Vendor Privacy

Date Approved:12-12-2019
Last Revision:12-12-2019
Last Reviewed:12-12-2019
Approved By:President
Oversight Unit:INFORMATION TECHNOLOGY-TECHNICAL SERVICES
This policy has a related procedure. Click to view the procedure below.
This policy has a related guideline. Click to view the guideline below.
Purpose

This policy protects university data when it is entrusted to a third party.

Applicability

All university personnel who contract with vendors who store, process or transmit university data defined as ‘confidential’ by the university’s Data Classification Policy. 

Policy

As a condition of doing business or continuing to do business with NMU, vendors that store, process or transmit confidential data, must agree to the data protection criteria as provided in the university’s Vendor Privacy Agreement. Exceptions to this policy may only be granted by the University’s Committee on Information Security Operations.