Georgia Southern University: SACS Accreditation Web Site

Standard Number 3.4.11: The institution protects the security, confidentiality, and integrity of its student academic records and maintains special security measures to protect and back up data.

Full Compliance

The Board of Regents mandates in its Board of Regents Policy Manual (§ 712) that all computer and computer related resources must be protected and tasks each institution with developing and implementing computer securities policies. In response, Georgia Southern University publishes the following policies relating to computing resources: the Computer Use Policy —developed as a complement to relevant laws and policies to define acceptable and unacceptable computer use practices, to promote an understanding of responsible usage of University computing resources, and to protect and conserve those computing resources; the Security Standards and Procedures —describes the shared responsibilities for maintaining the security and stability of computer resources at Georgia Southern University; and the Incident Response Procedures —describes the general procedures that must be followed in response to a security incident involving University resources.

Furthermore, Georgia Southern protects the security, confidentiality, and integrity of its student academic records by ensuring that faculty and staff are acquainted with the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA guidelines are published in several University publications, including the Faculty Handbook (§ 304, p.49), the 2004-2005 Undergraduate and Graduate Catalog (p. 19), and the 2004-2005 Student Guide (pp. 6-7). These guidelines are also available in the AACRAO Federal Register (Part 99). The Registrar's Office monitors compliance with FERPA. Anyone requesting access to the BANNER Student Information System must sign an authorization form acknowledging that they have read Georgia Southern University's policies on administration of FERPA before they can receive access. Under FERPA, Georgia Southern is required to notify its students annually of the types of records maintained and the University official responsible for such records. This is done by means of the 2004-2005 Student Guide . Information that is considered public or directory information can be released to those requesting such information, unless the student has specifically requested that information in this category be restricted. The Office of the Registrar restricts access to the records of students who request that directory information be restricted.

The University System of Georgia provides Records Management Guidelines that offer systematic control of all records and maintenance of records for an appropriate length of time as determined by the administrative, fiscal, and legal needs of the institution; by the laws, rules, and regulations of government; and as approved by the State Records Committee. The intent of the Records Retention Guidelines is to establish consistent record retention practices by member institutions of the University System of Georgia to ensure compliance with federal and state law and to meet requirements of external entities such as accrediting bodies.

In addition to complying with the above prescribed policies and procedures, Georgia Southern University has recently initiated a campus-wide project to move all student information systems away from using the Social Security number as the primary identifying key. The University has already achieved this in its management of faculty and staff records through implementation of the PeopleSoft software.