Section IV: COC Programs
3.4.11 The institution protects the security, confidentiality, and integrity of its student academic records and maintains special security measures to protect and back up data.
JUDGMENT OF COMPLIANCE
NARRATIVE/JUSTIFICATION FOR JUDGMENT OF COMPLIANCE
The University protects the security, confidentiality, and integrity of its student academic records and maintains special security measures to protect and back up data.
University academic records are maintained to serve two categories of students. Undergraduate and graduate student records are maintained in the Office of the University Registrar, while continuing education records are housed in the Office of Special Programs. Prior to Fall 1995, these records were also in the Office of the University Registrar.
The Office of the University Registrar is responsible for maintaining student records for both undergraduate and graduate students. The procedures used in the care of records are consistent with standards established by the American Association of Collegiate Registrars and Admissions Officers, the Texas Higher Education Coordinating Board (THECB), and The Texas A&M University System (TAMUS). Student records are either in hard copy or electronic format. All student transcripts prior to Fall 1995 are maintained in hard copy form; transcripts since Fall 1995 are maintained in a computerized database. The transcript inventory dates back to 1970, the founding date of the institution.
The integrity of academic records is ensured by a security system that restricts maintenance and update of sensitive data to authorized personnel. This system also provides a detailed audit log of grade change entries. Computerized records are protected by a comprehensive, password-driven security system and access to these records is granted on a need-to-know basis.
Job descriptions in various administrative and support units have been classified into access models designed to limit access to only the data necessary to that function. This classification has been approved by the four primary “data owners”, the University Registrar, the Director of Admissions, the Director of Financial Aid, and the Comptroller. As each employee is hired, a security statement is signed by the new employee and approved by the academic department chairperson or supervisor in order to access the Student Information System (SIS), where student academic records are stored.
Systematic backup procedures protect the records from system anomalies. Data are backed up on a regular basis including a nightly tape backup before nightly batch processing. The data center is a restricted-access location and backups are stored in a separate campus location..
Hard copy student permanent records are stored in a fireproof vault and access to the vault is restricted to authorized personnel. These records are being scanned into an electronic archival system that is stored on the shared drive for the Office of the University Registrar. Access is limited to two machines in the office. Backups are performed in the same manner as described above for SIS.
The University also has established policy governing the rights to privacy and confidentiality of student academic records based on the Family Educational Rights and Privacy Act (FERPA) regulations Catalog 2004-2005, Family Educational Rights and Privacy Act policy. This policy is described in the Faculty Handbook, Schedule of Classes, and the Student Handbook, as well as on the web page of the University Registrar, Student Records.
Continuing Education records prior to Fall 1995 are located in a secure vault in the Office of the University Registrar. Records for offerings from Fall 1995 to the present are located in a locked file cabinet in the Office of Special Programs.
In addition to campus wide records, student records may be kept by departments, schools or colleges as required for specific degree programs. For example, in the School of Nursing, advisory notes, student counseling reports, clinical evaluation tools, standardized test results and heath and CPR data are maintained in official files of students in secure facilities in the main office suite. Faculty also maintain records for their own courses. In order to facilitate student advisement, the faculty have access to the SIS after signing a security statement.