> What data security measures are in place at the Clearinghouse?
The Clearinghouse employs a comprehensive security plan to protect the data in our care. Our program provides multiple layers of protection to ensure the highest level of security.
System Management & Controls: Our organization takes many steps to ensure the security of all Clearinghouse systems, including comprehensive risk analyses, annual security assessments with third-party firms, and regular reviews of our information security plan. In addition, our online transaction services (aka DegreeVerify) are compliant with the Payment Card Industry Data Security Standards (PCI DSS) used by all major credit card issuers.
Operational Controls: We employ multiple levels of system security policies, procedures, and controls to secure Clearinghouse systems, including an annual audit conducted by an independent third party, operational procedures and internal controls. The Clearinghouse maintains strict onsite personnel and physical security and regularly conducts security awareness training and education.
Technical Controls: User identification and authentication controls are in place for all Clearinghouse systems. All Clearinghouse systems are protected by recommended industry best practices including firewalls, intrusion detection and prevention, anti-virus software, proxy servers, and so on. Cryptographic technologies are utilized to protect data maintained by the Clearinghouse. In addition, system-level audit trails are kept and frequently reviewed.
Information Security: Protective measures are in place to keep the information entrusted to us safe. This includes restricted access to our computer room, stringent password rules, secure file transfer, and protected Web access.
Disaster Recovery & Backup: The Clearinghouse has a formal business resumption plan, system recovery procedures in place, including backup/restore procedures. We conduct annual tests of our disaster recovery procedures and update as necessary.
> Does the Clearinghouse Comply with FERPA?
Clearinghouse services are designed to facilitate an institution’s compliance with the Family Educational Rights and Privacy Act, The Higher Education Act, and other applicable laws. We also respect the policies governing the release of student data to third parties of all participating institutions. To further protect privacy, we keep an audit trail of all verification requests and employ the latest encryption technologies.