Steve, I think that is an excellent idea. Thanks for the tip.
I have not thought of using security paper previously, but it is a great idea. I wonder though since it is so easy to obtain what would prevent a student from purchasing their own security paper and creating their own documents.
Is there a special code that each institution uses to insure the document is valid?
Ous institute has adopted electronic imaging for information retention. While early in the process, it helps ensure against fire, theft, or simple loss. We are hopeful that this approach will aid in our internal audit function.
Greg - would you be willing to share some info on your electronic imaging system? I am curious to hear what systems are being used successfully in this industry.
When it comes to HR, all too often schools are not large enough to afford an individual that has the HR background. This is where I see a school owner make their biggest mistake. Some employees do not know the difference between salary exempt and nonexempt and I have been at schools where the HR personnel didn't know the difference either. FERPA and GLB are not easy reading documents, and it is extremely important to have someone on staff that can make sense of such information and ensure complaince.
Another excellent point, James. Exemption status continues to be a challenge and tends to be subject to interpretation of the "tests" used to make such determinations by position.
All regulations, including FERPA, GLB, and others (need I say Title IV???) are intense reading as you point out. Not only do they need to be reviewed but, policies and procedures must be designed to "operationalize" within the regulatory guidelines.
I wouldn't say falsified records but I have had a few students come in and say that they purchased their high school diploma online for a couple hundred dollars. We researched the organizations and determined that we would not accept the credential.
Our organization recently went to bins with a shredding company. They put these large containers that are locked (Director has a key) and they come out once a week and shred it on site (truck). They also provide us with a certificate verifying the shred every time they come out. It saves a lot of time.
It is very important to adhere to EEOC principles and guidelines as a basis for Human Resources regulation. This provides fariness in procceses that can have a direct affect on the company.
I think the information security is very important. Compliance is all about securing the data and following the rules and regulation.
Marketing is a very crucial area of compliance. When marketing our services they must be viable and real. The ads can not be misleading nor subjective.
agree that FERPA is a a topic that is extremely important.
In terms of information security, it is very critical to creating a compliant culture in an organization. It is imperative that organizations protect data because a breach would compromise the integrity of the records as well as the organization's reputation. To be out of compliance in this area could also leave the organization vulnerable and entrenched in litigious affairs.
Compliance in all business related functioning departments is critical to maintaining a compliant culture.
With respect to the marketing department, it is essential that all advertising publications are in compliance with a school's accrediting body. Your marketing department serves as the communication conduit of your educational message to the public. Failure to monitor the compliance of your organization's public voice undermines your mission to prepare indivuduals for todays workforce through training and education.
Although it is important maintain compliance through all businees functions of your organization, your marketing department is extremely important as it serves as your school's public voice.
I completely agree that marketing communications are critical since these messages are published externally to mass audiences and particularly subject to scrutiny.
I have experienced over and over at my school breaches of our security by complacent employees. We have fireproof lockable files but they leave them unlocked. They neglect to shread documents, and they violate privacy by talking to concerned parents. How can I get them to take this seriously?
Great question, Kathleen. I would love to see others respond with ideas and suggestions. While I prefer to manage by rewarding good behavior, I think that violations like this need to be treated with appropriate consequences. Such breaches should be disciplined accordingly. On the "encouraging good behavior" side, I would suggest making compliance as easy as possible. For example, if there is a common shredder that is not convenient, you may consider small, individual shredders that can be at every desk beside a trash can. They are relatively inexpensive and far better than the consequences. For cabinet keys, keeping the key on a wrist band or lanyard may be a helpful way to encourage locking at all times. For the phone, providing a script on a polite way (scripted) to tell parents and others that for the privacy of the student, you cannot share the information. Those are a few thoughts - I encourage others to chime in.
As noted in the CM101 material, employee exemption status requires careful consideration. As the school grows, positions are added, responsibilities change, and reporting charts include a myriad of direct-report versus indirect-report lines ... the exemption status can become cloudy at best!
In these situations it is important to follow FLSA standards, but it may be necessary to involve a labor law attorney to review and advise on employee status, and to develop a written rationale for how the school has coded specific positions and individuals.
Excellent points, Alan. In this dynamic industry, changes occur frequently and as such could impact exemption status. Since labor law is a tricky area, it may require reliance on an external resource to ensure compliance.
I have also experienced the same breach that Kathleen made reference to. I have learned that a former registrar who was transferred to a different department was able to get the new registrar's password into the system while he was training her. Administrators need to think for a better way of training "new" employees about protecting information right from the begining, and have a better training system in place. Which new employee would suspect that he/she needs to protect her password from the person who is training him/her?
Another concern is when employees become friends and get comfortable with each other to the point that they share their passowrds possibly to cover for one another.
