How do we Secure Student Records?

How does the University of the Southwest secure student information?

Our student information systems and other related databases store data in an encrypted state and all traffic containing sensitive student information is encrypted. All access via our web interfaces is delivered via HTTPS using TLS security certificates. All employee access is secured and similarly encrypted.

All access and permissions are assigned and maintained according to least necessary privileged access. Only those employees with a legitimate need in order to perform their duties can access any data and they can only access as much as they need to perform their tasks.

What does this mean where user access such as employees or third party contractors are concerned?

All Employees are trained on an ongoing basis in how to correctly process student records and what can or cannot be used in various contexts within the limitations of their position. Access to records unnecessary to their position is not provided.

Similarly, access to data by third parties such as contractors (consultants, trainer's or software deployment specialists from third party partners) is strictly managed and limited to only what is necessary to perform their contracted task. Only the minimum level of access is permitted to data and in most cases this will mean no access to sensitive records at all. Rather, most will have limited access to a specific software or hardware system granted to them for the duration of their task without the ability to access stored and encrypted information. Any such access is shut off as soon as the need for said access expires.