Administrative Services

Close up of Lewis, Clark & Nez Perce Chief Statues

Risk Management FAQ

What do I do when an employee is injured on campus?

An injury to an employee during work hours needs to be reported to 911 if necessary and to their supervisor and Human Resource Services within 24 hours of the occurrence.  These injuries are handled by workers compensation and filing a report with Risk Management is not necessary. 

 What do I do when a student or visitor is injured on campus?

Injuries to students or visitors need to be reported to Security X2226, the office of Risk Management X2240 and 911 if necessary.  Complete the Accident/Injury form  and forward it to Risk Management as soon as possible. An employee who has witnessed the accident or interviewed the injured party completes the form. The injured party does not receive a copy of the form. If the injured party inquires about filing a claim, and/or asks questions about payment of their related medical bills, direct their questions to Risk Management in ADM 106 or by phone (208) 792-2240.  

Whose insurance is primary when a state employee is driving their own vehicle on state business?

The employee's personal vehicle insurance is primary and must respond in the event of a covered claim involving property damage or personal injury to a third party. The state recommends employees advise their private automobile insurance carrier prior to using a personal vehicle for state business, particularly when using the personal vehicle on a regular basis to perform job duties. The mileage allowance reimbursed to an employee includes insurance as well as the other expenses related to the use of the vehicle. 

If an employee is injured or unable to work as a result of a job related automobile accident, Workers' Compensation benefits are typically the sole remedy. Any passengers who are not state employees, including students and are injured as a result of an employee driver's negligence should file a claim with the employee's private automobile insurance carrier. 

How do I obtain a certificate of insurance for my off campus events?

Email risk management one week before your event with the following information.  The name of the third party who has requested the certificate of insurance, their address, the name of the event, the date(s) of the event and the address where the event will take place and the number of participants.  If they request general liability insurance greater than $500,000 and/or additional insured, send a copy of the agreement as well. You will receive the certificate within three days of your request to forward to your contact person at the event location.  

What do I do in the event of a data breach?

The college formed a working group and created the data breach check list outlined below.

 Data Breach Check List 

1)  Notify one’s immediate supervisor.  The immediate supervisor and the person issuing the notice will coordinate communication with the appropriate vice president (units reporting directly to the president should include the Vice President for Finance and Administration in the notice),

2)  The Vice President will notify the President, the Director of Information Technology, the Office of Risk Management, the Executive Cabinet, and Director of Communications and Marketing.

The Director of Communications and Marketing begins formulating a public relations strategy (primarily a response/statement) in case the breach goes public and media members begin to inquire. This public relations work is to begin in step 2 and be further refined as more information becomes available from steps 3-5.

        A. The Registrar’s office notifies students within the Policy timeline.

        B.  Financial Aid reports a breach via email to cpssaig@ed.gov. The email should include info listed from i to   vi.  If email is unavailable call the Department’s security operations center (EDSOC) at 202-245-6550 to report this data. EDSOC operates 24 hours a day, seven days per week.

                                  i.     date of the breach (known or suspected),

                                  ii.    impact of the breach (number of records, number of students, etc.),

                                 iii.    method of the breach (hack, accidental disclosure, etc.),

                                 iv.    information security program point of contact (email address and phone                                                                                                 number are required),

                                  v.     remediation status (complete, in-process, etc. with detail), and

                                 vi.     next steps (as needed).

 3)  The Office of Risk Management will work with third-party partners, including other state agencies, cyber     insurance and breach coaches to coordinate the college’s response to the people whose data was compromised.  In cases of cyber-based data breaches, the Director of Information Technology will coordinate the development and distribution of an incident report in cooperation with the Office of Risk Management.

4)  Cyber insurance provided by the Idaho State Office of Risk Management will contract with a third party vendors to prepare and distribute notifications to the people whose data was compromised.

5)  The Office of Risk Management will advise the executive cabinet and impacted departments on additional steps they are required to take in response to the data breach.