Educause Security Discussion mailing list archives
Re: Vendor Wants Access To Institution Database
From: Barbara Torney <bt42 () COLUMBIA EDU>
Date: Tue, 22 Mar 2011 11:28:43 -0500
We use Apply Yourself for applications, and the data gets loaded into an intermediate location, then pushed into Banner. Same deal for Cashnet: when posting a payment to Banner, it bounces through our SSB server. Our Banner servers are not open to the internet; separate vlan. Regards, bat "Self, Dennis" <dlself () SAMFORD EDU> wrote:
Samford University operates one Banner system for all colleges, eight schools. Our law school operates an admissions product called ACES2. They offer a server that uploads admissions data into the Banner system with insert and write capability. Of course, this would also give access to read the data. The data includes demographics for all constituents of the institution, that is employees, students and alumni, past and present, as well as admissions and general student data. Further, this includes access to SSN data and test scores (FERPA implications). To date we have not allowed the access. We are struggling with the decision to allow an outside firm/server to have access to such a vast amount of institution data. I would like to hear if you have dealt with the decision to allow/disallow similar access and your rationale, please. Dennis Self Director, IT Security & Compliance Samford University 800 Lakeshore Drive Birmingham, AL 35229-2293 (205) 726-2692
Current thread:
- Vendor Wants Access To Institution Database Self, Dennis (Mar 22)
- <Possible follow-ups>
- Re: Vendor Wants Access To Institution Database Barbara Torney (Mar 22)