Creighton's Gramm-Leach-Bliley Act Security Plan

Effective May 23, 2003


Creighton University has implemented a security program to address the Standards for Safeguarding Customer Information codified in 16 CFR 314 of the Gramm-Leach-Bliley Act (GLBA). The intent of this program is to provide confidentiality and security of nonpublic financial information, protect against foreseeable threats to the security of this information, and protect against unauthorized access or use of this information. This program incorporates the University’s policies and standards and is in addition to other University policies that may be required by other federal and state laws and regulations.

Designated Program Representative

The University’s Information Security Officer is designated as the GLBA Security Program Representative who shall be responsible for coordinating and overseeing the GLBA Security Program. Any questions regarding the implementation of the GLBA Security Program or the interpretation of this document should be directed to the Program Representative.

Scope of the Program

The GLBA Security Program applies to any record containing nonpublic financial information about a student or other third party who has a relationship with the University, whether in paper, electronic or other form that is handled or maintained by or on behalf of the University. For the purposed of the GLBA Security Program, nonpublic financial information shall mean any information that meets any of the following criteria:

Elements of the GLBA Security Program

Assessment of Reasonably Foreseeable Risks

The University intends, as part of the GLBA Security Program, to identify and assess reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of nonpublic financial information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information. In implementing the GLBA Security Program, the Program Representative will establish procedures for identifying and assessing such risks in each relevant area of the University’s operations, including:


Implementation of Security Controls

Based on results of risk assessments and as directed by the University’s Policies and Standards, the University’s Information Security Officer will recommend and implement administrative, physical, and technical safeguards to mitigate reasonably foreseeable risks. In addition, the Program Representative will coordinate the regular testing and monitoring of the effectiveness of the University’s Policies and Standards as they apply to the GLBA Security Program.

Overseeing Service Providers

The Program Representative shall coordinate with those responsible for third party service agreements to raise awareness of, and to institute methods for, selecting and retaining only those service providers that are capable of maintaining appropriate safeguards for nonpublic financial information of students and other third parties. In addition, the Program Representative will work with the General Counsel’s Office to develop and incorporate standard, contractual protections applicable to third party service providers, which will require such providers to implement and maintain appropriate safeguards.


The Program Representative is responsible for evaluating and adjusting the GLBA Security Program based on the risk assessment activities, as well as any material changes in the University’s operations or other circumstances that may have a material impact on the security program.

Plugged In highlights go here, news, initiatives, spotlight, designed to draw the user who is done finding or browsing, further into our content.