3.9.2 The institution protects the security, confidentiality, and integrity of student records and maintains security measures to protect and back up data. (Student records)
Findings of the Off-Site Reaffirmation Committee
A review of the policies, procedures and practices related to protecting the security, confidentiality and integrity of student records confirms that UNO takes appropriate measures to secure both electronic and paper records. The PeopleSoft ERP system is the primary storage mechanism for student records, which is maintained in a secure, password protected environment. Only individuals whose position and function require that they have access to student records are given access. The Registrar’s Office has primary responsibility for academic records and approves requests for individual access to those records. All employees must receive training on FERPA and other privacy policies and protocols before they gain access to student records. Other offices noted to house some form of student data, such as Bursar’s Office, Student Accountability and Advocacy, Disability Services, Career Services, Student Health Services, Counseling Services, the Graduate School and Enrollment Services, take extra measures to secure both electronic and paper records in their areas as well. Appropriate records retention and disposition policies are also well documented.
While UNO’s efforts to secure student data is well-documented, the documentation does not address protocols and practices for backing up the data and planning for the recovery of data if a catastrophic event occurs.
Response and Actions Taken
As requested, information is provided on the protocols and practices for backing up data and planning for the recovery of data if a catastrophic event occurs.
Protocols, practices and schedules for data backup and recovery are found in the University Computing & Communication Emergency Procedures Manual.