646A.600-628
Oregon DOJ Data Breaches
This policy provides guidance for maintaining compliance with the aforementioned regulations to ensure the security and integrity of institutional data and sensitive information.