UTO Red Flag Rules Protocol for Identity Theft Prevention Program

Quick View

Summary:

ASU adopted an Identity Theft Prevention program in accordance with Arizona Board of Regent’s Policy 3-703. ASU’s Identity Theft Prevention program requires each department with Covered Accounts to develop a written Protocol for its department identifying Red Flags and appropriate responses. Red Flags are defined as those events which should alert an organization that there is a risk of identity theft. Red Flags supplement existing procedures aimed at preventing identify theft through tightened data security (e.g., Gramm-Leach-Bliley) by addressing situations where individuals are trying to use another person’s identity in order to fraudulently obtain resources or services.

Start Date:

August 17, 2009

Go Live:

November 4, 2009

End Date:

December 9, 2009

Current Milestone:

12/9/2009 Project complete and in production

Stage:

On track

People

Sponsor/Champion:

Adrian Sannier, Vice President and University Technology Officer

Project Manager:

Susan Moore

Contact for more information:

susan.moore@asu.edu

University Technology Director:

Susan Moore

More Info

Source:

Executive

Department:

UTO

Priority:

High

Scope:

• A process will be created to send an email to students when an SSN change is made.
• A process will be created to notify account holders when a change is made to a students’ direct deposit information.
• A process will be created to identify duplicate student account direct deposit information and refer accounts in question to the appropriate office for further research, e.g. SBS or SFAO.
• A process will be instituted to notify account holders when their ASURITE password has changed.
• A process will be created to notify account holders when a change is made to an employee's direct deposit information.
• A process will be created to identify duplicate employee account direct deposit information
• UTO will conduct an annual review of policies and processes related to Identity Theft and the Red Flag program requirements.
• The Information Security Office will manage the safeguards and policies outlined in this document.
• The Information Security Office will construct a thorough risk management analysis related to the handling of non public information.
• ISAAC system policy, procedures, and governance are to be created to maintain and manage physical access accounts in relation to Identity Theft monitoring

All Milestones and Schedule:

8/20/2009 Obtain project approval
8/31/2009 Complete project plan
10/28/2009 Student financial changes moved to production
10/30/2009 password email moved to production
11/11/2009 final pieces moved to production