Missouri State University

Skip search and site index

Financial Services 

Customer Information Policy

Missouri State University Policy for Maintaining the Security, Confidentiality & Integrity of Customer Information

Control access to rooms and file cabinets where paper records are kept.
  • Doors to office areas are to be locked during non-business hours.
  • Customer information is to be processed in work areas that are behind locked doors or in other areas not regularly accessible to the general public.
  • Guests are escorted in areas where customer information is being processed and are restricted to areas where customer information is not in plain view.
  • File cabinets used to store customer information are secured in locked areas or areas not regularly accessible to the general public.
  • The cabinets used to store promissory notes are locked during non-business hours.
  • Documents no longer needed are disposed of in designated recycling containers or shredded on site.
  •  Custodial and Maintenance staff are trained to ensure secure areas remain locked and confidential information is safeguarded.
  • Building Security Guidelines are to be followed as published by the Office of Safety & Transportation.
Control access to information stored electronically.
  • Computer workstations accessing customer information are to be housed behind locked doors or in areas where output devices (screens, printers, etc.) cannot be seen by the general public.
  • Computer screens displaying customer information are to be minimized when not in use to prevent inadvertent breeches.
  • Strong passwords are to be used.
    • Network and email access (at least eight characters, alphanumeric, special character)
    • Mainframe access (at least eight characters, alphanumeric)
  • Computer passwords are required to be changed every 120 days.
  • User IDs, passwords, and PINs are not to be posted near or on computers.
Protect our customers’ information.
  • Requests for customer information will be responded to in accordance with FERPA guidelines.
  • Appropriate security policies will be developed and followed to ensure protection of customer information.
  • Fraudulent attempts to obtain customer information are to be reported to management, who will then report the attempt to the appropriate law enforcement agencies.