|Oversight Unit:||INFORMATION TECHNOLOGY-TECHNICAL SERVICES|
|This policy has a related procedure. Click to view the procedure below.|
|This policy has a related guideline. Click to view the guideline below.|
This policy protects university data when it is entrusted to a third party.
All university personnel who contract with vendors who store, process or transmit university data defined as ‘confidential’ by the university’s Data Classification Policy.
As a condition of doing business or continuing to do business with NMU, vendors that store, process or transmit confidential data, must agree to the data protection criteria as provided in the university’s Vendor Privacy Agreement. Exceptions to this policy may only be granted by the University’s Committee on Information Security Operations.
The University has a responsibility to protect and secure its data. NMU’s Information Technology Department upholds and facilitates this responsibility by working with university departments to ensure that systems are safe and secure and that they meet the university’s security standards.
Any vendor that provides the university with a system that stores, processes or transmits confidential data (see NMU’s Data Classification Policy) must sign the university’s Vendor Privacy Agreement (VPA).
If you are planning to do business with a vendor that stores, processes, or transmits confidential data follow this procedure:
Note: Systems obtained outside of the scope of this procedure will not be allowed to connect to NMU systems, and will not be supported by NMU’s Information Technology Department. NMU’s Committee on Information Security Operations retains final decision authority for systems that process, store or transmit confidential data.