You bring up good points. This course did not touch on other areas of compliance such as PCI required for protection of credit card information. There is increased scrutiny in this area as well, given focus on identify theft matters which have become more prevalent.
I think the information security area is a major component in developing a compliant culture. Information security is an issue both administratively and in the classroom. IT is in a unique position to impact culture on many levels. Adding to its importance is the idea that many of the issues with information security are things that can be easily overlooked. For instance, how does the person used to working with paper files assess the security of the digital copies kept on hand? Or, how many instructors are aware of the licenses available in their classroom?
Nick- you bring up some great questions on electronic data storage and licensing limitations. These areas can be easily overlooked without a formal process to include such considerations in an overall security plan.
Organizations that develop a culture of compliance should readily realize the benefits of having such a strategic plan in place. Some of the benefits that should be easy to recognize are reductions in inefficiencies, as
well as the ability to leverage controls that may have been implemented from other regulatory programs.
Like any craftsperson, right tool for the task is critical to being successful. Human Resources is not 'luck', its a science. You have to recruit the right personnel that not only fit into your team environment, but that want to help propel the organization into the next level.
Magdali,
Another great point! The "people" part of a college is critical to its success!
Correct, un understanding and collaboration of the team can create a better workflow and efficiency increases.
Striving to meet 100% compliance during day to day operations demands that all employees understand their responsibility concerning information security. Information security involves every employee from admissions to faculty. We maintain compliant culture by informing and training every employee and communicating the correct expectations to the student body. Part of this compliant culture includes an audit process to ensure that the business function is maintaining compliance.
Timothy,
I completely agree - employees understanding of these critical matters helps to achieve the compliant culture needed. Auditing is the method to "inspect what you expect".
Traci Lee
All three are critical business functions in creating a compliant culture. They go hand in hand with each other within an organization. A compliant culture needs to start from the top, CEO/Board of Trustee’s; if it starts there it can trickle down from department to department, manager to manager, co-worker to co-worker.
Human Resources can establish the vision of the organization’s compliant culture with new employee training. Giving the new employee the compliant expectations up front should outline for the new employee the organizations commitment to staff and consumers. Requiring annual compliance training in area’s such as FERPA would also establish the organization’s culture of being compliant isn’t just a one-time thing.
I oversee Compliance for the entire university I work for and earlier this year, I created a new annual online FERPA course for all staff and faculty to complete. It has been wonderful to get additional questions from staff three months after the annual course completion on FERPA. Our staff really wants to make sure they are in compliance at all times for the sake of our students and the university.
I believe all three areas are equally relevant and of concern. However; I agree with most on information security. This continues to be a blessing yet a challange to maintain free of harzardous and malicious viruses. Many companies, in particular large ones spend millions of dollars to protect with antivirus softwares and firewalls this invaluable asset. More importantly, companies strive to protect customers data from hackers which continues to increasingly affect business conducted over the world wide web. As technology changes by the minute it also becomes necessary for business to stay on top and up to date with this ever changing phenomenon. Also, individuals need to be savvy and careful not to become a cyber victim by carefully reviewing and ensure they are entering a site that is secured. Many companies nowadays have verisign logos and captures that can help re-assure its customers safety and data encryption.
As a business function, information security is highly critical to creating a compliant culture primarily because its relevance that reaches from an individual level to a global standpoint to abide by the privacy regulations such as FERPA and GLB Act impacting treatment of students who are either enrolled or considering enrollment Literally each person within an organization has a responsibility to maintain data security, internally and externally. In an educational institution, involvement includes administration, faculty and students. In today's market most processing, large portions of record keeping and maintenance as well as many classes are completed via an electronic environment. IT departments must maintain layered security measures extending from students, to entry level positions, to top executives in an effort to prevent sensitive information from inadvertently falling into or being provided to the wrong individuals. To maintain compliance, each department must be aware of knowing what and with whom certain types of information or data may be shared without breaching security.
Has anyone had a mystery shopper for FERPA or information sharing compliance?
We have the same service, Aaron, and your absolutely correct in that it is not only convenient, it is secure. The protection of the personal data of our students is very important and we are held accountable for any process that includes this data.
Charles,
I'm glad to see schools ensuring data security as well as other, physical security measures on campus.
Traci Lee
Information security is crucial; Alots is passed on concerning student issues, information, social security numbers, identification & personal information, it it important we utilize this information for student success only, not discussing their issued with unauthorized personnel or private citizens. Confidentiality is a number one priority.
compliance issues with ferpa do sound a little open for interpretation. I am in agreement that a course on ferpa would be helpful.
lisa,
Thanks for your feedback. We are discussing the possibility of a FERPA course and your interest helps us prioritize choices in courses to offer.
Traci Lee
Information security is very important on campus. There is so much ppwk circulating between depts. Shred boxes should be conviently located and utilized. Also pickups should be frequent as they get full very quickly, this should not be an oversight on the part of the campus.
This can also be an issue on the academic side if tests are left on a copier, etc.
Linda,
Great examples of areas of risk that can be overlooked. Thanks for sharing.
Traci Lee
