The University of Memphis
SACS Home
 
Compliance Home
 
Educational Programs
all programs
 
    3.4.1
    3.4.2
    3.4.3
    3.4.4
    3.4.5
    3.4.6
    3.4.7
    3.4.8
    3.4.9
    3.4.10
    3.4.11
    3.4.12
    3.4.13
    3.4.14
 
undergraduate programs
    3.5.1
    3.5.2
 
graduate programs
    3.6.1
    3.6.2
    3.6.3
 
Faculty
    3.7.1
    3.7.2
    3.7.3
    3.7.4
    3.7.5
 
Library
    3.8.1
    3.8.2
    3.8.3
 
Student Affairs
    3.9.1
    3.9.2
    3.9.3

Compliance Certification Report
Comprehensive Standards 3.4.11


Last Updated August 24, 2004
(static edition)


Comprehensive Standards 3.4.11:

The institution protects the security, confidentiality, and integrity of its student academic records and maintains special security measures to protect and back up data.

The Institution Certifies Compliance: Yes

Compliance report completed by: Audit Team 22

Statement of Rationale for Judgment of Compliance:

Academic records of University of Memphis students are maintained by the Office of the Registrar in accordance with the guidelines established by the American Association of Collegiate Registrars and Admissions Officers (AACRAO). [1] All employees who have authorized access to student data receive appropriate training on the protection of educational data according to requirements of the Family Educational Rights and Privacy Act (FERPA). [2] Procedures for data access and security ensure the integrity of the data.

The academic records of the University of Memphis date back to 1912. The UofM maintains hard copy academic records from 1912 through Summer 1994. The academic records from 1912 through Summer 1988 are also stored on microfilm. The academic records from Fall 1987 through Summer 1994 are also stored as imaged records. The academic records from Fall 1994 through the present are maintained electronically in the university’s student system (currently SCT’s SIS Plus application). [3]

Secure access to and integrity of the records are controlled through various policies and procedures based on the location and format of the record as follows:

The hard copy records are housed in the UofM’s University Center behind locked doors with keys held by Office of the Registrar staff and the University Center’s custodians. Tennessee state law requires that the university store the hard copy record in perpetuity.

The original copy of the microfilm reels is stored off campus in a vault at National Security & Trust Company in Memphis, TN. No outsiders have access to the vault. To review the records stored there, an individual must be on a list of those approved for access. The individual must bring a picture ID and sign an “in-list.” The individual is then scanned for weapons. Once the individual passes these security measures, he or she is given access to a viewing room. Once there, National Security staff brings the requested materials. A nominal fee for each tape brought out of the storage facility is charged to the registrar’s office, so the office is aware of the recent access to materials.

On-site microfilm reels are stored in an interior room in the Office of the Registrar. The room is locked after hours and keys are held by the registrar’s staff and custodial staff. The outer door to the suite of offices is also locked and is wired to an alarm system which, if activated, notifies UofM Police Services.

The imaged academic records collection is stored in the Information Technology Division (ITD); access is granted only to enrollment services and academic affairs employees with a need-to-know authorization. Requests for this access require the signature of the employee’s supervisor, who must be authorized to sign for such access. The request also includes the university’s FERPA statement, which the employee must sign before access will be granted. The request is reviewed by the registrar’s imaging specialist and the assistant registrar for records. Upon their approval, the request is forwarded to ITD where password-protected access is granted. [4]

Access to the UofM’s on-line student system (currently SCT’s SIS Plus system) is based on the university’s data access policy [5] and the Office of the Registrar’s security procedures, which require appropriate administrative authorization for each user. [6]

Furthermore, to emphasize the importance of the confidentiality and integrity of student records, a security audit is conducted each June [7] and FERPA reminders are sent out to all on-line users of the student system each fall and spring term. In addition, periodic communiqués are sent to faculty and staff that grades and academic status are not directory information and must not be released.

As a further assurance of integrity of the records, SCT’s SIS Plus system provides audit trails of those posting grade change entries in the system and those setting or clearing transcript holds. The Office of the Registrar performs monthly grade-change audits on 10% of the grades changed. [8]

In addition to individual access granted to the student records system, each computer user at the university must be authenticated against a centralized directory service in order to access any controlled computer service. In order to maintain individual computer accounts, security, and ID management in a timely fashion, the university has implemented a self-service computer account maintenance site. [9]

Access to Web for Faculty, which provides faculty access to student records for inquiry and for posting grades, is controlled by the university’s FERPA tutorial, a web-based course on FERPA guidelines. [10] Each instructor must complete the tutorial in order to be granted a PIN to access Web for Faculty. Then, if the instructor’s social security number is in the system as official instructor of record for the class section and the PIN matches the instructor’s PIN on record, the instructor is granted access to Web for Faculty.

To emphasize the importance of the confidentiality and integrity of records accessible through the web, the Office of the Registrar also performs an audit of the student systems authorized instructor file. Any instructor who has not taught in three years is deleted from the system; any instructor who has not taught in three semesters has his or her PIN deleted from the system. [11]

Access to Web for Students, the student system for registration and inquiry, is controlled by the assignment of a student PIN. A PIN is systematically assigned by the student system when an applicant’s program is entered into the system. The applicant is then informed in an acknowledgement letter about the PIN. Each student is also instructed to change the PIN the first time Web for Students is accessed.

Hard copy transcripts are stored inside the office vault in locked steel cabinets. The vault area is locked automatically at the close of business each evening and requires a key to access it at other times. Keys to the steel cabinet housing the transcript paper are held by the assistant registrar—records and the records supervisor.

There are three fire extinguishers and five shredders in the Office of the Registrar.

The above security measures are consistent with the standards established by the American Association of Collegiate Registrars and Admissions Officers, [1] those set forth by the Tennessee Board of Regents, [12] those required by Tennessee Statute TCA 10-7-301, [13] and those required by the Family Educational Rights and Privacy Act [2] as it pertains to the academic record.

The SCT-IA Plus student system (SIS) runs in a redundant, clustered environment to ensure computer backup and disaster recovery, if necessary. Data and systems are distributed across redundant hardware such as servers, disks, and services.  Daily backups are performed and the backup tapes rotated to an off-site storage facility. In addition to on-site redundancy, all administrative systems (including SIS) are maintained at an off-campus “hot site” outside the city. This hot site is part of the university’s disaster and recovery plans.


Relevant Organizational Unit(s):

Registrar


Supporting Documentation and Evidence:

[1] AACRAO 2003 – Academic Record and Transcript Guide Publication of AACRAO
Return to narrative

[2] UofM Policy UM1248 Privacy of Education Records (Compliance with FERPA)
Return to narrative

[3] Academic Records Inventory
Return to narrative

[4] System Support Security Procedure, Add Operator Access
Return to narrative

[5] UofM Policy UM1337 Data Access
Return to narrative

[6] System Support Process for SIS (Online Student Information System)
Return to narrative

[7] System Support Security Procedure, Security Audit
Return to narrative

[8] Student Records Procedures, Grade Audit
Return to narrative

[9] UofM Computer Account Maintenance
Return to narrative

[10] FERPA Tutorial
Return to narrative

[11] System Support Procedures

Deletion of Faculty PIN

Delete, Update and Add Faculty Information

Return to narrative

[12] TBR Guideline G-070 Disposal of Records
Return to narrative

[13] Tennessee Statute TCA 10-7-301 Network Access Rights and Obligations
Return to narrative




About U of M | Academics | Administration | Admissions
Alumni | Athletics | Calendar & News | Corporate Connections | Employment Opportunities
Extended Programs | Libraries, Museums & the Arts | Research
Ways to Give | Technology at The U of M

Contact Us | Search | Home




Copyright © 2000 The University of Memphis. Site maintained by Web Services. Design by Aristotle ®