Student Identification Verification Standard

Purpose

The purpose of this standard is to support the University's Verification of Student Identity Policy (12.027) so that the university can ensure there are standardized methods of verifying identity. Standardized identification verification methodologies will ensure that Ohio University operates in compliance with federal requirements for verification of student identity in distance education. 

Scope

This standard applies to Ohio University (OHIO) programs, courses, and activities, including courses designated as Distance Education or other comparable designations. OHIO offers online courses that meet the U.S. Department of Education’s definition of distance education. Starting from the application for admission and continuing through a student’s graduation, transfer, or withdrawal from study, all faculty, staff, and students are responsible for complying with this standard.

Standard

Ohio University issues physical ID (identification) cards to faculty, staff and students. Ohio University ID cards are used to verify an individual’s status as a student, faculty or staff member in good standing. To obtain an ID card an individual must present a valid form of identification as outlined below:

Initial identity verification:

• Passport (US or foreign) or passport card
• Permanent Resident Card or Alien Registration Receipt Card (Form I-551)
• Employment Authorization Document that contains a photograph (Form I-766)
• Driver's license or ID card issued by a US state or territory of the United States provided it contains a photograph
• ID card issued by US federal, state or local government agencies or entities, provided it contains a photograph
• U.S. Military card that contains a photograph
• Driver's license issued by a Canadian government authority that contains a photograph

Once an Ohio University ID Card is issued it then also becomes an acceptable form of identification at Ohio University.

All faculty and staff members responsible for enabling a student’s initial course registration process are responsible for verifying the identity of the student prior to initial course registration. Identity verification can occur in person, or via a video call. In the event a student is at a distance, is unable to come to campus, and does not have access to persistent or quality internet they can verify their identity by completing the Verification of Student Identity form and submitting that form according to the instructions as outlined on the form. In each instance the student will be required to show or submit a copy of a valid photo ID to the faculty or staff member.

Ongoing Identity Verification

After initial verification of identity, the university has an ongoing responsibility to verify the identity of distance students in compliance with federal regulations 34 CFR §602.17 HLC Policy Number FDCR.A.10.050. The University has established processes to confirm that a person who is enrolling in courses at the University is the same person who provided identity documentation at the time of course registration at the University, who submits assignments, completes examinations, and participates in, completes, and receives credit for the course.

Ohio University complies with federal requirements by authenticating student identities through individual secure credentials (i.e., User ID and password). The University uses a combination of a learning management system (“LMS”) and a student educational records management system to maintain student information. Additionally, the university enforces the student code of conduct to ensure integrity of students’ completion of credit-bearing courses. 

Secure Credentials (Login and Password combination)
Each student has their own assigned credentials, consisting of the User ID, commonly referred to as the “OHIO ID,” and password combination. The OHIO ID is not a secure credential and may be displayed at various areas in the learning management system. The password used in combination with the OHIO ID to enter the system is a secure credential. University Credentials Policy (91.004) strictly prohibits sharing or giving access passwords to anyone other than the user to whom they were assigned. All users of the University’s learning management systems are responsible for maintaining the security of passwords and any other access credentials assigned. The University provides information to its users, including students, regarding password security, academic integrity, privacy rights, and sensitive data security.

Associated Fees with Verification of Student Identity

Federal regulations require the University to notify students of any projected additional student charges associated with the verification of student identity at the time of registration or enrollment. Federal regulations also require the University to make readily available to enrolled and prospective students the cost of attending the institution (34 CFR § 668.43).

The University notifies all students of projected additional costs in the Schedule of Classes. Registration for classes at OHIO is an electronic process, and bills are generated based on the student’s course selections. Therefore, if any distance education course requires a proctored exam or has other associated fees, the institution discloses to students this information upon registration for the class. The Schedule of Classes indicates that a proctor, if needed, may charge the student a fee. The University may also authenticate student identities through a combination of the following methods:

• Proctored examinations (remote and/or in-person)
• Pedagogical and related practices that are effective in verifying student identity (e.g., faculty review, questioning students, etc.); the  Center for Teaching and Learning (CTLA) is a great resource for such practices . or
• Other technologies approved by the University have been shown to be effective in verifying student identification.

New or Emerging Technologies

Third party vendors that provide identity verification or proctoring software services may be used by the University or its academic units. Course instructors must use the identity verification or proctoring software approved by the University unless granted an exception in accordance with the Information Security Standard: Third Party Vendor Management.  All university employees are responsible for submitting a technology review if they desire to utilize technology that has not yet been reviewed through the technology review process. Technology and student accountability may not always verify identity or ensure academic integrity. Therefore, instructors are encouraged to design courses with unique assignments and evaluations unique to the course and that promote academic integrity whenever feasible and pedagogically appropriate. Ohio University’s Acceptable Usage Policy 91.003 applies to all students regardless of location and addresses the misuse of electronic resources. Further, the Ohio University student code of conduct outlines for students the definition of academic dishonesty, which includes situations such as sending a substitute to take one’s test, conducting research for another student, and other related situations.

Privacy Protection

Privacy of student education records is governed by FERPA.  All methods used by any University employee to access and/or verify student identity in distance education must protect the privacy of student information and maintain compliance with FERPA , Policy 92.001:  Privacy Protection ,the University’s information security policies and standards. Personally identifiable information collected by the University may be used as the basis for identity verification. For example, a student requesting a password to be reset may be asked to provide two or more pieces of information for validation to compare with data on file.

Compliance

Employees and students are expected to comply with this standard and associated University policies and standards in promoting the academic integrity of its distance education courses. These policies and standards are widely disseminated throughout the University. Units and employees are expected to comply with this policy when engaging in distance education courses and programs. Failure to comply could result in disciplinary action of employees, suspension of distance education courses, and/or financial loss of courses found in violation of this policy. Federal regulations related to distance education were used to guide this policy and any violation of this policy will be taken seriously. Individuals may report violations of this policy to the Office of Audit Risk and Compliance . 

Definitions 

Sensitive data: term used to describe the classification of data at a medium or high level that must be protected against unauthorized disclosure. Additional information can be found via  University Policy 93.001 Data Classification and by visiting the  Information Security Website. 

References

1. Policy 12.027 Verification of Student Identity
2. Policy 09.900 Issuance of Identification Cards
3. Policy 91.003 Acceptable Usage
4. Policy 91.004 University Credentials
5. Policy 91.005 Information Security
6. Policy 92.001 Privacy Protection Policy
7. Policy 93.001 Data Classification
8. Third-Party Vendor Management Standard
9. NIST 800 Series Publications

Exceptions

All exceptions to this standard must be formally documented with the ISO prior to approval by the Information Security Governance Committee (ISGC). Standard exceptions will be reviewed and renewed on a periodic basis by the ISO.

Request an exception

Complete Exception request form .

Governance

This standard will be reviewed and approved by the university Information Security Governance Committee as deemed appropriate based on fluctuations in the technology landscape, and/or changes to established regulatory requirement mandates.

Reviewers

The reviewers of this standard are the members of the Information Security Governance Committee representing the following University stakeholder groups:

• Information Technology - Ed Carter (Chair)
• Human Resources - Michael Courtney
• Faculty - Hans Kruse
• Senior Associate Dean – Brian McCarthy
• Finance and Administration – Julie Allison
• Faculty - Shawn Ostermann
• Regional Higher Education - Larry Tumblin
• Enterprise Risk Management and Insurance - Larry Wines
• Office of Audit, Risk and Compliance – Joshua Gonzalez
• Faculty – Bruce Tong
• Additional Reviewers:
  • The Student Identity Working Group
  • Assistant Vice President for Student Information Strategy and University Registrar – Bob Bulow

History

Draft versions of this policy were circulated for review and approved November 15, 2024.