SACS -- Online Compliance Certification

Standard 3.4.11: The Institution protects the security, confidentiality, and integrity of its student academic records and maintains special security measures to protect and back up data.

Judgment of Compliance
X	Compliance	Partial Compliance	Non-Compliance

NARRATIVE/JUSTIFICATION FOR JUDGMENT OF COMPLIANCE

All Southeast Community College transcripts from 1960-2000 are housed in the registrar’s Office in the Newman Building on the Cumberland campus. A paper copy of transcripts for those students who were enrolled from 1960-1985 are housed on the Cumberland campus, Godbey Building. A computer disc containing a copy of student transcripts who were enrolled from 1985-2000 is also housed on the Cumberland campus, Godbey Building. Cumberland Valley Technical College, Pineville campus, records up to the summer term of 2000 are housed in a fire proof room on the Pineville campus. The records for the Cumberland Valley Technical College, Harlan campus, are housed in fire proof filing cabinets on the Harlan campus. From the summer term of 2000 until the present a copy of all student transcripts is located on the KCTCS student information system, PeopleSoft.

The Registrar has been designated by the President as the security contact who is responsible for managing local user access to student records based on user responsibilities. Access to this system is controlled through security levels assigned in accordance with the needs of an employee’s position. Passwords must be changed every 90 days. Access to PeopleSoft student records is removed when the user’s employment ceases.

The servers for this system are located in a secure, off-site location managed by a third party professional database management service, Crestone Managed Services, Inc. of Atlanta, Georgia . Backups while the system is running are completed nightly, and each morning backup logs are checked and any errors are documented and resolved. A monthly backup, done when the system is offline, is completed as well. Random sampling of backup tapes are tested semi-annually to assure the tape media is good and the restore process works as documented. A disaster recovery plan has been established and documented that defines the roles, responsibilities, hardware, software, and timeframes needed to assure high availability and system redundancy. The disaster recovery procedure is tested annually, and the actual results are compared with the expected outcome based on the procedures. The procedures are updated as needed after the test results are analyzed. In addition, procedures are audited periodically by Deloitte & Touche.

Physical access to student records is protected through limited access to files and offices. Workers in these offices are required to sign a non-disclosure form and can be terminated for breach of confidentiality [1].

SKCTC is compliant with Federal Education Right to Privacy Act (FERPA) and protects the confidentiality of all student information and records as defined by law. This notice is published in the KCTCS catalog [2] and in the KCTCS Code of Student Conduct [3]. This information is also available on the Southeast homepage [4]. Training is provided to employees in student records offices upon hiring and to academic advisors with access to data through annual advising workshops.

As a state-supported postsecondary Institution, SKCTC must adhere to the requirements of data defined by the Council of Postsecondary Education (CPE) Comprehensive Database Guidelines [5].

All data reported to CPE is double checked by the Director of Admissions.

Supporting Documents		Links to Supporting Documents
Supporting Documents		You must be connected to the World Wide Web to access the following links. (Click on the link to access the document.)
1	Security Form for People Soft	http://www.secc.kctcs.edu/sacs/supportingdocuments/Security Form for PS.doc
2	KCTCS Catalog FERPA (p. 59)	http://www.kctcs.edu/catalog/index.cfm?action=display&cs_id=6&cc_id=70#cc
3	KCTCS Code of Student Conduct (p.4,5)	http://www.kctcs.edu/student/studentcodeofconduct.pdf#page=9
4	SKCTC Web Page FERPA	http://www.secc.kctcs.edu/StudentAffairs/ssar/privacy.php
5	Council on Postsecondary Education Comprehensive Database Guidelines	http://cpe.ky.gov/research/datacollections/
6	Administrative Policy 6.2 Educational Rights and Privacy Act	http://www.kctcs.edu/employee/policies/volumeII/volII6-2.pdf

Previous Page

Text Only/Printer Friendly Version

Next Standard

Untitled Document