Add to collection(s) Add to saved
  1. Social Science
  2. Law
  3. Criminal Justice

University of Wisconsin Milwaukee Information Security Program Prepared by

advertisement 
University of Wisconsin Milwaukee
Information Security Program
Revised 2/17/06
Prepared by
Security/Gramm-Leach-Bliley Act Core Team
University of Wisconsin Milwaukee
Information Security Program
INTRODUCTION
Numerous pieces of legislation have been passed in recent years in response to the increasing
digitization of information. The Gramm-Leach-Bliley Act (GLBA), the Health Insurance
Portability & Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act
(FERPA) are among those laws which attempt to protect consumer privacy by requiring
institutions to adopt certain commonsense safeguards. Moreover, as network-based information
storage becomes more common, certain concerns regarding data-safekeeping practices become
more acute. This document was developed by the Security/GLBA Core Team in response to
these legislative requirements and practical challenges. The Security/GLBA Core Team
members are listed at the end of this document.
The University of Wisconsin – Milwaukee has a decentralized structure in terms of IT support
and data handling. While this provides the flexibility to meet the needs of diverse educational
missions and research goals, it also presents the University with unique security challenges,
many of which can only be satisfied through centralized coordination and the collaboration of a
broad campus constituency. This document, which was formulated through such collaboration,
attempts to achieve that coordination. It describes administrative, operational, and technical
security safeguards that must be implemented across all systems on campus.
This plan is intended to provide the campus with tangible, practical information as to the
maintenance of electronic data as well as outline the University’s broad, long-term strategic
goals regarding information security.
DESIGNATION OF REPRESENTATIVES
The Institution’s Chief Information Officer (CIO) is designated as the Program Officer
responsible for coordinating and overseeing the Program. The Program Officer is responsible for
the strategic leadership of information technology planning and is ultimately responsible for all
central IT functions of the Institution, which include: ensuring that all security incidents are
investigated, documented, remediated and reported to the appropriate parties. Any questions
regarding the implementation of the Program or the interpretation of this document should be
directed to the Program Officer or his or her designees.
The Information Security Officer (ISO) is the focal person for implementing the Institution’s IT
Security Program. The ISO reports directly to the CIO regarding IT security issues.
The Institution’s Chief of Police coordinates the engagement of law enforcement in information
security compliance and is a partner in ensuring both information and physical security.
College and Divisional Leaders coordinate their efforts with the ISO and others as necessary to
ensure reasonable compliance with legislation and policy.
University Legal Counsel provides legal guidance as necessary to help ensure that the Program’s
compliance plans and activities meet legislative requirements.
2
The Information Systems Auditor provides assessment services for departments and divisions to
gauge compliance with legislation and best practices in an independent, non-biased and uniform
manner.
The Institution’s Archivist advises departmental and other administrative officers on the control
and disposition of records as defined by state law.
SCOPE OF PROGRAM
It is the responsibility of all University of Wisconsin Milwaukee employees to ensure the
security and confidentiality of university records and information; protect against any anticipated
threats or hazards to the security or integrity of such records; and protect against unauthorized
access to or use of such records or information that could result in substantial harm or
inconvenience to any individual.
ELEMENTS OF THE PROGRAM
I. Risk Identification and Assessment
The University of Wisconsin Milwaukee intends, as a part of this Program, to identify and assess
external and internal risks to the security, confidentiality, and integrity of university records and
information as well as to prevent risks by the use and implementation of the following.
A. Employee Training and Management:
Awareness Initiatives
Even with proper technical controls governing access, segregation of duties, and security over
application and database environments, data and information are still vulnerable to compromise
at UWM. Lack of security awareness among UWM employees and students could allow for the
compromise of information, data integrity and information assets. These are serious issues with
potential financial and legal implications. To effectively mitigate this risk, UWM has
established an Information Security Awareness Committee that is responsible for an awareness
campaign and program.
The primary objective of UWM’s Information Security Awareness Committee is to change
behavior among employees and students. It creates sensitivity to threats and vulnerabilities of
information systems. It encourages habits that will turn employees and students into a “human
firewall.” The campaign is on-going, motivational, lighthearted and non-technical with the
objective of focusing attention so that learning will be incorporated into conscious decision
making. Please see http://security.uwm.edu for more information related to activities that have
taken place to date.
Resource Guide for Conducting Interviews and Checking References (See
http://oser.state.wi.us/docview.asp?docid=1816.) The State of Wisconsin Office of State
Employment Relations has developed a resource guide to be used for all State employees. This
guide describes the importance of the interview and the planning of its process. It provides
information about how to properly select an interview panel; schedule and conduct the interview;
and evaluate the interview results. How to properly check references is also included as well as a
list of common mistakes to avoid when evaluating candidates. Successfully selecting a candidate
is crucial to ensuring the most qualified and responsible hire. It is at the hiring process juncture
that the expectations of the University must be communicated - that being protecting the security
and confidentiality of customer records and information.
3
Criminal Background Checks
To ensure that UWM accomplishes its mission and complies with Wisconsin Fair Employment
Act (s. 111.3.1 et seq., Wis. Stats.), the Public Employee Safety and Health requirements under s.
101.11 Wis. Stats., the Drug-Free Workplace Act (41 U.S.C. Sec. 701 et. seq.) and UWM's
Drug-Free Workplace Policy, and other state, federal and constitutional requirements for the
protection of applicants, employees, students and all other University and community
stakeholders, records of pending criminal charges and convictions may be considered in
employment decisions when the circumstances of the pending charge or conviction are
substantially related to the job. Please note that certain divisions or units have made this
required based on business needs and/or State requirements. Please see Attachments A and B
for examples of procedures that have been implemented by units on campus.
This practice should be considered for the following new hires and permissive reinstatements in
at UWM:




Classified appointments.
Non-teaching academic staff positions.
Limited Term Appointments.
Student employees hired in certain sensitive units. Contracted hourly workers in those same
units.
For recruitments, where it is the intent to conduct a criminal records review, advertisements and
position vacancy announcements must include a statement:
Sample language: "Please note: This position requires a criminal records review consistent
with the Wisconsin Fair Employment Act."
For recruitments involving faculty and teaching academic staff, UWM will observe principles of
the American Association of University Professors Statement of Professional Ethics (University
of Wisconsin Milwaukee Faculty Document No. 2229, February 17, 2000).
Current UWM employees will not be subject to a criminal records review under this policy,
unless the Chancellor or designee determines otherwise.
Position Description Language
Position descriptions for all employees of the University must clarify the responsibility of
protecting the security and confidentiality of customer records and information. Therefore, each
position description must include the following:
It is my responsibility, as a University of Wisconsin Milwaukee employee, to ensure the security
and confidentiality of customer records and information; protect against any anticipated threats
or hazards to the security or integrity of such records; and protect against unauthorized access
to or use of such records or information that could result in substantial harm or inconvenience to
any customer.
 Employee Confidentiality Agreement (Attachment C)
Given the utmost importance of maintaining and ensuring security and confidentiality of
customer records and information, each University of Wisconsin Milwaukee employee must be
4
provided with and required to sign an Employee Confidentiality Agreement. This agreement
outlines what confidential information is; references the federal statutory language that regulates
or protects records and data; describes the expectations and responsibilities related to protecting
information and data; and provides an understanding of the consequences for not complying with
the requirement.
 Employee Training Recommendations
It is necessary that new and existing employees be trained in the area of maintaining
confidentiality and ensuring the security of records and data. The University provides
information and training electronically through Legal Affairs and the Department of Enrollment
Services for University employees. Access to this information can be found by logging on to the
University’s web site at www.uwm.edu. Family Educational Rights & Privacy Act of 1974
(FERPA) information, as well as a FERPA Tutorial, is provided by the Department of
Enrollment Services. Information can be accessed by logging on to
www.uwm.edu/Dept/DES/quicklinks/ferpa.html. Additional training is available through
university Professional Development Opportunities that focus on various aspect of maintaining
security e.g. “Information Security Basics and Identity Theft/Fraud Prevention” provided by
Information & Media Technologies’ IT Information Security Officer (ISO).
 Employee Codes of Conduct
-State of Wisconsin Employment Code of Ethics (Wisconsin Administrative Code, Chapter ERMRS 24). Found at http://www.legis.state.wi.us/rsb/code/er-mrs/er-mrs024.pdf.
-American Association of University Professors Statement of Professional Ethics (University of
Wisconsin Milwaukee Faculty Document No. 2229, February 17, 2000). Found at
http://www.uwm.edu/Dept/SecU/facdocs/2229.pdf.
-University of Wisconsin System Unclassified Staff Code of Ethics (Wisconsin Administrative
Code, Chapter UWS 8). Found at http://www.legis.state.wi.us/rsb/code/uws/uws008.pdf.
-IT Professional Conduct Guidelines. Found at www.sage.org/ethics.mm
-National Association of Student Financial Aid Administrators Code of Ethics. Found at
http://www.nasfaa.org/annualpubs/NEthical599.html.
-Other departmental, unit, or professional organization specific code of ethics may apply.
B. Information Systems and Information Processing:
The Program Officer coordinates with the Information Security Auditor, representatives of
Information & Media Technologies and representatives of the IT staff employed by other
Institutional units to assess the risks to nonpublic, personal information associated with the
Institution’s information systems including: network and software design, information
processing, and the storage, transmission and disposal of nonpublic information. This ongoing
evaluation is based upon school/college/division self-assessments of their compliance of the
requirements of applicable legislation, including the GLB Act, FERPA, and HIPAA. Previous
evaluations included a survey of departmental procedures concerning personally identifiable
financial information (PIFI), an outside audit of the Institution’s student information systems and
an internal audit of LAN security practices in Business and Financial Services. Since November
2004, surplus computers and computer-related devices are collected and processed for disposal
through a contract with an outside vendor who ensures that the disposal is handled in an
environmentally responsible manner and that any data are securely removed from electronic
media.
C. Records Retention and Disposal:
University specific requirements and policies found at www.uwm.edu/Libraries/arch/records.htm
5
University records are not the personal property of the staff who create and maintain them, but
are the property of the University and, ultimately, of the State of Wisconsin. University offices
and departments thus do not have the legal authority to dispose of paper records, delete files,
erase documents, or purge data elements from a records series without first securing the approval
of the Public Records Board (PRB) by submitting records schedules, formally known as records
retention and disposition authorizations (RDAs), to cover their materials. An RDA is a binding
legal authority for records disposal. The records-scheduling process enables the PRB to ensure
that records are either preserved permanently, if they are of long-term historical value, or else
retained and disposed of in the proper manner at the correct time. Campus offices do not need to
deal directly with the PRB, because the University Archives provides information and assistance
in preparing records schedules to all departments and acts as a liaison between the campus and
the PRB. All offices should submit proposed RDAs to the Archives for review and approval; the
Archives will then forward the records schedules to the PRB for final approval and notify offices
of the status of their RDAs. For further information, contact UWM's Archives Department.
D. Detecting, Preventing and Responding to Attacks:
The Program Officer coordinates with the Information Security Officer and the Information
Systems Auditor to develop and evaluate procedures for and methods of detecting, preventing
and responding to attacks and other system failures. They are also responsible for reviewing and
recommending changes to existing network access policies and procedures, as well as
developing procedures for coordinating responses to network attacks and overseeing the
activities of the Computer Security Incident Response Team (CSIRT). In this regard, the
Program Officer may elect to delegate to the Information Security Officer and/or the Information
Systems Auditor the responsibility for monitoring and participating in the dissemination of
information related to the reporting of known security attacks and other threats to the integrity of
networks utilized by the Institution.
The Program Officer, Information Security Officer and members of the Computer Security
Incident Response Team (CSIRT) will develop and evaluate procedures for, and methods of,
detecting and responding to attacks and other system failures.
II. Contingency Planning
UWM depends on certain functions such as building operations, financial transactions,
communications and information systems applications and infrastructure; if they are not
operational, the University cannot conduct its business. Accordingly, UWM will develop
comprehensive contingency plans to support mission critical functions.
UWM has already implemented an Emergency Operations Plan developed by the Department of
Environmental Heath Safety and Risk Management. See
<http://www.uwm.edu/Dept/EHSRM/EMERGENCY/EOP.html>. This plan is designed to
provide quick and professional support when an emergency situation is confronted.
The responsibility for continuity of a function at UWM, in the absence of a critical resource,
rests with the user of the resource. Responsibility for the recovery of the resource rests with the
provider. As a result, providers and users of mission critical functions at UWM are expected to
have a Mission Resumption Plan. This plan will identify high likelihood and high impact risks
so that specific actions steps can be developed to ensure readiness, response, recovery and
restoration. All plans will be periodically tested, reviewed and updated. A template for
departments to draft a mission resumption plan is available (Attachment D).
6
III. Designing and Implementing Safeguards
The risk assessment and analysis described above shall apply to all methods of handling or
disposing of nonpublic financial information, whether in electronic, paper or other form. The
Information Security Officer and Information Systems Auditor will, on a regular basis,
implement safeguards to control the risks identified through such assessments and to regularly
test or otherwise monitor the effectiveness of such safeguards. Such testing and monitoring may
be accomplished through existing network monitoring and problem escalation procedures.
IV. Overseeing Service Providers
It is the responsibility of the University of Wisconsin Milwaukee Purchasing Office to oversee
service providers by contractually obligating them to implement and maintain appropriate
safeguards that adhere to the Gramm-Leach Bliley Act. To comply with GLBA, the State of
Wisconsin Purchase Order Standard Terms and Conditions had language added for service
providers to comply with GLBA. Effective July 1, 2004, this language appears on the back of
every purchase order sent out by the university.
State of Wisconsin Purchase Order Language:
“RELEASE OF INFORMATION: Contractor shall not report or release information concerning
UWM or its students, employees or customers to third parties without UWM’s prior written
approval. Any such report or release of information shall, at a minimum, comply with those
requirements enumerated in the Gramm-Leach Bliley Act, 15 USC 6801 et seq., UWM’s
standards for safeguarding such information, and all other applicable laws regarding consumer
privacy.”
V. Adjustments to Program
The Information Security Officer and Information Systems Auditor is responsible for evaluating
and adjusting the Program based on the risk identification and assessment activities undertaken
pursuant to the Program, as well as any material changes to the university’s operations or other
circumstances that may have a material impact on the Program
7
Attachment A
PILOT PROGRAM - Phase in began May 1, 2005
<Please note that departments who are required to do checks must continue to do them.
This Office will only be doing DOJ General Requests>
PROCESS FOR CRIMINAL BACKGROUND CHECKS ON ALL
PERMANENT STAFF RECRUITMENTS
1. CONSULTATION WITH THE DIRECTOR: Administrative Officer will consult with the
Director to decide if a background check will be required for each recruitment she receives
during the Pilot Program.
2. POSITION ANNOUNCEMENT: Position announcements must state, "All finalists for this
position will require a criminal records review consistent with the Wisconsin Fair
Employment Act."
3. APPLICATION SUPPLEMENT: The Application Supplement is a release document and an
information gathering document that the finalist or candidate for a position fills out and then
signs. It must be a separate document from the regular application materials. The criminal
background check that is conducted becomes a verification process of the information
offered by the applicant on this document instead of a search for information that may
disqualify an applicant. Screening processes done in this manner are viewed as less of an
infringement upon individual rights.
This document is sent directly to the Administrative Officer in a CONFIDENTIAL envelope
that she provides the candidate. Leaking information about a potential employee is unethical
and could result in legal problems. Keeping information confidential still allows us to make
intelligent hiring decisions without harming the reputation of potential candidates.
4. TIMING OF THE APPLICATION SUPPLEMENT: The Application Supplement is sent out
with a cover letter (sample attached) at the following stages of the recruitment:
 Academic Staff Recruitments at the Form B - Request to Interview stage
 Classified Staff Recruitments at the candidate selection phase - Hiring
Justification/Non-Mandatory Transfer Referral Form /Mandatory Transfer Referral
Form
5. CONDUCTING THE CRIMINAL BACKGROUND CHECK: When Administrative Officer
receives Application Supplements she will conduct a criminal background check via the
Department of Justice website http://wi-recordcheck.org or a request will be sent out-of-state
according to that state's procedures available at http://www.doj.state.wi.us/dles/cib/sclist.asp.
Additionally, sex offender websites will be reviewed. Wisconsin's is at
http://offender.doc.state.wi.us/public.

If the records review raises any legitimate employment concerns, Administrative
Officer will consult with the Vice Chancellor.
8

In some cases, the supervisor may decide to receive confidential input from a group
of advisors. The advisors have agreed to give his/her opinion on whether a
disqualification of the finalist is warranted based on the duties of the position and the
finalist’s record(s). The advisory committee will be sent a memorandum describing
the duties of the position and the reasons why a negative decision is being considered.
Each committee member sends back his/her confidential opinion to the Vice
Chancellor.
6. DECISION: Once a decision is made, Administrative Officer will communicate with the
Director, Department Personnel Rep and/or the search committee chair, providing no details
other than whether the finalist is either “acceptable,” in which case the hiring process moves
forward, or “unacceptable,” in which case the finalist is disqualified from further
consideration. In the latter case, the Director may need to notify the finalist.
7. RECORDKEEPING: The confidential documents from the criminal background records
review process shall be kept separately in a secured file in the Vice Chancellor’s Office and
the Administrative Officer will be the only person with access to the files.
8. TIMING OF THE OFFER AND THE RESULTS OF THE CHECKS: In the event, that a
criminal records review cannot be fully completed before an offer is made, the following
option is available.
An offer of employment can be made if the candidate has turned in a
signed/completed Application Supplement to the Administrative Officer and the
information provided does not disqualify the individual for the position. Once the
Administrative Officer confirms that the Application Supplement information would
not disqualify the candidate (if it is truthful), then, a verbal offer may be made to the
candidate. In addition, any appointment letters issued before the results of a criminal
records review are received will have the following contingency statement, "this
appointment is contingent upon successful completion of a criminal background
records review." In the event that an individual is hired and later is disqualified, the
Director will notify the employee of the decision and the Administrative Officer will
help write the correspondence to the employee.
9
<date>
<name>
<address>
<address>
Dear <Mr. Or Ms.> <Last Name>:
You are considered to be one of the finalists for the open position of
____________________________ in the Department of _______________________. This
position requires a criminal background records review. In order to complete the review and
make a final hiring decision, it is necessary for you to fully complete and return the attached
application supplement. Your response should be postmarked or hand delivered to the
Administrative Officer, Division of XX, Office of the Vice Chancellor, Chapman Hall Room
XX, no later than___________________ . To insure your privacy, I have enclosed a
confidential return envelope.
Upon completion of a criminal record review, a final hiring decision will be made.
If you do not complete and return the enclosed form by the due date, you may not be considered
further for this position.
If you have any questions regarding the application supplement, criminal record review or the
recruitment process, please call me at (414) 229-XXXX.
Sincerely,
Administrative Officer
10
CONFIDENTIAL
Application Supplement – Conviction Record and/or Pending Criminal Charges
NOTE TO APPLICANTS: The position for which you are applying is one in which a conviction of a violation of
the law or pending criminal charges at the time you fill out this application supplement form may be a factor in
evaluating potential job performance. An actual check of conviction records and/or pending criminal charges will
be conducted only if you are a finalist for the position.
The information requested below is required to conduct an adequate records check and will in no way be used to
discriminate on the basis of age, gender, race or any other protected class status.
A record of conviction and/or pending criminal charges is not an absolute bar to employment. Such information
will be considered only if there is a substantial relationship between the circumstances of the conviction and/or
pending charge and the position being applied for. Your completion of this form is part of your application process.
Failure to disclose any conviction and/or pending criminal charges for a felony, misdemeanor or ordinance
violation (including a fine) other than non-moving traffic violations may impact our final hiring decision.
POSITION APPLIED FOR:__________________________ Circle one: STUD / LTE / CP / AS
FOR DEPARTMENT: ___________________________________________________________
Please print (for identification purposes only):
NAME:_______________________________________________________________________
First
Middle (required)
Last
OTHER NAMES YOU HAVE USED:______________________________________________
CURRENT ADDRESS:_________________________________________________________
Street
City
State
Zip
PREVIOUS ADDRESSES: (If you have not lived at current address for 3 years please provide
the next most recent address):
______________________________________________________________________________
Street
City
State
Zip
DATE OF BIRTH: _______________
Month/Day/Year
GENDER:
Male ____
Female ____
SOCIAL SECURITY NUMBER: _______________________________
DRIVERS LICENSE NUMBER:___________________ STATE OF ISSUE:_______________
HERITAGE CODE (circle one):
1) Black
2) Asian or Pacific Islander
3) American Indian or Alaskan Native
4) Hispanic
5) White
Note: Failure to disclose a conviction for any crime (meaning a felony, misdemeanor or ordinance
violation including payment of a fine) other than non-moving traffic violations will be considered an
intentional omission.
Page 1 of 2
Please complete the reverse side of the document before you submit it.
11
(Continued)
CONFIDENTIAL
Application Supplement - Conviction Record and/or Pending Criminal Charges
NAME: ________________________________________________________________
Have you ever been convicted of a felony, misdemeanor or ordinance violation (including receipt
of a fine)? Yes ____ No ____
If yes, indicate below:
1. Nature of the offense: _________________________________________________________
Date of Conviction: _______________________________
Name and Location of the Court: _____________________________________________
2. Nature of the offense:_________________________________________________________
Date of Conviction: _______________________________________________________
Name and Location of Court: _______________________________________________
Do you have any criminal charges pending against you?
Yes ____ No ____
If yes, please indicate the nature of the charges:
______________________________________________________________________________
______________________________________________________________________________
Additional information: (attach additional sheets if needed)
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
By signing this form, I hereby authorize UWM to obtain information pertaining to any
charges and/or convictions I may have had for violation of municipal, county, state or
federal laws. I hereby attest to the truthfulness of the representations I have made. I
understand that I must be truthful and, if any statement I have made is found to be false, I
will be denied candidacy for the open position or if already accepted, terminated from my
position.
_______________________________________________________________________
Signature
Date
Page 2 of 2
Please submit this form in a Confidential envelope to: UW- Milwaukee, Division of XX,
Office of the Vice Chancellor Attention: Administrative Officer, P.O. Box XXX,
Milwaukee, WI 53201.
12
Criminal Background Checks









Considered to be part of the pre-employment screening - not a selection criteria.
Remember that references checks are even more vital than criminal records reviews in
assessing the character of the applicants.
There exists a fine line between diligent background investigation and invasion of privacy.
High Priority - crimes against persons and identity theft.
Medium Priority - drug-related offenses
Low Priority - property crimes.
Applicants are given a chance to challenge the accuracy of information that is received
during the criminal records review - because these databases are not perfect, and a person can
be falsely identified. We want to make sure that we do not make adverse decisions based on
incorrect or inapplicable information.
The state law does state that if applicants provide false information they shall be disqualified
or terminated.
If we don't do the checks on all employees, we must be differentiating based on "legitimate
business interests".
Potential Pitfalls. We must be certain that we properly conduct these. We can be held liable
for unlawful discrimination, regardless of whether the discrimination was intentional. Other
potential claims are invasion of privacy, defamation, intentional infliction of emotional
distress and negligence.
Considerations include:
 the recency of the conduct in question,
 nature of the crime,
 the number of convictions,
 the age of the individual at the time of the offense,
 societal conditions that may have contributed to the nature of the conduct,
 the probability that an individual will continue the behavior in question,
 the individual's commitment to rehabilitation and subsequent work history.
13
Attachment B
JOB APPLICANT CONVICTION AND/OR PENDING CHARGES RECORDS REVIEW
POLICY AND PROCEDURES
STATEMENT OF POLICY
To ensure that the Unit of XX at the University of Wisconsin-Milwaukee accomplishes its
mission and complies with Wisconsin Fair Employment Act (s. 111.3.1 et seq., Wis. Stats.), the
Public Employe Safety and Health requirements under s. 101.11 Wis. Stats., the Drug-Free
Workplace Act (41 U.S.C. Sec. 701 et. seq.) and UWM's Drug-Free Workplace Policy, and other
state, federal and constitutional requirements for the protection of applicants, employees,
students and all other University and community users of UWM, it is the policy of the Unit of
XX that records of pending criminal charges and convictions be considered in employment
decisions only when the circumstances of the pending charge or conviction are substantially
related to the job.
PROCEDURES
This procedure will apply to the following new hires and permissive reinstatements in the Unit of
XX:
 All permanent, project and limited term classified appointments
 All unclassified appointments
 Student employees hired in certain units. Please call XX (xXXXX) if you are unsure
whether a student check is necessary
 Contracted hourly workers in those same units.
Current UWM employees will not be subject to a criminal records review under this policy,
unless the Vice Chancellor determines otherwise.
For recruitments, all advertisements and position vacancy announcements should include a
statement of intent to conduct a criminal records review.
Sample language: "Please note: This position requires a criminal records review consistent
with the Wisconsin Fair Employment Act."
If the search is national, the department can consider conducting the review at the finalist stage. This will
allow the process for out-of-state background checks, which often take 2-4 weeks, to get started. If the
department chooses this option, the advertisements and position vacancy announcements should include
this statement:
"Please note: This position requires a criminal records review consistent with the Wisconsin
Fair Employment Act. The reviews will be conducted at the finalist stage.”
A criminal records review will be conducted before a final offer of appointment is made.
Conditionally selected applicants will be required to complete an Application Supplement
14
regarding a pending charge and conviction record information. The Supplement must be filled
out accurately and completely. The Supplement shall be retained in confidence by the Vice
Chancellor for XX. Applicants who fail or refuse to complete the form or who provide false or
misleading information will not be further considered for employment. For a permanent
classified position, this may or may not result in removal and/or decertification from an exam
register and the potential for the recruiting unit to obtain an additional candidate's name.
All requests for a criminal records review will be made through the UWM University Police
Department. The Division will pay the cost of such review. The UWM University Police will
check any and all jurisdictions it deems prudent. The completed inquiry and the Application
Supplement will be submitted to the Vice Chancellor for XX for further analysis.
CRIMINAL RECORDS REVIEW CONSULTATION
If the Application Supplement or the criminal records review reveals a pending charge or
conviction record and rejecting the applicant may be contemplated as a result, the Vice
Chancellor and Associate Vice Chancellor will discuss the matter. If the Vice Chancellor and
Associate Vice Chancellor are unable to make a final determination on their own, they shall
consult and seek the advice of the following individuals familiar with the nondiscrimination
requirements of the Wisconsin Fair Employment Act (s. 111.31 et seq., Wis. Stats.), the Public
Employe Safety and Health requirements under s. 101.11 Wis. Stats., the Drug-Free Workplace
Act (41 U.S.C. Sec. 701 et seq.) and UWM's Drug-Free Workplace Policy, and other state,
federal and constitutional requirements for the protection of applicant, employees, students and
all other University and community users of UWM: the Director of XX or designee, the Vice
Chancellor for XX, and the University XX. If these three individuals (or designees) are
unavailable, the Vice Chancellor and Associate Vice Chancellor shall consult with other legal,
criminal justice or human resources professionals deemed necessary to make a determination as
to whether there is a substantial relationship between the arrest and/or conviction record and the
position.
In reviewing the results of a criminal records review on an individual applicant, the Vice
Chancellor will review each individual on a case-by-case basis and consider the following
factors in order to determine whether there is a substantial relationship between the conviction
and the employment position and whether the individuals should be further considered for the
position:
1.
The Offense. The nature, severity and intentionality of the offense(s)
including but not limited to:
a. the statutory elements of the offense (rather than the individual’s
account of the facts of the offense);
b. age at time of offense(s);
c. number of offenses;
d. time elapsed since last offense; and
e. whether the circumstances arose out of an employment situation.
15
2.
The Position. The duties, responsibilities and circumstances of the
position applied for, including but not limited to:
a. the nature and scope of the position's student, public or other
interpersonal contact;
b. the nature and scope of the position's autonomy and discretionary
authority;
c. the extent to which the position holds a measure of fiscal responsibility
to the University;
d. the opportunity presented for the commission of additional offenses;
and
e. the extent to which acceptable job performance requires the trust and
confidence of the employer, the University or the public.
The final determination to appoint or reject an individual on the basis of a criminal records
review will be made by the Vice Chancellor as appointing authority for the XX. The results of
the review and the final determination on individual cases are strictly confidential and will be
released only on a need-to-know basis upon the express authority of the Vice Chancellor.
16
Date
Name
Address
City, State
I am pleased to inform you that you are a final candidate for the position of
in the Department of
. As you know, this position requires a
criminal background records review. In order to complete the review and make a final hiring
decision, it is necessary for you to fully complete and return the attached application supplement
to the UWM Police Department. Your response should be faxed (414-229-XXXX), post
marked, or hand delivered to Lt.XXX, University Police Department no later than
.
Enclosed is a stamped self-addressed envelope for your convenience.
Upon completion of a criminal records review, a final hiring decision will be made. As
you can understand, we are motivated to make a timely hiring decision. To that end, please
know that if you do not complete and return the enclosed form by the due date, you may not be
considered further for this position.
If you have any questions regarding the application supplement, criminal records review
or the recruitment process, please call the XX at 229-XXXX.
Sincerely,
Name of Interviewer
Title
17
CONFIDENTIAL
Application Supplement – Conviction Record and/or Pending Criminal Charges
NOTE TO APPLICANTS: The position for which you are applying is one in which a conviction of a violation of
the law or pending criminal charges at the time you fill out this application supplement form may be a factor in
evaluating potential job performance. An actual check of conviction records and/or pending criminal charges will
be conducted only if you are a finalist for the position.
The information requested below is required to conduct an adequate records check and will in no way be used to
discriminate on the basis of age, gender, race or any other protected class status.
A record of conviction and/or pending criminal charges is not an absolute bar to employment. Such information
will be considered only if there is a substantial relationship between the circumstances of the conviction and/or
pending charge and the position being applied for. Your completion of this form is part of your application process.
Failure to disclose any conviction and/or pending criminal charges for a felony, misdemeanor or ordinance
violation (including a fine) other than non-moving traffic violations may impact our final hiring decision.
POSITION APPLIED FOR: __________________________________________________
FOR DEPARTMENT: __________________________________________________
Please print (for identification purposes only):
NAME:_______________________________________________________________________
First
Middle
Last
OTHER NAMES YOU HAVE USED: ______________________________________________
CURRENT ADDRESS: _________________________________________________________
Street
City
State
Zip
PREVIOUS ADDRESSES (most recent*): _______________________________________
(*Only if you have not lived at current address for 3 years)
(Street, City, State, Zip)
DATE OF BIRTH: _______________
Month/Day/Year
Male ____
GENDER:
Female ____
SOCIAL SECURITY NUMBER: _______________________________
Driver’s License Number and State of Issue: _______________________________
HERITAGE CODE (circle one):
1)
2)
3)
4)
5)
Black
Asian or Pacific Islander
American Indian or Alaskan Native
Hispanic
White
NOTE: Continued on reverse side.
Page 1 of 2
18
CONFIDENTIAL
Application Supplement - Conviction Record and/or Pending Criminal Charges (Continued)
Have you ever been convicted of a felony, misdemeanor or ordinance violation (including receipt of a fine) other
than non-moving traffic violations? Note: Failure to disclose a conviction for any crime (meaning a felony,
misdemeanor or ordinance violation including payment of a fine) other than non-moving traffic violations will be
considered an intentional omission.
Yes ____
No ____
If yes, indicate below:
1. Nature of the offense: __________________________________________________________
Date of Conviction: _______________________________
Name and Location of the Court: _____________________________________________
2. Nature of the offense:
______________________________________________________________________________
______________________________________________________________________________
Date of Conviction: _______________________________________________________
Name and Location of Court: _______________________________________________
3. Do you have any criminal charges pending against you?
Yes ____
No ____
If yes, please indicate the nature of the charges:
______________________________________________________________________________
______________________________________________________________________________
Additional information:
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
Attach additional sheets if necessary.
To the best of my knowledge, the information provided on this form is true and complete.
_______________________________________________________________________
Signature
Date
Page 2 of 2
19
Attachment C
UNIVERSITY OF WISCONSIN - MILWAUKEE
Department of ______________
Employee Confidentiality Agreement
In consideration of my employment and/or continued employment at the University of WisconsinMilwaukee (UWM), Department of Financial Aid, I agree as follows:
1.
For purposes of this Agreement, "confidential information" is defined as
information that is (a) information disclosed to me or known by me as a
consequence of my employment, and not generally known outside UWM or the
Department; or (b) protected by State or Federal laws.
Confidential information may include records or data protected by laws such as
the Family Educational Rights and Privacy Act (FERPA), the Gramm-LeachBliley Act, and the following Wisconsin Statutes: Section 19.21-19.39 (public
records laws) and Section 19.81-19.98 (open meetings laws).
2.
During my employment and after the termination of my employment, I will hold
the confidential information of UWM and the Department in trust and
confidence. I will safeguard confidential records, and will not use or disclose it or
any embodiment thereof, directly or indirectly, except as may be necessary in the
performance of my duties for UWM and the Department. I understand that any
unauthorized disclosure could be highly damaging to UWM, its employees,
students, donors, or others.
3.
I will not remove materials containing confidential information from UWM or
the Department unless authorized to do so by my supervisor. Any and all such
materials are the property of UWM and/or the Department. Upon termination of
any assignment or as requested by my supervisor, I will return all such materials
and copies thereof to the Department.
4.
I understand that I should contact my supervisor if I am asked to disclose
confidential information or if I have questions relating to what constitutes a
confidential record.
5.
I understand that if I violate this Agreement, I may be subject to disciplinary
action, including termination or legal action, or both.
IN WITNESS WHEREOF, and intending to be legally bound, I have hereunto set my
hand on this ___ day of _____________, 20____.
EMPLOYEE:
SUPERVISOR:
________________________
_______________________
20
Attachment D
UNIVERSITY OF WISCONSIN-MILWAUKEE
MISSION RESUMPTION PLANNING
DEPARTMENTAL OR PROGRAM PLAN
The responsibility for continuity of a function at UWM, in the absence of a critical resource,
rests with the user of the resource. Responsibility for the recovery of the resource rests with the
provider.
1. Date
January 2004
2. School, College or Division
Administrative Affairs
3. Department
Environmental Health, Safety and Risk Management
4. Program or sub-unit
Animal Resource Center
5. Functions of program or sub-unit and related tasks
A.
Provide for the care, health and well being of animals used for research and
education at UWM.
Task
B.
Schedule, Deadline
Administer to animal related needs of UWM researchers and educators
through dissemination of knowledge and resources.
Task
C.
Description
Description
Schedule, Deadline
Serve the public by ensuring observance of all legal and ethical standards
pertaining to the use of animals for research and education at UWM.
21
Task
Description
Schedule, Deadline
6. High likelihood risks
A.
B.
C.
Water outage
Steam (heat outage)
Mechanical failure
7. High impact risks
A.
B.
C.
D.
E.
F.
Long-term power outage
Fire
Vandalism (release animals, kill animals, sabotage research)
Terrorism
Epidemic
Tornado
8. Space
Building
Room #
Purpose
Lapham
Animal
Cage
wash
Procedures
(labs)
Sq. footage
Security
Lighting
Voice
Data
Temperature
Humidity
Electricity
HVAC
Wiring
Generator
Water
Floor drain
Sinks
Plumbing
Steam
Sewer
Garbage
Waste
Acoustics
22
Necropsy
Storage Records
Loading
dock
Elevator
Ramp
9. Equipment
Item
Quantity Use
Size
Model
Serial
#
Supplier
Alternate Cost
supplier
Cage
washers
Cages
Racks
Water
bottles
Food dishes
Walk-in
cooler
Refrigerators
Surgical and
medical
Pads
Lamps
Specialized
positioning
Specialized
restraining
Windows
server
10. Inventory and supplies
Item
Description
Average
quantity on
hand
Rats
Mice
Rabbits
Pigeons
Food
Bedding
23
Vendor
Alternate Unit
vendor
cost
Cleaning
supplies
Pharmaceuticals
Emergency
water
Diesel fuel for
generator
11. Stakeholders
Name
Category
Researcher
E-mail
V-mail
Instructor
Student
12. Data files
Name
Description Medium
Software
Storage
Off-site
storage
location
LAMBS
Word
Excel
FileMaker
Pro
13. Personnel
Name
Title
Responsibilities Keys/security UWM
phone
24
UWM UWM
pager cell
phone
Home
phone
14. Develop a plan to ensure “readiness” in the event that the relatively high probability risks
cause disruption to key functions and tasks. Import elements of “readiness” are:
A.
Negotiate formal contract with MCW, VA or MU to provide back-up facilities
B.
C.
D.
Prevention
Avoidance
Reducing the probability of risk
15. Develop a plan to ensure “response” in the event of disruption. Important elements of
“response” include:
A.
B.
C.
D.
E.
F.
G.
H.
Update current Animal Resource Center “Disaster Plan”
Draft plan to evacuate animals
Draft plan for euthanasia
Personnel evaluation
Safety
Damage Assessment
Security
Notifications
16. Develop a plan to address initial “recovery” in the event of disruption. This includes:
A.
B.
C.
D.
E.
Alternate work sites
Workarounds
Personnel requirements
Training requirements
Identifying necessary resources and applicable costs
17. Develop a plan for “restoration” to return to business as usual. This includes:
A.
B.
C.
D.
E.
Salvage operations
Facilities reconstruction
Resumption of all essential support functions
Systems and technology
Identifying necessary resources and applicable costs
18. All plans must periodically be:
A.
B.
C.
D.
Tested
Reviewed
Updated
Assigned an estimated cost
25
REFERENCES
FERPA (Family Educational Rights and Privacy Act)
 Overview http://www.uwsa.edu/gc-off/deskbook/ferpa.htm
 UWM FERPA Manual http://www.des.uwm.edu/intranet/ferpa/ferpamanual.pdf
 FERPA Regulations http://www.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf
 Department of Education FERPA Compliance Office
http://www.ed.gov/policy/gen/guid/fpco/index.html
 UWM FERPA Tutorial http://www.uwm.edu/Dept/DES/ferpa/
HIPAA (Health Information Portability and Accountability Act)
 UWM HIPAA Manual
http://www.uwm.edu/Dept/LEGAL/Pages/OLA_Publications/Policies%20and%20Proced
ures%20for%20the%20Protection%20of%20Patient%20Health%20Information/HIPAA
%20Manual.pdf
 HIPAA Security Regulations
http://www.cms.hhs.gov/hipaa/hipaa2/regulations/security/03-3877.pdf
 HIPAA Privacy Regulations http://www.hhs.gov/ocr/hipaa/privrulepd.pdf
 Department of Health and Human Services HIPAA Compliance Materials
http://www.hhs.gov/ocr/hipaa/
Gramm-Leach-Bliley (Financial Services Modernization Act of 1999)
 Gramm-Leach-Bliley Statute http://www4.law.cornell.edu/cgibin/htm_hl?DB=uscode15&STEMMER=en&WORDS=6801+&COLOUR=Red&STYL
E=s&URL=/uscode/15/6801.html#muscat_highlighter_first_match
 Gramm-Leach-Bliley Privacy Regulations http://ecfr.gpoaccess.gov/cgi/t/text/textidx?c=ecfr&sid=b69486e1722de82d13a476cb6808389a&rgn=div5&view=text&node=1
6:1.0.1.3.38&idno=16
 Gramm-Leach-Bliley Safeguarding Regulations http://ecfr.gpoaccess.gov/cgi/t/text/textidx?c=ecfr&sid=b69486e1722de82d13a476cb6808389a&tpl=/ecfrbrowse/Title16/16cfr3
14_main_02.tpl
 Federal Trade Commission Fair Information Practice Principles
http://www.ftc.gov/reports/privacy3/fairinfo.htm
 Federal Trade Commission Guidance on Financial Privacy
http://www.ftc.gov/privacy/glbact/index.html
 Bureau of Consumer Protection Guidance on Privacy of Customer Financial Information
http://www.ftc.gov/privacy/glbact/glboutline.pdf
DMCA (Digital Millennium Copyright Act)
 DMCA Statute
http://assembler.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00001201----000.html
 Copyright Office DMCA Summary http://www.copyright.gov/legislation/dmca.pdf
26
USA PATRIOT Act
 USA PATRIOT Act Statute http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ056.107.pdf
 Department of Justice USA PATRIOT Act Homepage http://www.lifeandliberty.gov/
Wisconsin Laws, Regulations and Publications
 Chapter 36, Wisconsin Statutes, University of Wisconsin System
http://www.legis.state.wi.us/statutes/Stat0036.pdf
 Wisconsin Statutes § 943.70, Computer Crimes
http://www.legis.state.wi.us/statutes/Stat0943.pdf
 Chapter UWS 8, Wisconsin Administrative Code, Unclassified Staff Code of Ethics
http://www.legis.state.wi.us/rsb/code/uws/uws008.pdf
 Chapter UWS 18, Wisconsin Administrative Code, Conduct on University Lands
http://www.legis.state.wi.us/rsb/code/uws/uws018.pdf
 Chapter ADM 12, Wisconsin Administrative Code, Electronic Records Management
http://www.legis.state.wi.us/rsb/code/adm/adm012.pdf
 Chapter ER-MRS 24, Wisconsin Administrative Code, Code of Ethics
http://www.legis.state.wi.us/rsb/code/er-mrs/er-mrs024.pdf
 UW Board of Regents Policy 97-2, Use of Information Technology Resources
http://www.uwsa.edu/bor/rpd/bor_pols.pdf
 OSER Resource Guide for Conducting Interviews
http://oser.state.wi.us/docview.asp?docid=1816
UW System Policies and Pages
 GAPP 10, Computer Software Ownership http://www.uwsa.edu/fadmin/gapp/gapp10.htm
 GAPP 11, Sharing Services and Products http://www.uwsa.edu/fadmin/gapp/gapp11.htm
 GAPP 20, Computing Acquisitions Responsibility and Authority
http://www.uwsa.edu/fadmin/gapp/gapp20.htm
 GAPP 20A, Telecommunications Acquisitions Responsibility and Authority
http://www.uwsa.edu/fadmin/gapp/gapp20a.htm
 GAPP 27, Copyrightable Instruction Materials
http://www.uwsa.edu/fadmin/gapp/gapp27.htm
 FPP 48, Laboratory/Classroom Modernization and General Computer/Network Access
http://www.uwsa.edu/fadmin/fppp/fppp48.htm
 UW System Office of Financial Administration http://www.uwsa.edu/fadmin/
UWM Pages
 UWM Security Homepage http://www.security.uwm.edu
 UWM Department of Human Resources http://www.uwm.edu/Dept/HR/
 UWM Records Management http://www.uwm.edu/Libraries/arch/records.htm
 UWM Emergency Preparedness http://www.uwm.edu/Dept/EHSRM/EMERGENCY/
 Division of Administrative Affairs Criminal Background Check Procedures
http://www.uwm.edu/Dept/admaffrs/10042001%20%20Policy%20and%20Procedures.doc
 Faculty Document 2229, Statement on Professional Ethics
http://www.uwm.edu/Dept/SecU/facdocs/2229.pdf
27
Members of the Security/Graham-Leach-Bliley Act Core Team include:
Julie Bonner, Norris Health Center Director
Steve Brukbacher, Information Systems Technology Services Specialist
Hector de la Mora, Senior University Legal Counsel
Michael Doylen, Libraries Senior Academic Librarian and University Archivist
Edward Melchior, Internal Audit Advanced Auditor
Michelle Schartner, Financial Management Supervisor (formerly)
David Stack, Deputy Chief Information Officer
Co-Chairs:
Jane Hojan-Clark, Financial Aid Department Director
Paul Rediske, Internal Audit Director
28
Related documents
Service-Learning
Service-Learning
English 437 Preview
English 437 Preview
Word
Word
Stalewski Presentation - University of Wisconsin System
Stalewski Presentation - University of Wisconsin System
Payroll and Benefits Program Supervisor – Human Resources
Payroll and Benefits Program Supervisor – Human Resources
Opportunity for Teachers to Develop
Opportunity for Teachers to Develop
Download
advertisement