Cloud and/or Software-as-a-Service companies serving the Education market are required by their customers to comply with FERPA and various state laws protecting student generated data, and teacher/administrator data. These policies use internationally-recognized security standards from the Center for Internet Security (CIS) and other controls specified by NIST and ISO 27001. These policy templates are designed specifically for service providers who provide cloud or hosted information systems, or other similar services.

Eagle Consulting’s FERPA policy templates will save you thousands in consulting fees…

Use Eagle’s FERPA policy templates to create one manual which will position you to:

• Increase sales with the strong FERPA compliance demanded by school districts.
• Impress customers with your responses to their audits and increase customer retention.
• Avoid high expenses from data breaches.
• Reduce anxiety knowing your organization is compliant with FERPA and follows best practices.
• Protect your organization from costly and embarrassing data loss.
• Reduce the risk of a financially devastating ransomware attack.

Finally, there is an easy and affordable solution to the need for FERPA policies — comprehensive, customizable FERPA policy templates specifically for software-as-a-service companies who serve the United States education market. Eagle’s FERPA policy templates speed the process of FERPA compliance and help you increase security and avoid fines. Service providers subject to FERPA need policies regarding:

• the duty to report violations and security incidents,
• transparency regarding data practices,
• breach reporting, including special requirements for New York and Connecticut
• disaster recovery and emergency mode operation, among others.

All of these topics and more are covered in these policy templates!

Download Today to Start Updating Your Policies & Procedures for Compliance

The following policies are included:

FERPA POLICIES

Policies For All Staff

1000 Definitions
1000 Definitions for Privacy and Security Policies
1010 Confidentiality and Security – General Rules
1020 Need to Know
1030 Confidentiality Safeguards (Oral & Written)
1050 Computer Usage
1060 Computing Devices and Workstations – Company-owned and BYOD
1070 Employee/Contractor Work at Home
1080 Duty to Report Violations and Security Incidents

WORKFORCE ONBOARDING/OFFBOARDING AND HUMAN RESOURCE MANAGEMENT

1500 Employee/Contractor Recruiting and Termination
1510 FERPA Policy and Security Awareness Training
1520 Employee/Contractor and Product/Service Access Control
1530 Employee/Contractor Sanctions

Follow instructions to protect FERPA-regulated data. Eagle guarantees your satisfaction!

THIRD-PARTY MANAGEMENT AND COMPLIANCE

1700 Customer FERPA Privacy/Security Agreements and Vendor Management
1710 Breach Reporting
1720 Supporting Parents/Students with their FERPA Rights
1730 Use of ER in Product Demonstration and Sale of ER Prohibited
1740 Disclosures Required by Law
1750 Connecticut Student Data Privacy Law Compliance
1760 New York State Data Privacy and Security

SOFTWARE ENGINEERING AND CUSTOMER SUPPORT

2500 Technical Support Procedures
2505 Data Conversion and Customer Implementation
2510 Software Development Procedures
2520 Source Code Management
2530 Intellectual Property

SECURITY MANAGEMENT PROCESS AND SECURITY CONTROLS

2900 Security Official Appointment and FERPA Documentation
3000 Security Management Process
3005 Data Backup
3010 Disaster Recovery Plan
3015 Facility Security and Access Control
3020 Periodic Security Evaluation and/or Third-Party Audits
3025 Audit Control and Activity Review
3030 Malicious Software Protection
3033 Change Management
3050 Device and Media Disposal and Re-Use
3052 Encryption and Key Management
3054 User Account Management
3056 Privileged Account Management
3060 Technical Safeguards
3062 Technical Controls for Mobile Devices
3080 Data Retention and Legacy Systems
3090 Security Incident Response

Appendices

Appendix A – 3rd Party Confidentiality Agreement
Appendix B – Privacy Agreement for use with Customers
Appendix B1 – Privacy Agreement for Connecticut Schools/Districts
Appendix C – Facility Security and Access Plan
Appendix D – Need to Know Analysis
Appendix E – Miscellaneous
Appendix F – Disaster Recovery Plan
Appendix G – Security Official Job Description
FORMS
Employee/Contractor-Owned Mobile Device Agreement
Company-Owned Mobile Device Agreement
Acknowledgement of FERPA Policies

The policy templates are approximately 90 pages and delivered in Microsoft Word format. Policy templates are in Microsoft Word format for easy customization and hyperlink functionality makes for a reader-friendly experience. Perpetual license is granted to the user to use and modify the policies for a single organization. Policies may be used in hardcopy format, or electronically via your organization’s server. When used online, all staff have immediate access. References are included to allow quick access to the relevant Center for Internet Security controls, and/or various reference materials. The policies were updated in March 2021.