SAIS Policy
September 18, 2007
Updated October 18, 2007
Updated October 23, 2007
Last Updated February 19, 2008
Contents
Introduction and Background
In 2002, a planning group was formed to investigate upgrade and replacement options for the Student Information System (SIS). Among SIS Planning Group charges was to ensure that the new (or modified) system would provide campus users with a flexible and "user friendly" system by which they could access data needed for planning, analysis, and student advising efforts. Access to SIS data was exclusively accomplished via a data extraction program (FOCUS) that required technical staff to write, format, and download requested reports.
In 2004, Computing and Communications developed "Version 1" of the Student Data Warehouse - a simple and efficient report-writing tool that enables end users to easily access SIS data, create customized reports, and send e-mail correspondence to current students. In 2005, Computing and Communications began work on "Version 2" of the Student Data Warehouse that expanded the number of data elements available to query and enabled users to run reports longitudinally. In late 2006, the Student Academic Information Systems Steering Committee was formed, chaired by Vice Chancellor Gretchen Bolar, to lead further development and deployment of student academic systems. The Student Data Warehouse was renamed the Student Data Query System (SDQS) and is part of an overall suite of tools that comprise the Student Academic Information Systems (SAIS). These new tools were developed to allow more campus users to obtain data in a flexible, efficient, and user-friendly way.
Back to topPrivacy and Confidentiality
Users of the Student Academic Information Systems should recall that University staff and faculty who interact and utilize student information have a responsibility to ensure the privacy and confidentiality of this information.
Federal Education Rights and Privacy Act (FERPA) - the disclosure of information from student records is governed by the federal Family Educational Rights and Privacy Act of 1974, as amended (FERPA), and is intended to protect the student's right to privacy. Many University employees have access to students' personal and academic records in order to do their work. However, access to this information should be limited only to the information University employees need to carry out a specific job duty or task related to the education of the student. The security of student records, whether physical documents or electronic data, is critical; the privacy of every student must be strictly maintained and respected at all times. Any information University employees access in this system is not to be released to third parties or individuals who are not authorized to access this information.
- UC Policies regarding Privacy and Access to Information
- Family Compliance Office - U.S. Department of Education
Gaining Access
There are six methods used to access data within the Student Academic Information Systems and access via these various methods is described below. Again, the security of student records, whether physical documents or electronic data, is critical; the privacy of every student must be strictly maintained and respected at all times. Any information University employees access in this system is not to be released to third parties or individuals who are not authorized to access this information.
Based on job descriptions and associated tasks, users should be engaged in activities (advising, reporting, etc.) that regularly require them to acquire lists of student information. Student employees should never be granted access to this system.
SDQS (Student Data and Query System)
Student Information Ad Hoc Web Query and Reporting Tool
This tool allows an individual to select and run pre-defined SDQS reports, specify certain limited query criteria, and execute queries returning output / reports containing a pre-determined set of data elements. The output from these queries can be exported to Excel or used to send e-mail to students. Individuals who should have access to SDQS are those who have the responsibility for advising students (i.e., they need to run a list of their advisees who are in academic difficulty) or reporting (i.e., they need to know how many students are enrolled for a particular major and create classes to meet the demand). Generally, this does not include financial administrative staff; however, in some departments, those individuals (e.g. financial analysts) may also have duties related to advising and reporting, in which case it would be permissible for them to have access.
EACS Implication:
Departmental SAAs will grant access to the SDQS. Please note that while EACS access will be granted by the SAA, approval will flow from the appropriate unit level manager / Director / CFAO etc. (these individuals may include college Student Affairs Managers, Deans, Assistant/Associate Vice Chancellors, etc.) EACS will be modified to capture who has granted this approval when the SAA grants SDQS access (a text box will be presented to the SAA who could, for example, copy and paste an e-mail from a Student Affairs Manager granting approval). Thus gaining access to the SDQS will be as follows:
- An individual user will obtain approval to access the system from an appropriate Assistant/Assocaite Vice Chancellor, Associate Dean, Control Unit CFAO, or Organizational (e.g. CNAS, CHASS) Student Affairs Manager (or equivalent).
- This approval will be communicated to the SAA (e.g. via e-mail).
- The SAA will grant access via EACS.
SAIS Oracle Engine
Providing access to the SAIS Oracle Engine puts SAIS at great risk and will not be granted to any person or organization outside of Computing and Communications.
Ad Hoc Data Dowloads
Central Office, College Needs, etc. Coordinated by the IRCG - various groups / individuals will make ad hoc data requests / downloads for analytical review and analysis. These requests will be referred to the Institutional Research Coordinating Group (IRCG) via Bob Daly (Assistant Vice Chancellor, Academic Planning and Budget).
If approved by the IRCG, the data will be provided to the user in one of several ways (e.g. download from the SDQS, extract from SIS, etc.). Importantly, the requested information will be provided via a data export (a flat file of information) and not via an interactive login, access to the SAIS engine, etc.
"System to System" Data Access
This allows an organization to obtain data by working with Computing and Communications to set up stored procedures that would retrieve data from the Oracle database for use in another system. This requires the organization requesting the access to submit a proposal for joint review and approval by Computing and Communications (Chuck Rowley and/or Mary Livaudais) and Student Affairs (Teri Eckman and Registrar). The proposal must include the following:
- The purpose and reason they need this type of access
- How the data they will retrieve will be used in their system
- Specific data elements to retrieve and the proposed schedule for receipt of the data
Other Requests for Student Data
The public (any non-UCR affiliated agency, company, or organization) should be directed to the VCSA Office's Data Request Web site to request data from the University.
- They have completed the on-line Accountability training.
- They have completed the on-line FERPA training.
- They have read and understand all FERPA, privacy, and confidentiality requirements.
- They have official job-related responsibilities to require access to this information as stated in their job description and/or certified by their supervisor.
- They will use it solely for purposes related to those job-related responsibilities as stated in their job description and/or certified by their supervisor.
Certifications and Training
All users of SAIS tools (SAAS, SDQS, or new systems) are required to certify to their eligibility to use the system before their first access, and annually thereafter. When initially logging into SAIS tools, and annually thereafter, users will be presented with the following five certifications, which they are required to acknowledge before they will be able to access the system:
- They have completed the on-line Accountability training.
- They have completed the on-line FERPA training.
- They have read and understand all FERPA, privacy, and confidentiality requirements.
- They have official job-related responsibilities to require access to this information as stated in their job description and/or certified by their supervisor.
- They will use it solely for purposes related to those job-related responsibilities as stated in their job description and/or certified by their supervisor.
Last Updated February 19, 2008