Identity Theft Policy
This information summarizes CRAS – The Conservatory of Recording Arts and Sciences’ comprehensive written information security program mandated by the Federal Trade Commission’s Safeguards Rule and the Gramm- Leach- Bliley Act (“GLBA”).
In particular, this information describes the Program elements pursuant to which the Institution intends to (i) ensure the security and confidentiality of covered records, (ii) protect against any anticipated threats or hazards to the security of such records, and (iii) protect against the unauthorized access or use of such records or information in ways that could result in substantial harm or inconvenience to customers.
The Program incorporates by reference the Institution’s policies and procedures enumerated below and is in addition to any institutional policies and procedures that may be required pursuant to other federal and state laws and regulations, including, without limitation, FERPA.
The Conservatory of Recording Arts and Sciences will hereinafter be referred to as CRAS throughout our Consumer Information.
DESIGNATION OF REPRESENTATIVES
The Institution’s Director of IT Department is designated as the Program Officer who shall be responsible for coordinating and overseeing the Program. The Program Officer may designate other representatives of the Institution to oversee and coordinate particular elements of the Program. Any questions regarding the implementation of the Program or the interpretation of this document should be directed to the Program Officer or his or her designees.
SCOPE OF PROGRAM
The Program applies to any record containing nonpublic financial information about a student or other third party who has a relationship with the Institution, whether in paper, electronic or other form that is handled or maintained by or on behalf of the Institution or its affiliates. For these purposes, the term nonpublic financial information shall mean any information (i) a student or other third party provides in order to obtain a financial service from the Institution, (ii) about a student or other third party resulting from any transaction with the Institution involving a financial service, or (iii) otherwise obtained about a student or other third party in connection with providing a financial service to that person.
ELEMENTS OF THE PROGRAM
Risk Identification and Assessment
The Institution intends, as part of the Program, to undertake, identify, and assess external and internal risks to the security, confidentiality, and integrity of nonpublic financial information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information. In implementing the Program, the Program Officer will establish procedures for identifying and assessing such risks in each relevant area of the Institution’s operations, including:
Employee Training and Management
The Program Officer will coordinate with representatives in the Institution’s Human Resources and Financial Aid offices to evaluate the effectiveness of the Institution’s procedures and practices relating to access to and use of student records, including financial aid information. This evaluation will include assessing the effectiveness of the Institution’s current policies and procedures in this area.
Information Systems and Information Processing and Disposal
The Program Officer will coordinate with representatives of the Institution’s Information Technology Department to assess the risks to nonpublic financial information associated with the Institution’s information systems, including network and software design, information processing, and the storage, transmission and disposal of nonpublic financial information. This evaluation will include assessing the Institution’s current policies and procedures relating to the network and network security, document retention and destruction. The Program Officer will also coordinate with the Institution’s Information Technology Department to assess procedures for monitoring potential information security threats associated with software systems and for updating such systems by, among other things, implementing patches or other software fixes designed to deal with known security flaws.
Detecting, Preventing and Responding to Attacks
The Program Officer will coordinate with the Institution’s Information Technology Department and other relevant departments to evaluate procedures for and methods of detecting, preventing and responding to attacks or other system failures and existing network access and security policies and procedures, as well as procedures for coordinating responses to network attacks and developing incident response teams and policies. In this regard, the Program Officer may elect to delegate to a representative of the Information Technology Department, the responsibility for monitoring and participating in the dissemination of information related to the reporting of known security attacks and other threats to the integrity of networks utilized by the Institution.
Designing and Implementing Safeguards
The risk assessment and analysis described above shall apply to all methods of handling or disposing of nonpublic financial information, whether in electronic, paper or other form. The Program Officer will, on a regular basis, implement safeguards to control the risks identified through such assessments and to regularly test or otherwise monitor the effectiveness of such safeguards. Such testing and monitoring may be accomplished through existing network monitoring and problem escalation procedures.
Overseeing Service Providers
The Program Officer shall coordinate with those responsible for the third party service procurement activities among the Information Technology Department and other affected departments to raise awareness of, and to institute methods for, selecting and retaining only those service providers that are capable of maintaining appropriate safeguards for nonpublic financial information of students and other third parties to which they will have access. In addition, the Program Officer will work with the Administrator or other designated institutional officials to develop and incorporate standard, contractual protections applicable to third party service providers, which will require such providers to implement and maintain appropriate safeguards. Any deviation from these standard provisions will require the approval of the Administrator or other designated institutional officials. These standards shall apply to all existing and future contracts entered into with such third party service providers, provided that amendments to contracts entered into prior to June 24, 2002 are not required to be effective until May 2004.
Adjustments to Program
The Program Officer is responsible for evaluating and adjusting the Program based on the risk identification and assessment activities undertaken pursuant to the Program, as well as any material changes to the Institution’s operations or other circumstances that may have a material impact on the Program.
Institutional Code of Conduct
This Code of Conduct describes the standards that guide us in our daily activities as we lead and work for The Conservatory of Recording Arts and Sciences. We believe that these standards are already being followed. Our goal is to commit them to writing and to insure that they are understood and followed by the faculty, staff, vendors and leadership of the institution.
The Code of Conduct applies to all employees of The Conservatory of Recording Arts and Sciences including but not limited to officers, faculty, staff and individuals who perform services for The Conservatory of Recording Arts and Sciences as independent contractors or volunteers. These policies do not alter or supersede departmental Codes of Conduct, other relevant policies or applicable law that may be more restrictive or specialized.
EMPLOYEE INTEGRITY AND ETHICAL CONDUCT POLICY
CRAS – The Conservatory of Recording Arts and Sciences is committed to the highest ethical and professional standards of conduct as an integral part of it’s mission: the success of our students. To achieve this goal, The Conservatory of Recording Arts and Sciences relies on each employee’s ethical behavior, honesty, integrity and good judgment. Each employee should demonstrate respect for the rights of others. Each employee is accountable for his/her actions with respect to all relevant internal and external rules and regulations.
COMPLIANCE WITH LAWS AND CRAS – THE CONSERVATORY OF RECORDING ARTS AND SCIENCES POLICIES
CRAS – The Conservatory of Recording Arts and Sciences and each employee must transact The Conservatory activities in compliance with all laws, regulations and Conservatory policies related to their positions and areas of responsibility. Managers and supervisors are responsible for teaching and monitoring compliance in their areas. Every employee is responsible for complying with all federal, state, and local and accrediting agency laws, regulations, guidelines and standards. Every employee is obligated to know and to comply with all Conservatory of Recording Arts and Sciences policies including but not limited to the Employee Handbook.
REPORTING SUSPECTED VIOLATIONS OR CONCERNS ABOUT COMPLIANCE ISSUES
CRAS – The Conservatory of Recording Arts and Sciences compliance efforts focus on teaching employees the appropriate compliance standards for the areas in which they work. Employees may have genuine concerns about matters that they are not sure whether or not acts represent compliance violations. Each employee is required as a condition of employment, to report violations or concerns about violations that come to his/her attention. Managers have a special duty to adhere to the standards set forth in this code, to recognize violations, and to enforce the standards. Disciplinary actions for proven violations of this code of conduct or for retaliation against anyone who reports a possible violation will be determined on a case by case basis and may include termination of employment. Individuals who violate the code may also be subject to civil and criminal charges.
REPORT A VIOLATION OR DISCUSS A CONCERN ABOUT ACCOUNTING INTERNAL CONTROLS & AUDITING ISSUES
If any person employed by CRAS – The Conservatory of Recording Arts and Sciences in any capacity feels they have been witness to or heard of a violation of the code should contact their immediate supervisor or the College Administrator if the supervisor is not available or they do not feel they can professionally discuss the situation with the supervisor. All concerns will be investigated and reviewed to determine what action needs to be taken.
EMPLOYEE CONFLICT OF INTEREST POLICY AND CONFIDENTIALITY
No employee shall, for personal gain, the gain of others or for any other non-business reason use any information not available to the public that was obtained as a result of service to The Conservatory including by not limited to email and other communications whether or not marked confidential issued by an employee of The Conservatory to other employees or vendors of The Conservatory.
No employee shall solicit or accept for personal use, or for the use of others, any gift, favor, loan, gratuity, reward, promise of employment or any other thing of monetary value that might influence or appear to influence the judgment or conduct of the employee regarding The Conservatory business or policy. Full and timely disclosure of potential or actual conflicts of interest will sensitize all employees to these issues and will promote resolution of actual conflicts. Each employee is expected to discuss with his/her supervisor any affiliation, interest, or other matter that presents a real, apparent or potential conflict of interest.
Every employee shall be familiar with the Institutional Code of Conduct and your specific Department Code of Conduct.
For any questions regarding this process, please contact the financial aid department at 480-858-9400.
The following statement is from CRAS Audio Business Department:
Acquired music should always be purchased. There are three main reasons for this:
- It’s the right thing to do.
- It helps support deserving artists and songwriters.
- There are severe penalties for not paying.
THE EFFECTS OF COPYRIGHT LAW
This is a simplified explanation of Copyright Law: Only the copyright owner of a work can make copies of it in any form. Period. Anyone else who wants to copy any part of this work must get a license, negotiate an agreement, or get permission in some form.
Copyright means ownership of rights; of songs, musical compositions, movies, videos, video games and other types of creations. The original copyright owners of such creations often sign their rights over to a company – a record label or a publisher or a video game company, etc., and then they become the copyright owner.
Copyright laws should be taken very seriously. If not obeyed, offenders of these laws could face high fines and possibly even prison time.
Legally, consumers must pay for what they acquire. If not, they are infringing upon the rights of the copyright owner. Some examples of infringement would be:
- Downloading songs, albums or videos without paying for them
- Uploading songs, albums or videos to a file sharing site
- Making a copy of a song, CD or video for a friend (or many friends)
- Making a copy of software for others (or accepting a copy from someone else)
- Making more than one copy of something one has legally acquired…even for their own use
- Sampling without permission of the copyright owners of the recording and the song
- Recording a released song without obtaining a Compulsory (Mechanical) License
- Any other form of acquiring copyrighted material without paying for it More information on copyright law and penalties can be found on these websites:
Emergency Response and Evacuation Procedures
In order to reduce the impact of an emergency on students, faculty, staff, visitors, and facilities, the Conservatory of Recording Arts and Sciences (herein after referred to as CRAS) has developed this Emergency Response and Evacuation Plan. This plan is designed to provide policies and procedures and to define roles and responsibilities in order to respond most effectively during an emergency. The plan takes into account the following assumptions:
- An emergency may occur at any time with little or no warning.
- Emergencies occurring at CRAS will be responded to first by Authorized CRAS Security
- Personnel, who will assess the situation, determine the classification of emergency, and when applicable begin the process of calling for needed responders. Responders may include Police, Fire, EMS, or other organizations based on the nature of the incident.When outside emergency responders are called to the school they will be given precedence and CRAS Personnel will provide a support role.
- All Conservatory Faculty, Staff, and Students have a personal responsibility to be familiar with this plan and to know what to do in an emergency. Knowing what to do provides the best chances for personal safety.
- Emergency Evacuation Drills will be run a minimum of 1 time per calendar year.
NOTIFICATION OF EMERGENCY OR THREAT
- All emergencies are initially responded to by CRAS Security Personnel. It is the responsibility of Security to determine the emergency level and proceeding actions. Once it has been determined that there is no immediate threat to safety, all level 1 and level 2 emergencies will be reported to the Director of Security. Any authorized security personnel that responds to a level 3 or level 4 emergency is responsible for notifying Police, EMS, or Fire Department (when applicable) followed by the Director of Security immediately.
- In the event of a significant emergency or dangerous situation, the Conservatory will initiate a school wide notification system. At the time of an emergency the appropriate school officials will notify students and faculty by sending a message over the alarm system intercom.
- Follow-up messages may be sent to students through CRAS’ online education site Cras Connect or via the internal Education server. These messages may be posted to all students, or to select groups situation dependent.
- Emergency notifications may include, but are not limited to:
- “Fire” (accompanied by fire alarm)
- “Evacuate Immediately”
- “Lockdown” (shelter in place)
When notified of an evacuation, students should:
- Remain calm and proceed to your designated exit in an orderly fashion.
- Listen for any additional instructions from your Instructor.
- Once exited, move a safe distance away from the building and gather at your designated assembly point.
- Do not re-enter the building for any reason until CRAS Security Personnel have advised that it is safe to do so.
SHELTER IN PLACE PROCEDURE
In some emergency situations, Faculty, Staff, and Students may be instructed to shelter in place. This decision will be made by CRAS Security Personnel when evacuation is considered to be unsafe. Examples of shelter in place situations may include, (but are not limited to):
- Severe weather (tornado warnings, monsoon warnings)
- Natural Disasters (earthquakes, floods)
- Unsecured threat (suspicious persons or paraphernalia on premises)
During a Shelter In Place emergency, remain calm, follow instructions on where to stay, and do not leave the designate shelter area unless instructed to do so by your Instructor or CRAS Security Personnel. Close all windows (and blinds) and lock doors. Cover glass doors with cloth or other material to reduce the risk of injury from broken glass.
The CRAS Emergency Response and Evacuation Plan identifies emergencies by the following classification.
Level 1 – Minor incidents in which CRAS Personnel assess the situation and determine that there is no hazard to persons or property. Examples of such incidents may include minor injuries that do not require medical care, short power outages, minor equipment or facility problems.
Level 2 – An incident that could pose a minimal hazard to person or property. Examples of such incidents may include fire alarms, longer power outages, loss of HVAC during extreme weather.
Level 3 – Any incident that poses a potential widespread impact to public safety. Examples of such incidents may include major fire, structural damage to the occupied building, bomb threats, prolonged power outages. Level 4 – Any incident or threat that poses significant danger to persons or property requiring assistance from one or more outside resources and/or authorities. Examples of such incidents may include explosions, structural collapse, natural disasters, hostile individuals, or any incident where the resolution is determined to be outside the ability of CRAS Security Personnel.
All Conservatory employees must be familiar with the following Emergency Procedures. The details of all of these procedures are found in the Employee Handbook.
- Know the evacuation route for each classroom you inhabit.
- Understand evacuation procedures as outlined in the employee handbook.
- Review the evacuation chart with each new class of students.
- Lead students to their designated assembly point and check that all students are accounted for.
- Understand all “Shelter in Place” procedures as outlined in the employee handbook.
- Direct any media questions to an Authorized Security Personnel.
Authorized Security Personnel at the Gilbert Location Include:
- Director of Education
- Director of Projects
- Director of IT Dept
- Director of Financial Aid
Authorized Security Personnel at the Tempe Location include:
- Campus Director
- Director of Projects
- Director of IT Dept
- Director of Digital Department
At CRAS each student is expected to be familiar with the emergency procedures outlined in this document. Students are urged to be alert and aware of their surroundings at all times. On campus, students should:
- Know the evacuation chart for their classroom/studio each day. (Charts are clearly posted by the door of each room).
- Report any suspicious or questionable activity to an Instructor or Security Personnel immediately. Such activity may include (but is not limited to):
- Unattended bags or backpacks.
- Unfamiliar persons on campus.
- Erratic or unnatural behavior by any person(s).
- Any discussion of activity that may be harmful to persons or property.
- In the event of an evacuation, do not re-enter the building until CRAS Security Personnel have advised that it is safe to do so.