Athens State University (ASU) protects the security, confidentiality, and integrity of student records in a variety of ways. The Office of Admissions and Records, operating under the direction of the Office of the Vice President for Enrollment and Student Support Services, and in cooperation with the Information Technology Department (IT), is the Office primarily responsible for maintenance, security and integrity of student academic records.
The procedures used in the safekeeping and dissemination of student records are consistent with guidelines set forth by the Family Educational Right and Privacy Act (FERPA) and Alabama State Board of Education Policy 809.01. The Office of Admissions and Records also conforms with procedures to collect, dispose of, distribute, maintain, and preserve academic data set forth in Retention of Records: A Guide for Retention and Disposal of Student Records published by the American Association of Collegiate Registrars and Admissions Officers (AACRAO) and in the Records Disposition Guidelines published by the Alabama Community College System (ACCS, formerly the Alabama College System).
In addition to complying with external regulations and guidelines, internal University policies specify procedures for the handling of and dissemination of student records, as well as the physical storage and security of records. These policies include: The integrity of academic records is ensured by these policies and procedures that restrict the access, maintenance and update of academic records, whether in print or electronic form, to individual students and authorized University personnel.
The IT Department provides a unique user identification logon (ID) and password for authorized University personnel for controlled access to the Banner system, local area network and other non-public resources. Employees of the University are authorized to access student records, whether in print or electronic form, only when they have a legitimate educational interest, in accordance with FERPA. The classification of a University employee determines the level of access and control assigned to the employee. Employee access to student records ends when employment ceases. Each student is issued a unique ID and password, and may access and update only their own records or information through the ASU Online interface. Network security, including firewall technology, has been implemented to protect administrative servers and departmental and public workstations that contain confidential records from unauthorized access through the Web.
Students may request the release of academic records by submitting a signed transcript request form to the Records Office. In addition, students may request transcripts using the National Student Clearinghouse secure website. Students requesting transcripts directly from the Clearinghouse site are still required to complete a signed request form. However, students who make transcript requests using the Clearinghouse link with their ASU Online account are considered to have provided a digital signature approving the release of their records.
Print versions of student academic records are stored in locked filing cabinets in the Office of Admissions and Records. The Office of Admissions and Records is constantly staffed during regular business hours by at least one qualified staff member, and the Office is locked securely each night at the close of business. Campus security routinely patrols campus buildings, including the Office area, for safety and fire checks during each security shift.
Employees in the Office of Admissions and Records are in the process of electronically imaging inactive and active hard copy student transcripts due to a lack of office space for storage of academic records. Imaged files are backed up daily to a local hard drive on a dedicated server. The server is in turn backed up daily to media (tape) for off-site storage, and the records are also written to optical media (DVD) for onsite storage. Periodically, specific student files are transferred to microfilm and stored both on and off-site in safe and secure storage areas, such as safe deposit boxes.
In addition to the academic records maintained by the Office of Admissions and Records, other offices under Student Support Services may be required to maintain records related to the function of the office or service. Each Student Support office that maintains student records has at least one qualified staff member responsible for securing and releasing records. Each office also assures that casual access or viewing of confidential information by visitors is not permitted by the appropriate placement of desks, computers, filing systems and other equipment used when staff are working with students and accessing student records. Employees in the Office of Disability Services maintain confidential documentation pertaining to student disabilities in accordance with FERPA and the Americans with Disabilities Act. According to University policies and procedures as well as federal regulations, Disability Office staff are not permitted to provide details of a student’s disability unless a consent form is signed by the student. The Office of Student Financial Services maintains financial aid records in an electronic system protected by ID and password access. Access to information contained in a student’s financial aid record is limited to financial aid personnel and administrative personnel who have a legitimate educational interest in the record. Hard copy student fil
les are kept locked within the Office and access to these files is granted to authorized individuals as required by audit, program review, investigation, or other review when authorized by state or federal laws. Financial aid records are maintained, in general, for a minimum of three years as specified by Federal policies. At the expiration of the three year period, permission is requested to destroy records in accordance with State Board Policy 214.01.
The IT Department has developed policies and procedures detailing the process and schedule for backup of critical data and systems, and recovery of critical data and systems in the case of a catastrophic event. Differential backups are performed daily, and full backups are performed at least once per week.
New employees are notified about FERPA during new employee orientation sessions. Also, faculty, staff, students and the community are informed about the confidentiality of student information through the FERPA Annual Notification statement on the Athens State University website, the Student Planner and Handbook, and the University catalog. Staff and student workers in the Office of Admissions are informed as to the confidentiality and security of records, and FERPA training is provided periodically to employees in the offices in Student Support Services and to other personnel who are involved with the access, release, and security of student records.
|