FERPA Assessments

Privacy Assessments for Education

Mandatory Regulations

The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.  FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.  FERPA covers the release of a broad list of information about students, including grades, behavior, test scores, disciplinary action, etc. — and also how mandatory testing data are transferred to federal agencies and colleges. Regular FERPA Assessments are critical to ensure compliance with these established statutes.

Blurred Lines

Although protecting our childrens’ privacy is undeniably important, the lines that FERPA draws are not always 100% clear.  There have been many instances related to the misapplication of FERPA, to conceal public records that are not “educational” in nature.  And although FERPA violations do not expose an institution to private litigation, violations can and have damaged an institution’s reputation, and repeated violations can also lead to a catastrophic and debilitating loss in government funding.

Expert Guidance

Aerstone’s deep cybersecurity experience can help your institution protect itself against violations with our FERPA Assessments.  Our services in this space are comprehensive, and include:

  • Helping prepare mandatory annual privacy notices to students
  • Structuring the implementation of an approved signed consent system
  • Training faculty and staff on FERPA compliance
  • Investigating compliance from potential third-party data consumers
  • Conducting a security audit of current information systems, to ensure data protection

FERPA Assessments

Download Aerstone’s free whitepaper on education cybersecurity.

FERPA Assessment Whitepaper

Interested in a FERPA assessment? Contact us today!

Services By Type




Services By Environment



Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.
We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with
security professionals across the military, intelligence community, civilian government, and private industry.

Contact our sales team at sales@aerstone.com for more information.