American Academy McAllister Institute of Funeral Service (AAMI) is committed to protecting the confidentiality, integrity, and availability of its information systems and data. Our Information Security Program defines the standards, responsibilities, and procedures for safeguarding sensitive information and systems across the institution.
Program Objectives
The AAMI Information Security Program is guided by federal and state laws and internal policy. Its goals include:
- Respecting the privacy, health, and property rights of students, faculty, staff, alumni, and other stakeholders
- Engaging all members of the AAMI community in anticipating and addressing potential security threats
- Preserving the confidentiality, integrity, and availability of all sensitive information
- Protecting physical and digital systems that store or transmit sensitive data
Sensitive Information & Systems
Sensitive information includes any data that is confidential or proprietary, such as:
- Student records
- Employee data
- Financial and health information
- Business transactions
Sensitive systems refer to any physical or digital infrastructure used to house or transmit this data, including:
- Buildings, safes, filing cabinets, and secured rooms
- Computers and servers
- Networks and databases
Governance & Responsibility
The Director of Operations is responsible for the overall effectiveness and enforcement of the Information Security Program.
Implementation and compliance efforts are supported by the President’s Academic Council, the Chief Information Security Officer (CISO), legal counsel, and AAMI’s external auditing firm.
All department heads, staff, and students must adhere to the security procedures and principles applicable to their roles
Risk Assessment & Compliance
Compliance is monitored through regular risk assessments and internal audits, which review:
- Employee training and management practices
- Information system design, processing, transmission, and disposal
- System defense against intrusion, attack, or failure
Non-compliance may result in formal notices, corrective action plans, and follow-up reviews. Serious or repeated failures to comply may result in sanctions, depending on the severity and risk level involved.
Use Of Third-Party Services & Policy Limitations
AAMI may use third-party providers for certain security services. Details are available upon request.
This policy does not restrict AAMI from taking immediate action in response to a security incident.