The Family Educational Rights and Privacy Act of 1974 (FERPA) protects the privacy of student education records by giving parents or eligible students access to their child’s education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. OneLogin does not store education records, but does provide a platform used by educational institutions to restrict access to these types of records, which is considered “directory” information. Therefore, we maintain a comprehensive security and privacy program that supports FERPA’s objective and in addition, signed the Student Privacy Pledge as part of our commitment to the same.
What’s the primary purpose of this initiative?
Provide transparency on OneLogin’s commitment to support FERPA’s objective.
What’s the scope?
Verifying OneLogin’s commitment to maintaining Security and Privacy Programs that align with FERPA requirements and publicly committing to the same via the Student Privacy Pledge.
How often are you evaluated/audited?
The Security and Privacy Programs are evaluated as part of the periodic SOC 2 Type 2 Report Audits and ISO 27001:2013 certification. There is no formal evaluation as part of the Student Privacy Pledge.
Who performs the evaluation/audit?
Grant Thornton LLP performs the SOC 2 Type 2 audit and the Tuv Nord Group performs ISO 27001:2013 audit and the certification.
Who is the primary audience?
Customers and relevant third parties with a business need.
Where can I get a copy of the report/certificate?
Customers and relevant third parties can request the latest SOC 2 Type 2 report from their Account Executive, Business Development, or Customer Success contact. The current ISO 27001:2013 certificate can be accessed above. The list of companies that have signed the Student Privacy Pledge are listed here.