Re: Vendor Wants Access To Institution Database

[Barbara Torney <bt42 () COLUMBIA EDU>]

We use Apply Yourself for applications, and the data gets loaded into an intermediate location, then pushed into 
Banner.  Same deal for Cashnet: when posting a payment to Banner, it bounces through our SSB server.  Our Banner 
servers are not open to the internet; separate vlan.  Regards, bat

"Self, Dennis" <dlself () SAMFORD EDU> wrote:

> Samford University operates one Banner system for all colleges, eight schools.  Our law school operates an admissions 
> product called ACES2.  They offer a server that uploads admissions data into the Banner system with insert and write 
> capability.  Of course, this would also give access to read the data.  The data includes demographics for all 
> constituents of the institution, that is employees, students and alumni, past and present, as well as admissions and 
> general student data.  Further, this includes access to SSN data and test scores (FERPA implications).  To date we 
> have not allowed the access.
>
> We are struggling with the decision to allow an outside firm/server to have access to such a vast amount of 
> institution data.  I would like to hear if you have dealt with the decision to allow/disallow similar access and your 
> rationale, please.
>
> Dennis Self
> Director, IT Security & Compliance
> Samford University
> 800 Lakeshore Drive
> Birmingham, AL 35229-2293
> (205) 726-2692