About Virginia Western :: College Policies
- About VWCC
- Administrative Offices
- Maps & Directions
- Faculty & Staff Directory
- Leadership & Governance
- Legal & Policies
- Emergency Preparedness
- Strategic Plan - Success 2021
- Event Facilities
- Off-Campus Facilities
- Educational Foundation
- Institutional Effectiveness
- Marketing & Communications
- Career & Corporate Training
- Employment Opportunities
- Mission & Vision
- Diversity & Inclusion
I-13: Protection of Student Records
Policy Number: I-13
Last Reviewed: April 30, 2018
Responsible Dept.: Dean of Student Services/Registrar
A signed copy of this policy is available in the President's Office.
Virginia Western Community College (VWCC) protects the security, confidentiality and integrity of student records and maintains security measures to protect and back-up data. VWCC ensures the confidentiality, accuracy and protection of student educational records by following the requirements of Family Education Rights and Privacy Act of 1974 and the Virginia Community College System Policy (Section 6.2.7). In addition, VWCC adheres to the Commonwealth of Virginia Information Technology Standard ISO27002 which ensures the security and confidentiality of all information.
VWCC has access to electronic student records and stores physical student information records. Electronic records are maintained within the Virginia Community College System's (VCCS) centrally housed PeopleSoft Student Information System (SIS). The information is protected in accordance with the requirements outlined in ISO27002. The VCCS maintains a "mirrored snap shot" of all SIS data at QTS in Richmond, VA which is then backed up to Equinix in Northern Virginia.
The Records Office maintains all student records in either physical or digital form. The Records Office maintains physical student records prior to spring 1973 in fire proof cabinets in a secured/gated room inside the Records Office located in Chapman Hall. The Records Office maintains some recent student records in physical files in the Records secure area. Beginning in 2017, the Records Office began migrating to secure digital document management. Only staff approved by the college registrar have access to the digital document management system.
During hours of operation, the Records Office is always staffed to ensure records security. Outside of operating hours, the Records Office and the secure area remain locked with access limited to approved staff members.
The student records contain such items as: application for admission, grade change forms, experiential credit forms, transcripts, transcript requests, plan changes, change of personal information, advanced standing credit, administrative withdrawals, etc. In accordance with the Commonwealth of Virginia Records Retention and Disposition Schedule in the Virginia Public Records Management Manual, hard copy data is maintained for three years after the student's last date of attendance; electronic data is not purged. Disposal of student records is handled through a third-party document disposal company to destroy physical student records safely and securely.
All college new hires are notified that FERPA training is required during their new hire orientation. An e-mail is sent to the college community every semester by the Registrar outlining FERPA requirements and how to identify blocks on release of information. In addition, all college employees are required to complete a "FERPA Fast Facts" course delivered as a component of the annual VWCC Security Awareness Education program. See information regarding FERPA and directory information on the college website at: http://www.virginiawestern.edu/records/righttoprivacy.php.
Administrators, academic advisors, faculty and classified staff who need to see student records to assist in the student's academic pursuits may have access to the records after the completion of a Security Access Request Form which requires the approval of the employee's supervisor and the VWCC student records data owner. If job responsibilities change or employment is terminated, either a change in access is completed or all access is deleted. All access is reviewed annually in compliance with ISO27002 to ensure access is required and necessary for each employee.
If a security breach occurred, VWCC would follow the Incident Response Plan which is part of VWCC's Information Security Program The nature and severity of the information security incident would be assessed, and the Incident Response Team would be informed of the potential breach of student information. An Incident Reporting Form would be completed and all procedures within Incident Response Plan would be followed.
To reiterate the need to maintain the integrity, confidentially and security of student records, the college website, student policies and Faculty Handbook address these issues and faculty and staff are expected to adhere to these standards and guidelines. Links to the various locations of this information in these publications are provided below.