Appendix B, Exhibit 1: Operating Level Agreement

The purpose of this Agreement, which is incorporated as part of the California Virtual Campus – Online Education Initiative (CVC-OEI) Consortium Master Agreement for California Community Colleges, is to ensure and enable the exchange of student, course, enrollment, financial, other data as identified to meet the goals and objectives of the CVC-OEI which are to significantly increase the opportunity for higher education degree attainment in California. This Agreement establishes the principles by which data is exchanged to facilitate the necessary operations of the CVC-OEI and to do so securely and with sufficient provisions to protect student privacy and in accordance with governing policies.

The Parties

The roles of the following agencies and/or organizations (“Parties”) are defined for the purpose of this Agreement:

California Community College Chancellor’s Office (CCCCO)Project Sponsor
California Virtual Campus – Online Education Initiative (CVC-OEI),
administered by the Foothill – De Anza Community College District
Project Agency
California Community Colleges Technology Center (CCCTC)Data Processor
Quottly, Inc.Data Processor
N2N Services, Inc.Data Processor
Participating College(s)Data Owner

Objectives & Outcomes

The objective of this Agreement is to establish the principles for the timely and secure exchange of student and institutional data to support improving California Community College student outcomes through reduced time to complete required courses via greater availability of system-wide online course offerings, leading to higher completion rates and shorter time to degree or credential attainment.  

Achieving these goals is dependent on removing barriers to data exchange while preserving the security and privacy of these data.  It is recognized that the Parties comprise data owner and data processor roles within the operating processes of the CVC-OEI Consortium, and any of the Parties objecting to or failing to exchange data significantly disrupts the mission of CVC-OEI and of the broader California Community College system.  The Parties acknowledge the shared educational objectives of the CVC-OEI and commit to the individual Operating Agreement items identified below.

Scope

The terms of this Agreement apply to the academic and operational programs, projects, and associated processes involved in the delivery and operation of class schedule search, admission, granting of academic credit, transfer of student, financial, enrollment, and other relevant data needed to enroll students in courses, deliver courses, and award course credits and credentials (degrees and certificates), extend various approved financial aid awards and receive payment through the means established by the CVC-OEI.  This Exhibit shall not have bearing on the member institutions, CCCCO, FHDA, or CCCTC operations conducted outside of the scope of the Master Consortium Agreement or the processes operated in support of the CVC-OEI.

Data Definitions

The Abbreviated Enrollment Record (AER) includes data necessary for creating an enrollment record at the Teaching College. The following link lists what fields are used to create the AER electronically:

https://cvc-oei.atlassian.net/wiki/spaces/CVCOEI/pages/347832321/AER+Field+Requirements

Data Access

The Student Journey Workflow illustrates the main flow of data for the Home College, Teaching College and student through the Student-Centered CVC Exchange:

https://cvc-oei.atlassian.net/wiki/spaces/CVCOEI/pages/735870982/Cross-Enrollment+Workflow

Operating Agreements

In order to accomplish the mission of CVC-OEI per the Objectives & Outcomes noted above, the Parties agree to the following obligations and responsibilities regarding the safeguarding of the security and privacy of student data:

  • Implement and operate agreed-upon controls and implement recommended California Community College security and privacy policies as currently established (see: https://cccsecuritycenter.org/) and implement controls to meet new policies that may be enacted in an expedient manner. 
  • Hold vendors accountable to contractual security and privacy commitments for those that each party holds contracts with.  Exercise appropriate oversight of the security and privacy operations of such vendors, and as appropriate obtain evidence of the proper design and operations of security and privacy controls.
  • Agree to not impede the operations of processes and technologies supporting the CVC-OEI agreed-upon processes.  Such impediments include, but are not limited to withholding student, administrative, and/or financial information from the party that needs the data to operate in their role(s) in the CVC-OEI Consortium, failing to make available or removing technologies needed to operate, or withholding support or other personnel-related resources.
  • In the event of concerns regarding the privacy and/or security of student data, agree to raise the concern with the relevant parties of this Agreement via submission of a support ticket to [email protected]. The concern will then be escalated to the CVC-OEI Executive Director or CCCCO Privacy/Security Officer, as appropriate.  In addition, the Parties agree to continue to operate the processes and technologies as agreed and negotiate in good faith to resolve the concern and issue.  Parties shall abide by the Dispute Resolution terms in Section F of the Master Consortium Agreement.
  • Agree to provide for adequate resources and support for the exchange of data needed to support the operation of the CVC-OEI Consortium and the processes and technologies associated with the Student-Centered CVC Exchange.
  • Agree that personally identifiable student data will not be used for any purposes other than the delivery of services directly related to the mission of the CVC-OEI and functionality of the Student-Centered CVC Exchange.  Personally identifiable student data will not be used by any party or vendor subject to management by one or more of the Parties for marketing, re-sale, or any other purpose other than to directly improve the services provided.
  • In the event that law enforcement or other regulatory requests or demands are made for data containing any student identifiable information, the party receiving the data request will make every reasonable effort to direct such requests to the Home College, notify the Home College of such requests as soon as practicable, and cooperate to the extent possible with the Home College in satisfying the data request.

Updated: October 27, 2020