|
Big Sandy Community and Technical College (BSCTC) maintains the security, confidentiality and integrity of student
records consistent with the guidelines set forth in the Kentucky Community and Technical College System (KCTCS)
Administrative Policies and Procedures, Section 6.2,
Educational Rights and Privacy Act [1]
and with the Kentucky
Council on Postsecondary Education (CPE)
Comprehensive Database Guidelines [2].
As noted in Article 1.4.1 of the
KCTCS Code of Student Conduct [3],
"...records maintained by the college are available only to the student,
to college personnel with legitimate educational interests, to other institutions where the student is seeking
financial aid, and to authorized representatives of the Comptroller General of the U.S., the Secretary of
HEW, or an administrative head of an education agency, in connection with an audit or evaluation of federally
supported programs, and as provided by Section 164.283 of the Kentucky Revised Statute"
[4].
The electronic information system used to provide controlled access to student records, PeopleSoft, is secure and
complies with Business Procedure 1.5 described in the online
KCTCS Business Procedures Manual [5].
As noted in Section 1.5.3.B [6] of this Manual,
"The PeopleSoft database has a value-based user identification security feature that allows a user's access
to be limited to only those functions that are necessary to perform a job for which access is required." The employee's
job classification determines the level of security. Passwords are changed every ninety (90) days. An employee's
access to PeopleSoft student records ends when employment ceases. Students may access their PeopleSoft records at any
time, and their passwords must also be changed every ninety (90) days.
Servers for the PeopleSoft system are located in a secure off-site location managed by a third party professional database
management service, Cedar Crestone Managed Services, Inc. Back-ups are completed nightly; each morning back-up logs are
checked and any errors are documented and resolved. In addition, monthly back-ups are conducted when the system is
offline. Random samplings of back-up tapes are tested semi-annually to ensure tape media is good and the restore
process works as documented. A disaster recovery plan has been established and documented, in the Crestone Report
on Controls in
Operation and Test of Operating Effectiveness[7],
that defines the roles, responsibilities, hardware, software, and time frames needed to ensure high availability and
system redundancy. The disaster recovery procedure is tested at least annually, and actual results are compared with
the expected outcome based on the procedures. Procedures are updated as needed after test results are analyzed.
Procedures are audited periodically. The most recent audit covering January 21, 2006 through August 31, 2006, is
provided as evidence of compliance that special security measures are in place to protect and back up data.
The security of student records is the responsibility of the registrar at BSCTC. Non-electronic records are secured in
locked, fireproof filing cabinets in locked rooms in the Admissions area of the Prestonsburg, Pikeville, and Mayo campuses.
Physical access to student records maintained on BSCTC campuses is granted to members of the student affairs unit.
BSCTC is compliant with the
Federal Education Right to Privacy Act (FERPA) [8]
in protecting the confidentiality of student information and records as defined by law.
During new student orientation, all students are provided copies of FERPA documentation.
Additionally, FERPA information is made available in the
BSCTC Student Handbook [9],
in both the BSCTC eCatalog (page 43) [10]
and in the KCTCS 2006-2007 catalog (pages 54-56) [11],
as well as on the BSCTC website [12].
|
Section Home
