Compliance Audit Report Index
    

 


The institution protects the security, confidentiality, and integrity of its student records.

 

 
 


Southeastern is in compliance with Student Affairs and Services Comprehensive Standard 3.9.2.

 

 
 

All of the laws, policies and procedures relating to the security, confidentiality, and integrity of Southeastern's student academic records, as outlined in Comprehensive Standard 3.4.11, also apply to all other student records. As such, student records in support departments such as Campus Card Operations, the Controller's Office, the University Counseling Center, the Office of Financial Aid, the Office of Judicial Affairs, the Office of Records and Registration, the Student Health Center, the Office of Student Housing, the University Police Department, and the Office of Veterans' Affairs are impacted by these provisions.

Security of Student Paper Records
All student support paper records are maintained in secure environments in the various offices throughout campus, and are accessible only by authorized personnel. In some cases additional security measures have been instituted, given the depth and breadth of these records, as is the case in the Office of Financial Aid, Office of Admissions, the Controller's Office, and the Office of Records and Registration, where records are maintained in a secured, monitored vault. The Office of Human Resources utilizes an alarm and video camera system to help secure its records. Southeastern's Policies and Procedures Relating to the Family Educational Rights Privacy Act governs the release of student information by the University.

Security of Electronic Student Records
As described in Comprehensive Standard 3.4.11, Southeastern has several policies related to the security of electronic student records. Its Data and Computer Security and Access Policy ensures that personal and confidential information is protected and that only certain authorized employees have access to student data. The Intrusion Prevention/Response Guidelines and Procedures outline steps to be followed in an external attack on the University's computer system. The Technology Business Continuity Plan provides a contingency plan in the event of a major disruption to the computing system.

Given the unique interface of the Office of Veterans Affairs with its related federal agency, electronic records that are accessed by personnel in the Office of Veteran Affairs are stored off-campus at a collection site in Oklahoma by the Department of Veteran Affairs.

Confidentiality of Student Records
The University's commitment to confidentiality of student records is stated in its employee handbook (Part IV, Section E, Confidentiality Information) and is reinforced in Part VI, Section K, Policies and Procedures Relating to the Family Education Rights and Privacy Act. As well, effective 2003-2004, each employee is required to sign a Confidentiality Agreement that individualizes a commitment to maintaining the confidentiality of records and information. These policies are described in Comprehensive Standard 3.4.11.

Students who seek employment on campus must sign a similar confidentiality agreement at the Office of Financial Aid, as part of the University's Student Employment Data Form. In addition to this form, a number of student support offices require their student employees to sign departmental confidentiality statements or agreements (such as the Controller's Office, the University Counseling Center, the Office of Financial Aid, the Office of Human Resources, the Office of Judicial Affairs, the Office of Records and Registration, the Student Health Center, the Office of Student Housing, and the Office of Veteran Affairs). Many departments/offices also hold training sessions or meetings where the importance of confidentiality is explained to student personnel.

Although each Southeastern student is assigned a unique identification number that requires a password to access individual records (and staff have their own IDs and passwords so that alterations to records can be tracked and monitored), certain offices have developed additional features to maintain confidentiality of student records in accordance with accreditation standards. The University Counseling Center uses no names, social security numbers, or university assigned student numbers as identifying information. In these situations a file number is ascribed to each case.

Integrity of Student Records
As described in Comprehensive Standard 3.4.11, there are a limited number of personnel at Southeastern Louisiana University who have “write access” to student records. The extent of these privileges is determined by the employee's position.

Student support records, in some cases, exist in “stand alone” systems. In these situations, extreme care is taken to ensure that the information is not compromised. Where these systems exist (Office of Judicial Affairs, Campus Card Operations, Student Health Center), student records are accessible only with a password that is restricted to a limited number of individuals within the office. Southeastern's server backs up these departmental databases, which are created on the University's “M” drive.

Ongoing Efforts to Insure Record Security
The University has established a Privacy and Security Committee to review all issues related to privacy and confidentiality campus-wide, and to ensure compliance with FERPA, HIPAA, and the Gramm-Leach-Bliley (GLB) Act. An archival specialist has also been hired to develop uniform records retention and destruction policies. These actions are described in detail in Comprehensive Standard 3.4.11.


 
 
Document Location
Policies and Procedures Relating to the Family Educational Rights & Privacy Act http://www2.selu.edu/documents/policies/FERPA.pdf
Data and Computer Security and Access Policy http://www2.selu.edu/documents/policies/DataandComputerSecurity.pdf
Intrusion Prevention/ Response Guidelines and Procedures http://www2.selu.edu/documents/policies/intrusion_prev_response.pdf
Technology Business Continuity Plan http://www2.selu.edu/documents/policies/tech_bus_continuity_plan.pdf
Employee Handbooks, Part IV Section E. Confidentiality of Information http://www2.selu.edu/documents/policies/empl/p4_confidentiality.pdf
Employee Handbooks, Part VI Section K. Policies and Procedures Relating to the Family Educational Rights and Privacy Act http://www2.selu.edu/documents/policies/empl/p6_FERPA.pdf
University Confidentiality Agreement http://www2.selu.edu/documents/docs/confidentiality_agreement.pdf
PeopleSoft 8 Sign In https://psweb4.selu.edu/servlets/iclientservlet/saprd/signon.html

University Counseling Center

http://www2.selu.edu/StudentAffairs/UCC/
Office of Student Health Services Confidentiality Statement http://www2.selu.edu/HealthServ/confidentiality.html

 

Compliance Audit Report Index
    

Core Requirements

Comprehensive Standards:
Institutional Mission, Governance, and Effectiveness
Programs
Resources

Federal Requirements

Southeastern's SACS Reaffirmation of Accreditation Home

Southeastern Louisiana University Home

© 2004 Southeastern Louisiana University
All Rights Reserved
Unofficial and external sites are not endorsed by Southeastern Louisiana University


Questions or comments about this page should be directed to Hunter Alessi