Des Moines Area Community College

About the Client

Des Moines Area Community College (DMACC) is a community college in central Iowa. The College offers 225 degrees, programs and certificates to 63,917 students from 99 counties. The College is approved by the Iowa State Department of Education. It is governed by a nine-member Board of Directors, each representing one of the nine districts the College serves. It is accredited by the Higher Learning Commission of the North Central Association of Colleges and Schools.

Challenge

The college were seeking a qualified firm to help them identify their data privacy risks via thorough security assessments.

Solution

DMACC selected OculusIT over other firms, due to their successful higher education engagements (more than 50) in last 6 years in the domains of compliance, data protection, data security, data loss prevention and security monitoring / breach notification implementations.

Through this partnership, OculusIT perform the following services for DMACC:

• Threat assessment
• Asset identification
• Audit technical, administrative and physical controls
• Data security measures
• Right to Erasure
• Risk mitigation
• Incident response procedures
• Network design check and utilization analysis
• Network configuration and backup policy
• IOS and patch status on network and security devices
• Network vulnerability assessment
• Password management
• Audit recommendations and executive report

Post the security assessment, DMACC selected OculusIT for Data Protection Officer-as-a-Service.

Previously OculusIT had conducted an audit of DMACC’s systems to ensure compliance with EU General Data Protection Regulation (GDPR), US Gramm-Leach-Bliley-Act (GLBA) and also conduct Vulnerability Assessments for their systems. This engagement is a logical next step after the initial assessment and following the remediation steps.

• Under this engagement, OculusIT appointed a Data Protection Officer (DPO) to provide expert advice to all DMACC staff to comply with GDPR and DPIA provisions and how they can better manage data privacy at the institution. The DPO also monitors and guides the team for maintain GDPR compliance and help them develop procedures for reporting data breaches on an ongoing basis.
• The role of the DPO is also to ensure that DMACC staff continues to be compliant with the GDPR, GLBA and other prominent data privacy regulations under the scope of work.
• OculusIT also conducts interactive training sessions for GDPR, followed by periodic GDPR audits and re-assessments to review security procedures and ensure that all adequate controls have been established for the protection of personal data at DMACC.

Major Success

• Major hauled and helped DMACC review their compliance to various data privacy regulations and providing a strong roadmap for remediation.
• Cost optimization by eliminating costly upgrades