AWS Security Blog

FERPA Compliance in the AWS Cloud

July 24, 2020: The whitepaper Auditing Security Checklist in the list of additional resources has been replaced by a Cloud Audit Academy course.


US Department of Education logo

The security of personally identifiable information (PII) continues to be an important topic among all sectors, and education is no exception. Covered entities subject to FERPA are turning to cloud computing as a highly efficient way to manage and secure vast amounts of educational records and student data. To bring clarity to securing student data and privacy, we published a FERPA Compliance on AWS whitepaper.

As background, the primary intent of the Family Educational Rights and Privacy Act (FERPA) is to protect student identities and the privacy of their student records related to educational records, PII, and directory information. Security is a core functional requirement of FERPA, requiring mission-critical information to be protected from accidental or deliberate theft, leakage, integrity compromise, and deletion. The FERPA Compliance on AWS whitepaper is designed to assist educational agencies and institutions that are considering the use of Amazon Web Services (AWS) for educational data.

This whitepaper contains guidance around 13 key services and tools to consider as you move student PII to the cloud, including firewalls, security logs, and encryption. The whitepaper also details relevant certifications in sectors also processing sensitive information. For additional questions around FERPA compliance in the cloud, contact an AWS Business Representative.

Additional resources


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.