Information Technology and Infomation Security Consultants

Call PCSS @: 720-990-7556 

Contact PCSS for NIST 800-171 Assessment & Compliance

FERPA

Family Educational Rights and Privacy Act Regulations (FERPA) is the United States federal law that protects the privacy of educational information and records for American citizens.  This is a privacy statute which focuses on the disclosure of student data.  It does not set a data security standard or specific technology standards that must be followed to protect unauthorized disclosure through the Internet, networks and computer systems.  This leaves the educational entity to determine what protections are generally accepted controls, and to balance the risk of unauthorized disclosure of student data with protection costs. 

Not only is a school subject to loosing federal funding if FERPA violations occur, they also risk losing regional accreditation.  Of course, there is also losing credibility and good will if an institution of learning receives negative press due to a release of records that goes viral. 

What can a school or institution of higher learning do to have reasonable assurance that they have protected electronic student records from unauthorized disclosure?  PCSS provides a service to help schools and institutions of higher learning limit liability associated with FERPA.  PCSS also helps provides reasonable assurance to students, facility, and the public that generally accepted IT security measures have been taken to protect student data. 

What can I expect when I ask PCSS for FERPA help?  PCSS will provide a free, no obligation consultation to determine where a school’s IT security program stands and will provide a broad analysis of where the program is and where it should be.  Depending upon this analysis, PCSS will recommend a FERPA IT Security program.  This could include:

  • Initial consultation where the Administrator and PCSS discuss the concerns, challenges, and problems that the school wants solved.  (No charge)
  • PCSS supplies a proposal that provides solutions specific for the school.  Solutions in IT security typically involve the following, but actual programs will be tailored to meet specific situations.                
    • Walk down of the school for IT Security physical evaluation.
    • Discussion with technical provider for details on systems and external connections.
    • Review of applications used to manage sensitive data, both localized and cloud.
    • Assessment of IT Security controls used by the school.
    • Technical evaluation to determine how secure systems are from external connections and to verify technical control compliance.  Technical controls can be challenging since most school environments must protect confidential information while providing a high-level of student connectivity.
    • Provide report explaining any risks (how secure the data needing protection is) and recommendations to improve data security.
    • Awareness training for school staff tailored as necessary to address discovered issues.
    • Security Program specific to school.
  • Upon acceptance of a proposal PCSS works with the school to conduct the security evaluation recognizing that education comes first and that every effort needs to be made to prevent any disruption.
  • Upon completion of the assessment PCSS meets with the school administration to explain the results and makes recommendations on a graded approach if improvements are needed. 
  • PCSS can provide ongoing security services as necessary to assist the school.


Contact PCSS or give us a call (720)990-7556 and let us provide assurance that your IT Security FERPA program meets generally accepted control requirements.

#div2{ background-image:url(http://s7.static.hootsuite.com/3-0-48/images/themes/classic/streams/message-gradient.png); height:180px; width:300px; border: 1px solid red; }