Policy 2318 – Security and Confidentiality of Student Records
Effective Date: 3/20/2015
Responsible Office: University Registrar
Reference: Family Educational Rights and Privacy Act (FERPA) of 1974 (34. C.F.R. 99)
It is the responsibility of each faculty, staff, and administrative member of Louisiana
Tech University to ensure the security and confidentiality of all student education
records entrusted by students to the University for safeguarding. While the federal
regulations provide general guidelines for the protection and use of education record
data, it is incumbent on those faculty, staff, and administrators that are granted
access to this information to actually protect it.
This policy outlines the process and procedures for the protection of student education
record information, establishes the faculty and staff responsibility for maintaining
confidentiality and physical protection of those records, and the process for determining
eligibility and granting access to student education records.
- Louisiana Tech University uses the SunGard SCT IA Plus 2000 Student Information System
(SIS). Installed during AY 1998-1999 on an IBM mainframe platform, it went fully operational
during the Fall Quarter 1999 (AY 1999-2000). Only the Plus SIS module is installed
and operational. There are data interfaces that have been programmed to interface
SIS with the Comptroller’s legacy accounting programs, Financial Aid’s “POWERFAIDS”
software, Undergraduate Admissions’ Hobson’s “Connect” software, Graduate Admissions’
Hobson’s “Apply Yourself” software (transitioning to AMP), and several other peripheral
commercial software packages that interface with SIS for student support (e.g. traffic/parking
permits and ticketing operations and campus wide ID (CWID) card production/maintenance.
There are separate databases maintained for specific (non-academic) functions such
as campus police investigations, judicial affairs, medical records, and counseling
center medical records). These are not linked to the SIS, but are supported by demographics
that may have originated from the SIS.
- Louisiana Tech University maintains a legacy system database of student academic records
on the same IBM mainframe platform that date back to the mid 1970’s when records were
first computerized. Access is limited to specific officials within the Offices of
Graduate and Undergraduate Admissions, Office of the Comptroller, Office of Student
Financial Aid, and the Office of the University Registrar (access control OPR).
- Access to the SIS software is based on legitimate educational need – also known as
legitimate educational interest. There are essentially two types of access to the
SunGard SCT IA Plus 2000 software – (1) YES, you are approved for access to specific
screens, or (2) NO, you are not approved to access the screens. If approved for access
the question then becomes whether or not the individual is approved for (I) inquiry
(look at the data) or (U) update (actually change the data). Most faculty and administrative
staff have inquiry access to limited groups of screens containing student information
needed to accomplish their specific duties and responsibilities as educators and/or
academic administrators. This access is highly dependent on the function of the person
- Inquiry access to screens containing SSNs, and PINs, is restricted to the Registrar’s
Office (SSN’s and PINs), and to select personnel within the Comptroller’s Office (SSN’s),
Financial Aid (SSN’s), Judicial Affairs (SSN’s), and Campus Police (SSN’s). There
are a limited number of Academic Administrators, primarily those associated with Grant
Administration, that have access to SSNs as required for federal and state reporting.
- All update access to screens containing mechanisms to load or change master academic
calendar configuration, registrations, grades, change drop/add actions, update transcripts
are held by select individuals within the Office of the Registrar and two SIS programmers
in the University Computing Center.
- Access to the Student Information System (SIS) is controlled through a multi-step
- Step 1: Access to mainframe. Department of assignment sends letter/e-mail to Computing
Center requesting access to the IBM mainframe, and access to programs resident on
- Step 2: Coordinate access approval of request. Computing Center coordinates approval
for access to the various program areas requested (e.g. SIS with University Registrar;
Accounts Receivable, Budget, Property with Information Systems, etc.).
- Step 3: Access to SIS. Registrar determines legitimate educational interest and need-to-know
based on department of assignment, duties and responsibilities, and any further justification
provided by the department to determine approval for access to the SIS. This establishes
yes or no to the access question.
- Step 4: Type of access to SIS. Registrar applies hierarchy of security templates programmed
into the SIS security program to establish level of access – which screens and what
type access to elements on each screen – inquiry or update. Very few personnel have
update access to any screens in SIS as this is restricted with respect to Registrar
- Step 5: Access loaded. Registrar, in conjunction with Computing Center loads template
codes authorizing access to the SIS program, and to the specific approved screens.
Computing Center notifies requesting department of action, USERID and initial Password
- Step 6: Registrar coordinates Faculty BOSS PIN (if required).
- Step 1: Access to mainframe. Department of assignment sends letter/e-mail to Computing
- University Registrar conducts SIS and FERPA training classes in the Center for Academic
and Professional Development for new faculty and staff as part of New Faculty Academy.
All faculty, staff, and administrators employed by Louisiana Tech University are required
to enroll in and complete UNIV 289a-084 at least once every two years to update all
Risk Management training. This course includes a FERPA module to refresh and update
enrollees on records use, protection, and privacy.
- University Registrar maintains a report that provides listing of Screen Operator ID
Numbers, and security template access codes (SRS05C). Two individuals, the University
Registrar and a specified Systems Programmer from the Computing Center, have access
to and authority to load, change, and terminate security template access to the SIS
- Personnel leaving employment at the University go through a reverse process that terminates
access. The Director of Human Resources notifies the Computing Center of employment
terminations. The Computing Center terminates access to the mainframe and loads a
screen denial security code template to the former employee’s account in the SIS program
to further deny access. This code can also be loaded by the University Registrar if
- Education Record information is initially keyed into the admissions management software
(Connect, or ApplyYourself/AMP). When an admission decision is rendered by the appropriate
admissions authority, the data is then electronically transferred to the student information
system from the admissions management software (Connect, or ApplyYourself). Verification
of the initial admissions data set (academics and demographics) is accomplished by
staff members within the Office of the University Registrar. This would include verification
of receipt of all official transcripts and loading of all data from official transcripts
(undergraduates only). The official education record for TECH (paper and electronic)
is established at that point.
- Academic updates result from the normal conduct of the academic calendar and enrollment
by the student. This would include registration, tuition/fee payment, drop/add actions,
resignation, grades, academic suspension/probation, and ultimately graduation. Data
update access is limited to those persons responsible for the collection, verification,
and reporting of the elements of information required to conduct the various processes.
Data integrity, validity, and security are central to employee responsibility.
- Demographic updates are the responsibility of the student to initiate notification
of change (or enact online where applicable and allowable), and the staff office responsible
for the update of the information in the student information system.
- Hardware and software maintenance is the responsibility of the University Computing
Center. The University Registrar and specific programmers in the University Computing
Center are responsible for internal table maintenance and updates.
- Should there be an inadvertent release of student Personally Identifiable Information
(PII) such as SSN, the University will take appropriate and immediate steps to notify
students/alumni involved whose records may have been breached and begin arrangements
for credit report support to the affected cohort.