The Institution's Director of IT Department is designated as the Program Officer who shall be responsible for coordinating and overseeing the Program. The Program Officer may designate other representatives of the Institution to oversee and coordinate particular elements of the Program. Any questions regarding the implementation of the Program or the interpretation of this document should be directed to the Program Officer or his or her designees.

The Program applies to any record containing nonpublic financial information about a student or other third party who has a relationship with the Institution, whether in paper, electronic or other form that is handled or maintained by or on behalf of the Institution or its affiliates. For these purposes, the term nonpublic financial information shall mean any information (i) a student or other third party provides in order to obtain a financial service from the Institution, (ii) about a student or other third party resulting from any transaction with the Institution involving a financial service, or (iii) otherwise obtained about a student or other third party in connection with providing a financial service to that person.

1. Risk Identification and Assessment.
The Institution intends, as part of the Program, to undertake to identify and assess external and internal risks to the security, confidentiality, and integrity of nonpublic financial information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information. In implementing the Program, the Program Officer will establish procedures for identifying and assessing such risks in each relevant area of the Institution's operations, including:

• Employee training and management. The Program Officer will coordinate with representatives in the Institution's [Human Resources and Financial Aid offices] to evaluate the effectiveness of the Institution's procedures and practices relating to access to and use of student records, including financial aid information. This evaluation will include assessing the effectiveness of the Institution's current policies and procedures in this area.



• Information Systems and Information Processing and Disposal. The Program Officer will coordinate with representatives of the Institution's [Department of Information Technology or other relevant department] to assess the risks to nonpublic financial information associated with the Institution's information systems, including network and software design, information processing, and the storage, transmission and disposal of nonpublic financial information. This evaluation will include assessing the Institution's current polices and procedures relating to [Acceptable Use of the Institution's network and network security, document retention and destruction]. The Program Officer will also coordinate with the Institution's [Department of Information Technology] to assess procedures for monitoring potential information security threats associated with software systems and for updating such systems by, among other things, implementing patches or other software fixes designed to deal with known security flaws.



• Detecting, Preventing and Responding to Attacks. The Program Officer will coordinate with the Institution's [Department of Information Technology and other relevant units] to evaluate procedures for and methods of detecting, preventing and responding to attacks or other system failures and existing network access and security policies and procedures, as well as procedures for coordinating responses to network attacks and developing incident response teams and policies. In this regard, the Program Officer may elect to delegate to a representative of the [Department of Information Technology] the responsibility for monitoring and participating in the dissemination of information related to the reporting of known security attacks and other threats to the integrity of networks utilized by the Institution.

CRAS - The Conservatory of Recording Arts and Sciences is committed to the highest ethical and professional standards of conduct as an integral part of it’s mission: the success of our students. To achieve this goal, The Conservatory of Recording Arts and Sciences relies on each employee’s ethical behavior, honesty, integrity and good judgment. Each employee should demonstrate respect for the rights of others. Each employee is accountable for his/her actions with respect to all relevant internal and external rules and regulations.

CRAS - The Conservatory of Recording Arts and Sciences and each employee must transact The Conservatory activities in compliance with all laws, regulations and Conservatory policies related to their positions and areas of responsibility. Managers and supervisors are responsible for teaching and monitoring compliance in their areas. Every employee is responsible for complying with all federal, state, and local and accrediting agency laws, regulations, guidelines and standards. Every employee is obligated to know and to comply with all Conservatory of Recording Arts and Sciences policies including but not limited to the Employee Handbook.

CRAS - The Conservatory of Recording Arts and Sciences compliance efforts focus on teaching employees the appropriate compliance standards for the areas in which they work. Employees may have genuine concerns about matters that they are not sure whether or not acts represent compliance violations. Each employee is required as a condition of employment, to report violations or concerns about violations that come to his/her attention. Managers have a special duty to adhere to the standards set forth in this code, to recognize violations, and to enforce the standards. Disciplinary actions for proven violations of this code of conduct or for retaliation against anyone who reports a possible violation will be determined on a case by case basis and may include termination of employment. Individuals who violate the code may also be subject to civil and criminal charges.

If any person employed by CRAS - The Conservatory of Recording Arts and Sciences in any capacity feels they have been witness to or heard of a violation of the code should contact their immediate supervisor or the College Administrator if the supervisor is not available or they do not feel they can professionally discuss the situation with the supervisor. All concerns will be investigated and reviewed to determine what action needs to be taken.

A potential or actual conflict of interest exists when an employee’s commitments or obligations to The Conservatory may be compromised by his/her other interests or commitments(especially economic), particularly if those interests or commitments are not disclosed. Use of The Conservatory equipment, computers, or facilities for personal matters is a per se Conflict of Interest. Although not all conflicting interests are impermissible, those involving the employee’s self-gain, unfair enhanced work performance or similar conduct by a third party to whom the employee is related may serve to compromise the employee’s primary obligation to The Conservatory.

No employee shall, for personal gain, the gain of others or for any other non-business reason use any information not available to the public that was obtained as a result of service to The Conservatory including by not limited to email and other communications whether or not marked confidential issued by an employee of The Conservatory to other employees or vendors of The Conservatory.

No employee shall solicit or accept for personal use, or for the use of others, any gift, favor, loan, gratuity, reward, promise of employment or any other thing of monetary value that might influence or appear to influence the judgment or conduct of the employee regarding The Conservatory business or policy. Full and timely disclosure of potential or actual conflicts of interest will sensitize all employees to these issues and will promote resolution of actual conflicts. Each employee is expected to discuss with his/her supervisor any affiliation, interest, or other matter that presents a real, apparent or potential conflict of interest.

Every employee shall be familiar with the Institutional Code of Conduct and your specific Department Code of Conduct.

Here's the shortest explanation of Copyright Law: Only the copyright owner of a work can make copies of it in any form. Period. Anyone else who wants to copy any part of this work must get a license or negotiate an agreement or get permission in some form. That includes you and me.

Copyright means ownership of rights . . . of songs, musical compositions, movies, videos, video games and other types of creations. The original copyright owners of these creations are often people like you, but it is likely that you will be tempted to sign your rights over to a company – a record label or a publisher or a video game company, etc., and then they become the copyright owner.

Copyright laws, enacted by United States Congress, were originally intended to protect the creators of works, but now they protect the exploiters of the creators. This is simple politics. The Copyright industry has great power to influence Congress to make the laws they want. Creators have no power whatsoever. These laws should be taken very seriously. If you don’t obey them, you could face hideously high fines and possibly even prison time!

To be legal, we must pay for what we acquire. If we don’t, we are infringing the rights of the copyright owner. Some examples of infringement would be:

• Downloading songs, albums or videos without paying for them
• Uploading songs, albums or videos to a file sharing site
• Making a copy of a song, CD or video for a friend (or many friends)
• Making a copy of software for others (or accepting a copy from someone else)
• Making more than one copy of something you legally acquired . . . for your own use
• Sampling without permission of the copyright owners of the recording and the song
• Recording a released song without obtaining a Compulsory (Mechanical) License
• Or any other form of acquiring copyrighted material without paying for it

If found guilty of copyright infringement, you could be liable for: Actual Damages and Profits. (In other words, the money you have caused the copyright owner to lose) This could cost you millions.
Or,
Statutory Damages. (Awards specified by Copyright Statutes) A fine of $750 to $30,000 for each infringing song (or other work). or In the case of “Willful Infringement,” up to $150,000 for each infringing song (or other work). Settlement. The Recording Industry Association of America (RIAA) has sued some 35,000 people for copyright infringement of recorded material, allowing all but two of them to avoid lawsuits by “settling” for amounts ranging roughly from $2,000 to $5,000 per person. Of the two people who fought the cases, one lost and was fined $675,000.

The other was fined $220,000. That case was appealed and the individual was then fined $1,920,000 for allegedly downloading 30 songs. This case is still unresolved, as various judges have recommended a reduction of the fine to $50,000 or less.

The 2005 Family Entertainment and Copyright Act makes it illegal to video record a movie or leak a recording before its official release date. It carries fines of up to $250,000 and prison terms of 3 to 6 years.

At the extreme is the Uruguay Round Agreements Act of 1994, which provides imprisonment of up to ten years for the unauthorized recording or videotaping of live musical performances. The penalties can also apply to those who sample from or even transport these ”bootlegs”!

The Obama administration is supporting the entertainment industry’s requests for new harsh laws. A proposed law (ACTA) would require ISPs to shut off your internet service if you are accused three times of illegal downloading. The administration has established a new Intellectual Property Enforcement Coordinator – Victoria Espinel. (Some refer to this position as the "Copyright Czar".) Other laws are in the works.

There is a copyright law concept called “Fair Use” which suggests that there may be certain things you can do with copyrighted material without permission . . . if they qualify as “Fair Uses.” This would include parodies, research, news reporting and certain activities in education. However, this is dangerous territory, and even the copyright office says that there are no clearly defined safe uses.

Today's copyright scholars have stated that we have lost our fair use rights. For anything to qualify as a Fair Use, it cannot be used to make a profit. Therefore, most parodies would not qualify.

While there is concern that copyright laws are overreaching, unduly harsh, unfairly biased toward the Entertainment Industry, and lacking protections for the public, breaking the law is not the proper way to right these wrongs. Redress is achieved through discourse, voting, expressing yourself intelligently to elected representatives and supporting organizations that champion your beliefs.

The Conservatory of Recording Arts and Sciences trains future audio industry professionals. These, of all people, should obey the laws that govern our industry. We’re hoping that your ethics would guide you to do this, but another way to look at it is this: If illegal downloading keeps escalating, it could collapse the very industry you are counting on to provide your future career. We should avoid illegal downloading, and we should influence others to do the same.

As professionals, we should practice the highest standards of lawful conduct.

For more information on copyright law and penalties, please refer to these websites:
www.riaa.org   |   www.copyright.gov

The CRAS Emergency Response and Evacuation Plan identifies emergencies by the following classification.

Level 1 - Minor incidents in which CRAS Personnel assess the situation and determine that there is no hazard to persons or property. Examples of such incidents may include minor injuries that do not require medical care, short power outages, minor equipment or facility problems.

Level 2 - An incident that could pose a minimal hazard to person or property. Examples of such incidents may include fire alarms, longer power outages, loss of HVAC during extreme weather.

Level 3 - Any incident that poses a potential widespread impact to public safety. Examples of such incidents may include major fire, structural damage to the occupied building, bomb threats, prolonged power outages.

Level 4 - Any incident or threat that poses significant danger to persons or property requiring assistance from one or more outside resources and/or authorities. Examples of such incidents may include explosions, structural collapse, natural disasters, hostile individuals, or any incident where the resolution is determined to be outside the ability of CRAS Security Personnel.

• All emergencies are initially responded to by CRAS Security Personnel. It is the responsibility of Security to determine the emergency level and proceeding actions. Once it has been determined that there is no immediate threat to safety, all level 1 and level 2 emergencies will be reported to the Director of Security. Any authorized security personnel that responds to a level 3 or level 4 emergency is responsible for notifying Police, EMS, or Fire Department (when applicable) followed by the Director of Security immediately.
  
  
• In the event of a significant emergency or dangerous situation, the Conservatory will initiate a school wide notification system. At the time of an emergency the appropriate school officials will notify students and faculty by sending a message over the alarm system intercom.
  
  
• Follow-up messages may be sent to students through CRAS’ online education site Cras Connect or via the internal Education server. These messages may be posted to all students, or to select groups situation dependent.

- Emergency notifications may include, but are not limited to:
a. “Fire” (accompanied by fire alarm)
b. “Evacuate Immediately”
c. “Lockdown” (shelter in place)

All Conservatory employees must be familiar with the following Emergency Procedures. The details of all of these procedures are found in the Employee Handbook.

• Know the evacuation route for each classroom you inhabit.
• Understand evacuation procedures as outlined in the employee handbook.
• Review the evacuation chart with each new class of students.
• Lead students to their designated assembly point and check that all students are accounted for.
• Understand all “Shelter in Place” procedures as outlined in the employee handbook.
• Direct any media questions to an Authorized Security Personnel.

• Director of Education
• Director of Projects
• Director of IT Dept
• Director of Financial Aid

• Campus Director
• Director of Projects
• Director of IT Dept
• Director of Digital Department

At CRAS each student is expected to be familiar with the emergency procedures outlined in this document. Students are urged to be alert and aware of their surroundings at all times. On campus, students should:

• Know the evacuation chart for their classroom/studio each day. (Charts are clearly posted by the door of each room).
• Report any suspicious or questionable activity to an Instructor or Security Personnel immediately. Such activity may include (but is not limited to):
- Unattended bags or backpacks.
- Unfamiliar persons on campus.
- Erratic or unnatural behavior by any person(s).
- Any discussion of activity that may be harmful to persons or property.
• In the event of an evacuation, do not re-enter the building until CRAS Security Personnel have advised that it is safe to do so.

When notified of an evacuation, students should:

• Remain calm and proceed to your designated exit in an orderly fashion.
• Listen for any additional instructions from your Instructor.
• Once exited, move a safe distance away from the building and gather at your designated assembly point.
• Do not re-enter the building for any reason until CRAS Security Personnel have advised that it is safe to do so.

In some emergency situations, Faculty, Staff, and Students may be instructed to shelter in place. This decision will be made by CRAS Security Personnel when evacuation is considered to be unsafe. Examples of shelter in place situations may include, (but are not limited to):

• Severe weather (tornado warnings, monsoon warnings)
• Natural Disasters (earthquakes, floods)
• Unsecured threat (suspicious persons or paraphernalia on premises)