Tag: pci

Facebook as Student Portal? Some Considerations

Eric Stoller wrote about the idea of facebook as a student portal in his blog post “Is Facebook Mature Enough To Be a Portal Solution?” and it truly is an interesting proposition. Below is my response to the post outlining some considerations any institution might need to consider if they are to use facebook as their student portal.

It’s certainly an interesting proposition. Looking at it from someone who works with all departments in student affairs in implementing enterprise solutions like student info systems, medical records, advising systems, judicial affairs, etc – there are major factors to consider. I’m not suggesting at all that using facebook as student portal is impossible or a bad idea. I’m just not sure what the conditions would be for an institution to start using facebook as its student portal.
I never expected social media to be used as a networking management tool either but it now exists in the form of Enterasys’ ISAAC system. If institutions are to partner with facebook, here are some things I would think need to be considered:

1) Policies – is facebook’s current terms of use/privacy consistent with an institution’s policies. For example, University of California campuses are not supposed to use Google Web Analytics. From a policy staff at UC, Google’s Terms of Service agreement for Google Analytics includes a clause requiring indemnification. http://www.google.com/analytics/tos_content.html (Term #8). Third party indemnification requires Regents approval and Campuses do not have the authority to agree to terms that require indemnification.

When facebook does change its terms of use/privacy policies, which seems to happen without notice, would institutions need to change their policies to comply with facebook? Given the slow and bureaucratic nature of higher ed, will facebook or partner institutions be willing to work at the same pace? With regards to FERPA, HIPAA and other confidentiality and security policies, as well as accessibility requirements, are institutions confident enough that facebook policies do meet these requirements?

2) Campus culture/Readiness – technology is not always the issue when it comes to implementing tech solutions. Given the campus-wide scope of a student portal, I would think different parts of the campus from student affairs/academics/legal/administrative/IT would have to be involved in the discussion and they’d all have to agree to this partnership.

3) Technology
Student portal would have to potentially tap into the different systems on campus from electronic medical records, student academic info, billing, etc and these systems interface with each other sometimes in standard protocols like HL 7 for medical systems (radiology, emr) and proprietary formats. How would this work with facebook? If facebook is to be used to do billing transactions using credit cards, does it meet PCI compliance? In addition, a single sign-on would have to be implemented for these campus systems so students can access data from these different systems. Do institutions have authentication/authorization systems that can work with facebook? Are identity providers on campus willing to use facebook as the single sign-on solution?

4) Support/Training
– If facebook is to be used, how/who would support the system? Certainly, I would think facebook knowledge be required by those who will support the system, not only from the functional area but from the technical as well.

5) Implementation
– how long, how much resources would need to be allocated?

6) Other
– Would the institution require all students, staff then to sign up for facebook? I’m not sure if 100% of all students, staff are in facebook.

Facebook as student portal is an interesting concept and it’s certainly an idea I will closely follow if it has more traction.

IT Challenge: Providing End-User Needs/Protecting the Enterprise

I read a blog post recently advocating end-users to have full admin rights to their work computers and have the ability to install softwares for efficiency and productivity. I agree that end-users (of which I am also) need to be provided the tools required to do our jobs, which includes researching new technologies. These tools include the software we need installed on our desktop that may not be provided by IT. I hear and read frustrations from end-users who seem to constantly hear “no” from IT when a request for a software or service is requested. I feel the same way sometimes. However,those software on the desktop are useless when the network or some other critical services used by the entire organization (e.g. email, student information systems) are not available as a result of disruptions caused by malicious software. I will admit that there have been a couple of times when I have had to re-image my personal machine because of a virus that I had unknowingly downloaded from an infected site. My point in sharing my experience is that even the most careful end-user with the best intention can still introduce malicious code to the network.
(continue reading…)

  • Archives

  • Copyright © 1996-2010 Joe Sabado - Higher Education & Technology Leadership. All rights reserved.
    iDream theme by Templates Next | Powered by WordPress