ASPs and FERPA compliance

[Justin Sherenco <jsherenco () EMICH EDU>]

Hello all,
I'm a security analyst new to the academic world.  I've come across a
situation where someone in another department has signed on with a third
party ASP to host a student org application.  The issue that we have run
into is the provider wants to authenticate the users from our ldap server
using a secure ladp connection.  All fine except for FERPA considerations.
My research has lead me to believe it is acceptable to have a third party
Provider, but I'm not sure of the steps I need to take to make sure of FERPA
compliance.  I would appreciate any suggestions.

Regards,
Justin