Student Information System - PowerPoint PPT Presentation

1 / 48
About This Presentation
Title:

Student Information System

Description:

Student Information System MSU's official source record of student information ... Financial Aid and fee payment. Support tables including MSU's ... – PowerPoint PPT presentation

Number of Views:274
Avg rating:3.0/5.0
Slides: 49
Provided by: monr
Category:

less

Transcript and Presenter's Notes

Title: Student Information System


1
Student Information System
  • SIS Basics Managing Sensitive Data

2
What is SIS?
  • Student Information System MSUs official
    source record of student information
  • Information on
  • People, e.g., prospects and students
  • Admissions
  • Academic History
  • Courses
  • Financial Aid and fee payment
  • Support tables including MSUs organization
    structure, majors, fees, and other codes
  • Online real-time transactional system

3
SIS Partners
  • Academic Units
  • Administrative Information Services
  • Client Advocacy Office
  • Controllers Office
  • Enrollment Services
  • Office of Admissions
  • Office of Financial Aid
  • Office of the Registrar
  • Office of Planning and Budgets

4
SIS Basics Course Outline
  • Managing Sensitive Data and SIS
  • Diana DAngelo, Assistant Director, Client
    Advocacy Office
  • SIS Basics Part A General Navigation
  • Rochele Cotter, Director, Client Advocacy Office
  • SIS Basics Part B Student Academic History
    Data Organization
  • Rochele Cotter, Director, Client Advocacy Office

5
Managing Sensitive Dataand SIS
  • Lesson I - Managing Sensitive Data at MSU
  • Lesson II Data Governance, Data Stewardship and
    Protecting the Privacy of Confidential Student
    Records

6
Managing Sensitive Data and SIS
  • Lesson I - Managing Sensitive Data at MSU

7
Data Management Initiatives at MSU
  • Managing Sensitive Data Initiative
  • Complying with regulations, contracts, policies,
    guidelines and procedures in protecting data and
    its appropriate use
  • Protecting individual privacy and reducing the
    potential for identity theft
  • Education and awareness
  • Data Stewardship and Data Governance
  • Privacy and Confidentiality Policy for
    Institutional Data
  • Access Principles, guidelines and procedures
  • Guidelines for managing research data

8
Data Management Initiatives at MSU (cont)
  • Payment Card Industry Data Security Standards
    (PCI DSS) compliance initiative
  • Social Security Number Privacy Policy
  • Statement of Acceptable Use

9
What Constitutes Institutional Data?
  • Any data/information the MSU workforce
  • Collects
  • Creates
  • Stores
  • Distributes
  • Uses
  • in the normal course of University business

10
Facets of Institutional Data
11
Data Stewardship Institutional Individual
Responsibility
  • We have a legal and ethical responsibility to
    protect the privacy and confidentiality of
    institutional data.
  • Legal Comply with federal state law,
    government and other regulations, MSU contracts,
    policies, guidelines and procedures
  • Ethical Meet responsibilities to students,
    employees, alumni, and affiliates (clients,
    patients, patrons, partners, public, etc.)

12
CIA in Data Management
  • Confidentiality vs. Availability
  • Confidentiality
  • Only authorized people access the data
  • Integrity
  • The data are accurate/trustworthy
  • Availability
  • Use the data effectively and efficiently while
    safeguarding confidentiality

13
Data Privacy and Security Guidelines
  • Data are made available on a need-to-know basis
  • Institutional data are only to be used in the
    context of University business
  • Members of the workforce understand that
  • They are in a position of trust
  • Each individual is responsible for appropriate
    use and release of data

14
Degrees of Data Sensitivity
  • Confidential
  • Protected by law, regulation, contract, policy,
    guideline
  • Sensitive
  • Not disclosed without good reason due to private
    nature, institutional risk
  • Protected by procedures, practice and high
    ethical standards
  • Public
  • Not protected and generally made publicly
    available

15
Degrees of Data Sensitivity (cont)
  • Public
  • Not protected, and generally made publicly
    available
  • Examples include
  • Directories (excluding restricted individuals
    and/or information)
  • Library card catalogs
  • Course catalogs
  • Institutional policies

16
Degrees of Data Sensitivity (cont)
  • Sensitive
  • Not disclosed without good reason due to private
    nature, institutional risk, or to maintain a
    competitive advantage
  • Protected by procedures and high ethical
    standards
  • May be subject to disclosure by specific written
    request under the Freedom of Information Act
  • Includes
  • Employment Data
  • Other data, such as certain maps and detailed
    institutional accounting and budget data

17
Degrees of Data Sensitivity (cont)
  • Confidential
  • Student Records
  • Protected by Family Educational Rights and
    Privacy Act (FERPA)
  • Protected by University policies and guidelines
  • Guidelines Governing Privacy and Release of
    Student Records
  • MSU Privacy Guidelines

18
Degrees of Data Sensitivity (cont)
  • Confidential (cont)
  • Personally Identifiable Financial Data
  • Protected by Gramm-Leach-Bliley Act (GLB)
  • Data used in identity theft
  • Examples name, address, date of birth, SSN,
    payment card numbers, bank and electronic funds
    transfer account numbers, and drivers license
    numbers
  • Health Records
  • Protected by Health Insurance Portability and
    Accountability Act (HIPPA)

19
Degrees of Data Sensitivity (cont.)
  • Confidential (cont)
  • Social Security Numbers
  • Protected by Michigan Social Security Number Act
    and University policy
  • Payment Card Data
  • Protected by contract, PCI DSS (Payment Card
    Industry Data Security Standards)
  • Research Data
  • Protected by federal regulations (45 CFR 46, 21
    CFR 50, 21 CFR 56) and MSUs Internal Review
    Boards (www.humanresearch.msu.edu)

20
We all have data stewardship roles to play in
managing sensitive data
21
We all have data stewardship roles to play in
managing sensitive data
and we need to share our ideas and concerns with
each other
22
Role and Responsibilities of Unit Security
Contacts/Administrators
  • Prior to granting access need to verify
  • Need-to-Know Access to the system is necessary
    in the performance of an individuals job
    responsibilities
  • It is helpful when the supervisor is consulted in
    making this determination
  • Individual understands policies, laws and
    contractual terms that govern access to, use and
    release of the data available in the system
  • Individual understands their position of trust
    and individual responsibility for handling, using
    and releasing the data appropriately

23
An Action Plan for Units and for Individuals
  • Step 1 Survey Your Data
  • Survey your own electronic and paper files for
    sensitive data and identify problem areas
  • Step 2 Assess Your Risk
  • Assess the risk involved with storing the data,
    the business need and how it is stored
  • Step 3 Mitigate Your Risk
  • Find ways to manage the risk and take appropriate
    action
  • System and personal workstation security -
    Anti-virus, security patches, firewall,
    anti-spyware

24
End of Managing Sensitive Data and SIS Lesson I -
Managing Sensitive Data at MSU
25
Managing Sensitive Data and SIS
  • Lesson II Data Governance, Data Stewardship and
    Protecting the Privacy of Confidential Student
    Records

26
Data Governance and SIS
  • Laws, Guidelines and Procedures for Protecting
    Student Privacy
  • Family Educational Rights and Privacy Act (FERPA)
  • MSU Guidelines Governing Privacy and Release of
    Student Records
  • Access procedures

27
What is FERPA?
  • The Family Educational Rights and Privacy Act,
    enacted in 1974, protects the privacy of student
    education records
  • Education records disclosed only with students
    permission or as allowed by law
  • Grants students certain rights concerning
    inspection and review of their educational
    records
  • Applies to all educational institutions that
    receive funding from the U.S. Department of
    Education
  • Non-compliance can result in the loss of federal
    funding

28
What are MSU Guidelines?
  • As a means of complying with FERPA, MSU has
    developed detailed Guidelines Governing Privacy
    and Release of Student Records
  • Protect students right to privacy
  • Provide reasonable guidelines for release or
    disclosure
  • Extend beyond FERPA in respecting the
    confidentiality and protecting the privacy of
    student records
  • Available on the Web at www.reg.msu.edu by
    clicking on Guidelines Governing Privacy and
    Release of Student Records

29
Confidential and Sensitive Data on Students
  • All student information is considered
    confidential and sensitive except that which MSU
    has defined as directory information
  • Examples of confidential student information
  • Grades
  • Enrollment records
  • Schedules
  • Class Lists
  • PID (personal identification number)
  • SSN
  • Student employment and payroll information
  • Directory information that the student has
    requested be restricted

30
Directory Information
  • FERPA identifies directory information,
  • Personally identifiable information that would
    not generally be considered harmful or an
    invasion of privacy if disclosed
  • May be disclosed to third parties without the
    students consent
  • Student may restrict disclosure of directory
    information

31
Directory Information (cont)
  • name of student,
  • the student's local address (if listed),
  • the student's local phone (if listed),
  • MSU NetID email address (if listed),
  • the student's permanent address (if listed),
  • the student's permanent telephone number (if
    listed),
  • current enrollment status or dates of attendance,
  • program level (undergrad, graduate,
    professional),
  • class (freshman, sophomore, junior, senior,
    etc.),
  • major,
  • current term candidacy for degree and/or teacher
    certification,
  • employment status as a graduate teaching or
    research assistant, office address and office
    phone number,
  • information pertaining to awards and honors,
  • degree(s) earned from MSU and effective date(s),
  • State of Michigan certification for teaching and
    effective date(s),
  • participation in officially recognized University
    activities and sports, including weight and
    height of athletic team members,
  • the registration documents of student
    organizations which contain the names and
    addresses of the officers and the statement of
    purpose of the organization.

32
Getting Access to SIS
  • Access authorization delegated to MAU for typical
    business needs through Access Request Memorandum
    and SIS bubble sheets http//aissecuritycontact.
    ais.msu.edu/arms
  • Security centrally administered by AIS
  • Training
  • Managing Sensitive Data in SIS
  • SIS Basics General Navigation Part A
  • SIS Basics Student Academic History and Data
    Organization Part B

33
Getting Access to SIS (cont)
  • Prior to approving access unit security contact,
    with assistance from individuals supervisor
    needed to determine and verify
  • Need-to-Know Access to SIS is necessary in the
    performance of the individuals job
    responsibilities
  • Individual understands policies, laws and
    contractual terms that govern access to, use and
    release of the data
  • Role in Data Stewardship - Individual understands
    their position of trust and individual
    responsibility for handling, using and releasing
    the data appropriately

34
Getting Access to SIS (cont)
  • Access granted based on job responsibilities
  • Whose records are needed?
  • All MSU students
  • By college
  • By department
  • By group, e.g., international students, athletes,
    persons with disabilities

35
Getting Access to SIS (cont)
  • Access granted based on job responsibilities
  • Which records are needed?
  • Academic, e.g., grades, courses, admissions
  • Non-academic, e.g., student receivables,
    financial aid
  • SIS Modules and Screens

36
Getting Access to SIS (cont)
  • Access granted based on job responsibilities
  • What action needs to be taken?
  • Inquiry
  • Permits a user to only view the information
    displayed on a screen
  • Most common type of access
  • Update
  • Permits a user to add, change or delete the
    information displayed on a screen
  • More limited number of employees require this
    access

37
Individuals Role in SIS Data Stewardship
  • Student educational records are confidential and
    may generally not be released without written
    consent of the student
  • Re-disclosure of student information ONLY with
    PRIOR verification that disclosure is to a
    university official with a legitimate educational
    interest and consistent with MSU Guidelines
    Governing Privacy and Release of Student Records

38
Individuals Role in Stewardship of SIS Data
  • Student information should only be kept as long
    as it is valid and useful otherwise destroy
    responsibly.
  • the Retention and Disposition of Student Academic
    Records Memorandum, dated August 16, 1991, and
    Guidelines Student Academic Records, Advisers
    and Deans Folders (www.reg.msu.edu/read/retention
    sched.pdf)
  • Managing Sensitive Data Web site at
    www.lct.msu.edu/security

39
When can Confidential Student Records be
Disclosed?
  • According to the section entitled Practice
    Governing Disclosure in MSU Guidelines Governing
    Privacy and Release of Student Records
  • Contact the Office of the Registrar, the Client
    Advocacy Office and/or the Office of the General
    Counsel for advice, clarification or direction
  • Contact the Office of Planning and Budgets for
    advice or direction in responding to external
    surveys and other requests for information

40
When can Confidential Student Records be
Disclosed? (cont)
  • To the individual student
  • To third parties
  • With prior written consent by the student
  • Without prior written consent
  • To school officials with a legitimate educational
    interest on a Need to Know basis
  • Limited other legal conditions and MSU
    operational conditions listed in the Guidelines
  • Service providers are required to have a contract
    with MSU and to sign a non-redisclosure statement

41
Some Dos and Donts for Faculty and Staff Who Use
SIS
  • DO
  • Use randomly assigned numbers or codes to display
    scores or grades
  • Keep any personal notes relating to individual
    students separate from educational records
  • Keep only those individual student records
    necessary for fulfillment of your job
    responsibilities.
  • Refer information requests to the proper
    educational record custodian RO, CAO, General
    Counsel, OPB

42
Some Dos and Donts for Faculty and Staff Who Use
SIS (cont)
  • DO NOT
  • Display personally identifiable student scores,
    grades, Social Security Numbers, or PIDs
    publicly
  • Put papers, projects, graded exams, or reports in
    publicly accessible places
  • Share student information, including grades or
    GPAs with other faculty or staff unless their
    responsibilities warrant a need-to-know
  • Discuss a students progress with anyone
    (including parents and spouses) without written
    consent of the student

43
Security Conscious Work Habits
  • Secure/lock up printed data
  • Use discretion when viewing sensitive data
  • Shred all reports with confidential data when no
    longer needed
  • Always sign off the system when leaving your work
    area
  • Never share your user id and password

44
When in Doubt
  • Err on the side of caution and do not release
    student educational information.
  • Contact the Office of the Registrar, the Client
    Advocacy Office or the Office of General Counsel
    for guidance
  • See Office of the Registrars Web site at
    www.reg.msu.edu

45
Summary
  • Whatever level of SIS access you have been
    granted, be certain to follow FERPA and MSUs
    Guidelines
  • Remember to be vigilant in your protection of a
    students educational records
  • In your daily work, evaluate if each use of
    confidential information is appropriate

46
Additional Resources
  • Tutorials and additional information on FERPA and
    MSU Guidelines Governing Privacy and Release of
    Student Records available at www.reg.msu.edu
  • What Every Student Should Know
  • What Every University Employee Should Know
  • Especially for Administrators, Security Contacts
    and Support Staff
  • FAQs
  • Records Retention
  • Guides, training, meetings, resources and
    additional information on managing sensitive data
    available at www.lct.msu.edu/security

47
Questions?
  • Client Advocacy Office
  • Phone 517-353-4856
  • Email CAO_at_msu.edu

48
End of Managing Sensitive Data and SIS Lesson II
Data Governance, Data Stewardship and
Protecting the Privacy of Confidential Student
Records
Write a Comment
User Comments (0)
About PowerShow.com