FERPA and PCI Security Compliance | Gilfus Education Group | Gilfus Education Group

Security and Compliance: Protect Learner Data and Stay Secure in a Technology World

Information technology professionals turn to the Gilfus Education Group for help with protecting their environments, their information, and their data. We know how to help you to stay safe and secure while meeting and exceeding industry security and compliance standards.

Enterprise Security Assessment

the Gilfus Education Group offers a full suite of assessments to evaluate the security practices, vulnerabilities, risks, regulatory compliance status, and overall security strategy of higher education institutions. Our assessments provide you with a comprehensive, objective review of the presence and effectiveness of your technical and programmatic security controls. We can work with you to provide several types of assessments to meet your security needs:

Risk and Vulnerability Assessment
Regulatory Compliance Analysis
Institutional Security Strategy
Identity Theft Assessment
Business Continuity Management

FERPA – Information Security

FERPA is the keystone federal privacy law for educational institutions. The U.S. Secretary of Education has established the Family Policy Compliance Office, which has the power to investigate and adjudicate FERPA violations and to terminate federal funding to any school that fails to substantially comply with the law. The Gilfus Education Team can assist with audits, validations, and certifications. (FERPA Primer – Learn More)

PCI Compliance and Transaction Security

PCI DSS compliance is required for all organizations, including higher educational institutions, hospitals, and retailers that store, process, or transmit cardholder data. The number of cardholder transactions performed annually determines the process necessary to obtain PCI DSS compliance. Do you know how many transactions your institution performed last year? Are you currently PCI DSS compliant? If not, call us. We can help.

Accessibility, ADA, 508 Compliance

Web sites which appear perfectly accessible to fully-abled people may be impossible for people with disabilities to access and navigate. Sites containing Flash content can be accessible and 508 compliant, only if special steps are taken to make this content compatible with screen readers. In order to support equal access to information, some states have even passed legislation making it illegal for education institutions to maintain websites which are not 508 compliant. Schools whose sites do not comply have been cut off from receiving state funding. When was the last comprehensive ADA review of your web properties?.