Section IV: COC Programs
3.9.2 The institution protects the security, confidentiality, and integrity of its student records.
JUDGMENT OF COMPLIANCE
NARRATIVE/JUSTIFICATION FOR JUDGMENT OF COMPLIANCE
The University protects the security, confidentiality, and integrity of its student records. The Division of Student Affairs houses most of the departments that are responsible for these records, specifically, Admissions, Financial Aid, and the University Registrar. These departments comply with regulations of the Family Equal Rights and Protection Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) and the U.S. Department of Education Information for Financial Aid Professionals (IFAP).
Student affairs records for undergraduate and graduate students are stored in a closed and locked facility and unauthorized access is prohibited. Each office that maintains student records has a designated individual responsible for securing and releasing such records. Each office also has procedures to prohibit casual access to confidential information by visitors, utilizing strategic placement of desks, reception areas, workstations, photocopier, fax, and computer screens to guarantee secure handling of all records and data.
The Student Handbook states:
The security officer in the Office of Computer and Telecommunication Services (CTS) and the directors of the four key areas which deal with computerized educational records on campus work together to establish and review procedures to protect and give access to the Student Information System (SIS). These areas are Admissions, Bursar, Financial Aid, and University Registrar. All personnel given access to the Student Information System must sign an SIS Security Statement of Responsibility which is maintained in the files of the CTS security officer. Copies are maintained in the Office of the University Registrar. CTS conducts regular backups of the SIS data files to ensure the security and integrity of student records.
Individual offices that handle computerized student affairs records also have similar policies and procedures to safeguard the privacy and security of these records.
Admissions records for undergraduate and graduate prospects and applicants are maintained by the Office of Admissions. Information, maintained in both hard copy and electronic formats, is treated confidentially and is accessible to campus personnel on a need-to-know basis. Staff and student employees in the Office of Admissions are counseled in regard to confidentiality and security of records. Hard copy information is stored in a secure area of the office under the supervision of Admissions personnel. Electronic information is protected through the password and access-limiting procedures of the Student Information System.
The bursar, located in the University Business Office, maintains student financial records primarily through the use of Student Information System (SIS). Student financial records are kept secure in the Business Office vault or in locked file cabinets. Only Business Office staff are permitted access to these files.
Financial aid records are protected and maintained by the Office of Financial Aid. Only University staff with the need to use this information are permitted access to any financial data maintained in the SIS system. Access is limited primarily to financial aid and administrative personnel. Hard copy student files are kept locked within the financial aid office and no one except financial aid staff and auditors have access to these files.
When an applicant is admitted to the University, the admission record is transferred to the Office of the University Registrar. Hard copy information for applicants who are not admitted or do not enroll is periodically shredded; electronic information for similar situations is deleted from computer files. Each person who works in the Office of the University Registrar is asked to sign an employee confidentiality statement. These policies are reviewed annually through staff training sessions.
A defined procedure for disposal of any University student record is specified in The Texas A&M University System Records Retention Schedule. Records that are eligible to be destroyed as per the Retention Schedule are shredded in the individual office that houses the record.