Section 3: Comprehensive Standards
3.4.11 Christopher Newport University protects the security, confidentiality, and integrity of its student academic records and maintains special security measures to protect and backup data.
Judgment of Compliance:
Compliance
Narrative/Justification for Judgment of Compliance:
Christopher Newport University is in compliance with this comprehensive standard. Christopher Newport University protects the confidentiality and integrity of its student academic records by complying with the Family Educational Rights and Privacy Act (FERPA). All employees and agents of the University must adhere to FERPA along with all related University policies. Those who access the student information system through an assigned domain account must acknowledge the policies regarding the use of the university's computing and communications systems. Those who directly access administrative data through the Banner system must sign the Request for Access and Confidentiality agreement. Successful completion of Banner navigation training that includes a component on FERPA and confidentiality is also required before full access is granted. Elements of FERPA and other University policies relevant to confidentiality are also included in this training. Access to student records via Banner is requested and authorized through the Request for Access and Confidentiality form. Access to student academic information is not authorized without the approval of the academic dean or associate provost and the University Registrar for adjunct faculty, the Provost and the University Registrar for full-time faculty, and the department head/chair and the University Registrar for staff. All electronic records are retained in accordance with the Commonwealth of Virginia Information Technology Security Standard and the Commonwealth of Virginia Use of Internet and Electronic Communications Systems. Additional information on confidentiality and privacy of student records is available through the Office of the Registrar.
Physical Security
Security measures in the CNU Data Center ensure the physical security of the academic records of all CNU students—past, present and future. Access keys to the Data Center are held by a limited number of authorized staff in Information Technology Services (ITS). Access by any other individual is permitted only when that individual is accompanied by an authorized staff member. All individuals gaining access in this manner are required to register in the Data Center log book.
Paper and microfilmed records are protected physically and retained according to Library of Virginia and American Association of Collegiate Registrars and Admissions Officers (AACRAO) standards (available in the Office of the Registrar). Student folders, grade sheets, and microfilmed records are retained in the Office of the Registrar or the student records vault for at least five years after the last term of enrollment and then destroyed according to Library of Virginia standards.
CNU's IT Services maintains a comprehensive, complete backup schedule document. Production data is backed up at least 5 days a week using a GFS tape rotation scheme, and every server is backed up in its entirety at least quarterly. Backup media are stored in a large fireproof safe outside of the Data Center. Weekly tapes are transported to an offsite fireproof safe.
Continuity of Operations Plans (COOP) are revised and tested on an annual basis. Administrative departments are involved with this process by redefining the requirements for their immediate area and verifying the success of the procedures.
The purpose of the plan is to recover information technology resources at the University after a disaster by using the CNU Emergency Operations Kit (EOK), in a building remote from the Data Center and supported by auxiliary power generation. The EOK focuses on basic communications services (networking, email, web server and file sharing) and contains the necessary software discs, configuration documentation and data to enable recovery of the infrastructure of business operations on either salvaged or purchased hardware (COOP Plan for Information Technology).
Support Documentation:
Office of the Registrar:
Annual FERPA Notification
Consent for the Release of Confidential Information
FERPA Information for Instructors
General Release of Information
Registrar’s Office Confidentiality Statement
Student Reference Request
Student Self-Service Access Form Adjunct Faculty
Student Self-Service Access Form Full Time Faculty
Information Technology Services:
COOP Plan for Information Technology
Information Technology Security Standard – Commonwealth of Virginia
Additional Live Web Resources:
Library of Virginia Records Management: http://www.lva.lib.va.us/whatwedo/records/
American Association of Collegiate Registrars and Admissions Officers: http://www.aacrao.org/