Protecting the Privacy and Security of Student Records

The Family Educational Rights and Privacy Act (FERPA) is a federal law that offers parents particular rights when it comes to protecting the privacy of their children’s education records. This data can consist of report cards, transcripts, disciplinary records, contact information and class schedules. In order to protect the sensitive records of our children the FERPA law was implemented to create a standard level of data security and privacy when dealing with student data.

Throughout CCSI’s FERPA assessment we’ll focus on how to comply with the regulation and validate student records are being properly governed with the federal guidelines in place for security and privacy. During this assessment we’ll take the following approach to evaluate your level of preparedness to the FERPA guidelines.


Key Benefits

  • Preparation with your annual FERPA assessment
  • Define legitimate protection of student information privacy
  • Training for appropriate staff on how to handle student data
  • Security and risk review on your current student data posture

Purchase from Our OGS Contract

Visit our State Contract Page for more information

Our Approach


Policy & Procedure Creation and Review:
  • Student record amendment policies
  • Non-disclosure policy on student records
  • Student record release procedure
  • Record retention policy
  • Complaint filing and handling non-compliance
  • Training and awareness policy
  • Acceptable use policy
  • General data governance policy regarding student data


Training and Awareness:
  • Creation of a tailored plan of action for educating staff and faculty
  • Creation of “sign off” documentation for responsibility
  • What data is defined sensitive under FERPA guidelines
  • Ongoing procedure to have annual and new hires trained


Data Security and Privacy of Student Records:
  • Audit trails of data access to student records
  • Risk review of the systems and data protections controls in place
  • Review or create inventory of assets in the network
  • Authentication and access control review on systems housing FERPA data
  • Secured configurations of systems (Firewalls, IPS, Systems)
  • Patching and vulnerability management process and procedures
  • Mobile device security audit
  • Cybersecurity monitoring capabilities to detect incidents threatening FERPA data
  • Incident handling procedures during an event


Physical Security:
  • Review IP surveillance of school facilities
  • Determine if data is secured physically (E.g door locks, card systems)
  • Proper sign off procedures to access secured locations

What Deliverables do I receive?

  • Trained Personnel
  • Compliance and Filing Assistance
  • Creation and Review of Policy and Procedures
  • Risk Assessment Report Based Off the Control Objectives for FERPA

To find out more, contact us today.