Skip to content
Case study · Education

Education
Higher education / records & compliance

A university kept grades and attendance scattered with no audit trail on who accessed student records. SDEN deployed University Portal's grading and access governance in six months.

Client
A university
Sector
Higher education / records & compliance
Duration
Approximately six months end-to-end

The premise

Student records are sensitive, and most campuses cannot say who has looked at them. Grades and attendance live in spreadsheets that anyone with the link can open; access control is a matter of convention rather than enforcement; and when a question about who saw a record arises, there is no log to answer it. The exposure is real and quiet until it is not.

University Portal treats the student record as something to be governed: audited on every access, gated by role at the type level, and protected by 2FA. This case covers the rollout to a university.

Challenge

Grades scattered, access ungoverned, no audit trail

Grades and attendance lived across spreadsheets with no real access control (anyone with the link could open them) and no record of who had. The university could not answer a basic compliance question: who accessed this student's record, and when.

Access was governed by convention, not enforcement, so a mistake was always one shared link away.

Approach

Online grading, audited access, type-level RBAC

University Portal replaced the spreadsheets with online grading and automatic averages, put an audit log on every access to a student profile, enforced role-based access at the type level rather than only in the UI, and required 2FA.

  1. Phase 1: Records and role model

    Three weeks. Mapped the student record, the roles permitted to touch each part of it, and the retention and audit requirements the university had to meet.

  2. Phase 2: Grading and access control

    Eight weeks. Online grading with automatic averages deployed, with role-based access enforced at the type level (not just hidden in the UI) and 2FA required on every account.

  3. Phase 3: Audit logging and migration

    Seven weeks. Audit logging went live on every access to a student profile, streamed for retention, and grades and attendance migrated off the spreadsheets into the governed record.

Outcome

Every record access audited, access enforced at the type level

Grading moved online with automatic averages, and every access to a student profile is now logged, so the university can answer who saw a record and when. Role-based access is enforced at the type level, which means a permission mistake is a compile error, not a shared link.

2FA on every account closed the last easy path into sensitive records.

Every access

to a student record, audit-logged

Type-level

role-based access enforced in code, not just the UI

2FA

required on every account

Continue

More from SDEN: education

Case study

Education: Higher education

SDEN deployed University Portal to a mid-size university, replacing spreadsheets and five disconnected SaaS tools with one academic suite, removing 2,000 hours a year of manual administration.

Case study

Education: Higher education / academic operations

SDEN deployed University Portal's role-aware AI assistant to a college, giving each of five roles a scoped assistant with 15 integrated tools, and a single shared channel across students, faculty, and staff.

Engineering domain

Software & Mobile Development

We design and ship web platforms, applications, and native or cross-platform mobile apps, from prototype to store and production release, built for performance and real-world use, on modern engineering foundations.

Let's get to work

Got a project worth building?

Tell us about your project. We work with a limited number of clients at a time, and we'll get back to you within 24 working hours with a first engineer's read, no commitment.

Start a project[email protected]
WhatsAppChat with the team
LinkedInFollow SDEN
X@sdenengineering