Protection of Student Data
Students and their parents entrust universities with their personal information with the expectation that this information will be used by the universities to serve the needs of the students effectively and efficiently. The University of Texas at Arlington Office of Information Technology (OIT) appreciates the importance of protecting student personal information and is engaged in a number of initiatives in the area of data security. Student record data contained in our administrative databases is maintained strictly on UT Arlington-owned and operated computers, and experiences the same high degree of safeguarding as does all of our institutional data.
The Texas Department of Information Resources (DIR) developed Texas Administrative Code: Information Security Standards 1 TAC §202 on behalf of all state agencies. Additionally, The University of Texas System Information Resources Use & Security Policy serves as our ´Rule Book´ for IT Security matters. These are the guidelines that UT Arlington uses to protect the integrity, security, and confidentiality of data and/or information stored on University computing systems.
All security-related events impacting UT Arlington´s mission-critical Servers are logged, and Operating System privileges are carefully administered and granted to as few people as necessary to support the system. The OIT Enterprise Operations & Systems staff is authorized to manage the implementation of Identification Controls, Authentication Controls, Access Controls, and Secure Configurations and Authorized Services (e.g., Web, Email). UT Arlington´s current student information system offers layered security through a combination of in-house and vendor applications with access restrictions based strictly on business/academic need. Only authorized users will have access to sensitive data in the MyMav system, based on their assigned role. Also, the new MyMav system will run on Oracle´s Relational Database, which provides industry-leading security including row-level security, fine grained auditing, and transparent data encryption. User IDs, passwords and access restrictions will only be assigned to appropriate individuals who need to access MyMav student data.
All passwords granting access to UT Arlington´s administrative systems, including MyMav, are required to be changed every 90 days. The University´s FERPA Policy established training requirements for anyone who accesses student records, and the University provides training on FERPA for those individuals. All NetID users are prompted to be change their password every 180 days. Users are required to answer security questions selected during the setup of their NetID account. A password is sent to the email address on record and contains a coded message known only by the user. To fully utilize the Self Service feature of your UT Arlington NetID, users must answer five identifying questions before resetting their password. Back to Top
Administrative databases containing student records are backed up nightly by OIT and backup tapes are rotated off-site for disaster recovery purposes. Other backups may include incremental backups that run daily or weekly during the late evening, or early morning. Full backups are scheduled to run weekly on one of the seven days, based on business requirements. Backups are retained for several days to ensure adequate protection in an event of a disaster or loss of data. Back to Top