3.03 – Data Safeguards for Internal and External Systems Policy

Purpose of Document:

To establish policies for ensuring that contracted service providers maintain appropriate safeguards for Seminary data. 

Policy:

All service providers contracted by the Seminary are required to maintain appropriate data safeguards. This includes both those vendors that house (e.g. SaaS) Personally Identifiable Information (PII) or other sensitive data, as well as those vendors that, through support contracts, have access to PII or other sensitive data. LITS will endeavor to obtain SOC2, HECVAT, or other similar data safeguard language when signing contracts with software vendors, as well as annually thereafter. 

LITS will annually verify that each software vendor is complying with their data safeguard statements. If a vendor is found to be non-compliant, the Seminary will evaluate alternative options. Upon request, further information can be found in the Risk Assessment Plan.  

LITS Staff reserve the right to modify this policy at any time.

Approvals: 

  • LITS: October 2019
  • Provost: February 2020