(301) 760-7604

Ferpa Compliance

Privacy Assessments for Education

Ideal for


Mandatory Regulations

The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. FERPA covers the release of a broad list of information about students, including grades, behavior, test scores, disciplinary action, etc. — and also how mandatory testing data are transferred to federal agencies and colleges. Regular FERPA Assessments are critical to ensure compliance with these established statutes.

Blurred Lines

Although protecting our childrens’ privacy is undeniably important, the lines that FERPA draws are not always 100% clear. There have been many instances related to the misapplication of FERPA, to conceal public records that are not “educational” in nature. And although FERPA violations do not expose an institution to private litigation, violations can and have damaged an institution’s reputation, and repeated violations can also lead to a catastrophic and debilitating loss in government funding.

Expert Guidance

Aerstone’s deep cybersecurity experience can help your institution protect itself against violations with our FERPA Assessments. Our services in this space are comprehensive, and include:

  • Helping prepare mandatory annual privacy notices to students
  • Structuring the implementation of an approved signed consent system
  • Training faculty and staff on FERPA compliance
  • Investigating compliance from potential third-party data consumers
  • Conducting a security audit of current information systems, to ensure data protection

Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.

We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with security professionals across the military, intelligence community, civilian government, and private industry.

More Products

PCI Compliance

PCI Qualified Security Assessments for payment card acceptance


CMMC Readiness Assessments for DoD Contractor Companies

Red Flag Rules

Compliance With FTC Identity Theft Legislation

Connect with Aerstone’s cybersecurity experts today.

Let us know what you’re interested in and we’ll get back to you within 24 hours.