Safeguarding Customer Information

Oak Valley College is committed to ensuring all customer information is safeguarded and meets local, state, and federal requirements for data security.

Safeguarding customer information - Oak Valley secures all nonpublic personal information regarding individuals, including prospective students, students, faculty, staff, vendors, parents, and other individuals who have a relationship with the College

Data security - The College commits to

  • Insure the security and confidentiality of customer information

  • Protect against any anticipated threats or hazards to the security or integrity of such information, and

  • Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer

Security systems - Oak Valley’s CFO is responsible for all security measures, including:

  • Serving as the Designated Coordinator - The school designates an employee or employees to coordinate its information security program.

  • Performing Risk assessment. The CFO identifies reasonable foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks.  At a minimum, the school’s risk assessment includes consideration of risks in each relevant area of operations including:

    • Employee training and management

    • Information systems, including network and software design, as well as information processing, storage, transmission, and disposal

    • Detecting, preventing, and responding to attacks, intrusions, or other systems failures

  • Safeguarding testing/monitoring. The CFO is responsible for implementing information safeguards to control the risks it identifies through risk assessment, and regularly tests or otherwise monitors the effectiveness of the safeguards’ key controls, systems, and procedures

  • Evaluation & Adjustment. The CFO evaluates and adjusts its information security program in light of the results of the required testing and monitoring, as well as for any material changes to its operations or business arrangements or any other circumstances that it has reason to know may have a material impact on the school’s information security program.

  • Overseeing service providers. The CFO takes reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue and requires the service providers by contract to implement and maintain such safeguards.