The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. These records, regardless of how they are stored, include but are not limited to grades, transcripts, class lists, student course schedules, health records, student financial information, and student discipline files.
The Act applies to any public or private elementary, secondary, or post-secondary school and any state or local education agency that receives federal funds. It safeguards student rights to access educational records, that they be disclosed only with consent, to amend records and to file complaints for FERPA violations.
Compliance requires a security program with the right storage, authentication, and overall data management policies and procedures. Put simply, hosting and storage providers must be equipped to remain compliant. FERPA does not require specific security controls, but rather the use of “reasonable methods” to safeguard student records. To help educational institutions take on this challenge, the U.S. Department of Education has published “Integrated Data Systems and Student Privacy”, which presents best practices.
Centraleyes delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the FERPA requirements. Centraleyes has mapped FERPA back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the Centraleyes platform organizations can gain full visibility to their cyber risk levels and compliance.