Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Glossary of TermsRabbitMQ LogsHow to Remove All RabbitMQ and Erlang Artifacts from Previous Installations (v13-v13.5)Service Task Type 10Can a Spirion Agent be set to run as "low priority"?Tips: How can I monitor pagefile usage during a scan?Tips: What are the Best Practices to Optimize Memory Usage During Scans?Tips: How does Despeckle interact with other OCR settings like Deskew?Tips: How to find the Outlook Folder GUIDs to use?Tips: How do I handle permission issues with Folder GUID scanning?Tips: What are common errors when Folder GUID permissions are insufficient?Tips: How to automate retrieving Folder GUIDs for multiple usersWhat permissions are needed for service accounts scanning GUIDs?What are the risks of scanning Email (Exchange) Public Folders in large organizations?Can I scan both Cached and Online Exchange Stores simultaneously?Tips: What are best practices for scanning large (Exchange) mailboxes?Tips: What are the Best Ways to Handle Duplicate Results from Scans of (Email) Public Folders?What are common mistakes when configuring Global Ignore Lists?Tips: How does scanning Online Archives affect scan duration?How can I optimize scan policies for Online Archives?What does a report for health information look like?How do I customize data types in the health information report?How do I test my custom RegEx before deployment?How to Install and Set Up the PostgreSQL ClientWhat Common File Types are Supported?Test Data for Local Spirion ClientWhat Version is My Spirion Sensitive Data Platform?What is Residual Data and Why is it Important?
FERPA
How can I Customize Reports for Specific FERPA Data Types?Is There an Example FERPA Compliance Report Template?Which Reports Best Demonstrate FERPA compliance?FERPA in Spirion Sensitive Data Platform
CCPA
CMMC
HIPAA
Release Notes
Reporting API
Customer Support Articles

Is There an Example FERPA Compliance Report Template?

The template in this article is designed for a University Registrar or Privacy Officer to demonstrate that student PII is being monitored and secured.

A FERPA Compliance Report must bridge the gap between technical scan data and the institutional requirement to protect Education Records.

Report Title: Monthly Student Data Governance & FERPA Audit

  • Reporting Period: April 1, 2026 – April 30, 2026
  • Scope: All Campus Endpoints, Departmental File Shares, and Cloud Storage (O365/Google Drive)
  • Data Scope: FERPA_High_Risk_Group (Student IDs, SSNs, Grades, Financial Aid Info)

1. Executive Summary (The "State of the Campus")

  • Total Student Records Identified: 12,450
  • High-Risk Matches (Non-Directory Information): 3,200 (SSNs, GPAs, Financial Data)
  • Compliance Posture: 85% Reduction in student data residing on unauthorized workstations since last month.
  • Critical Alerts: 2 "Mass Exposure" events (files containing >500 student records) identified in the Athletics department.

2. Data Sprawl by Department (Accountability View)

This section uses Target Tags to show which departments are storing student data outside of the secure Student Information System (SIS).

Department

Total Matches

High-Risk Matches

Primary Location Type

Status

Admissions

4,500

1,200

Departmental Share

Remediated

Athletics

3,200

1,500

Faculty Laptops

Action Required

Financial Aid

1,200

400

OneDrive (Shared)

In Progress

General Faculty

3,550

100

Local Workstations

Monitoring

3. High-Risk Findings Detail (The "Audit Trail")

This section provides the specific evidence needed for the Registrar to initiate a cleanup request.

Target Name

Object Path

Data Type Found

Match Count

Action Taken

BIO-DEPT-LAPTOP-04

C:\Users\ProfSmith\Desktop\Grades_2025.xlsx

Student ID, GPA

450

Shredded

ATHLETICS-SHARE

\\Files\Athletics\Recruiting\Prospects.pdf

SSN, DOB

125

Quarantined

O365_OneDrive

User: J.Doe / Documents / Financial_Aid_App.pdf

Financial Info

1

Notified Owner

4. Remediation & Risk Reduction (Proving "Reasonable Security")

This section proves that the institution is not just finding data, but actively securing it.

  • Automated Actions: 1,200 files containing Student IDs were automatically Classified with a "FERPA-Protected" MIP Label.
  • Manual Cleanup: 450 files were Shredded by IT staff following departmental outreach.
  • Policy Enforcement: 15 Faculty members received automated email notifications regarding student data stored on unencrypted local drives.

How to Configure This Template in Spirion Sensitive Data Platform

To generate this report automatically, use the following Report Builder settings:

  1. Filters:
    • Data Type Group EQUALS FERPA_High_Risk_Group.
    • Target Tag: Department IS NOT EMPTY.
  3. Grouping:
    • Primary Group: Target Tag: Department.
    • Secondary Group: Remediation Status.
  5. Columns to Include:
    • Asset Name (to identify the machine).
    • Object Path (to identify the file).
    • Match Count (to show severity).
    • Match Evidence (ensure Agent-Side Redaction is ON).
  7. Scheduling:
    • Frequency: Monthly.
    • Format: PDF.
    • Recipients: Registrar, CISO, and Departmental Privacy Liaisons.

Tip: The "Legitimate Educational Interest" Filter

FERPA enables certain people to see student data if they have a "need to know."

  • You can customize this report to exclude known secure folders used by the Registrar's office.
  • This ensures your report only highlights unauthorized data sprawl, making it much more actionable for your leadership.


Was this article helpful?

Powered by Product Fruits