Arkansas Department of Education Requirements for On-line Applications and Electronic Transactions in the Arkansas Child Nutrition Programs

Memo Information

Memo Number
FIN-12-009
Memo Date
7/26/2011
Memo Type
Regulatory
Section
Fiscal & Administrative Services
Regulatory Authority
United States Department of Agriculture (USDA) Memo Update on Electronic Transactions in the Child Nutrition Programs SP 10-2007, May 1, 2007 and National Institute of Standards and Technology (NIST) Electronic Authentication Guideline, NIST SP 800-63, A
Response Required
NO
Attention
Co-op Directors; Superintendents; Technology Coordinators, Child Nutrition Directors

Contact Information

Memo Text

This memo addresses the Arkansas Department of Education (ADE), Child Nutrition Unit (CNU) On-line Meal Application Guidance for Free and Reduced-Price Meal Applications. This guidance includes the use of electronic transactions in the National School Lunch and School Breakfast Programs in Arkansas public schools.    The use of on-line student meal applications and acceptance of electronic submissions requires local education agencies ensure compliance with regard to: 1.   Security issues surrounding student and parent confidentiality and data protection, 2.   Family Educational Rights and Privacy Act (FERPA), 3.   Personal Identifiable Information (PII), i.e. social security numbers, 4.   Security issues regarding scanned documents/data storage according to state/federal requirements, and 5.   Disposal of original documents containing FERPA and PII data.       On-Line Student Free and Reduced-Price Meal Applications: For Local Education Agencies (LEAs) to accept electronic submissions for purposes of certifying students for free or reduced-price meal status the LEA must:   Local Policies and Procedures 1.   Establish or review for compliance local policies and procedures covering the five (5) areas listed in the second paragraph (above). To implement local systems based on applicable United States Department of Agriculture (USDA) and US Department of Education (DOE) applicable laws and regulations as well as ADE CNU guidance for the use, data maintenance, and retrieval of on-line school meal applications and electronic transactions for federal child nutrition programs. See USDA SP-10-2007 Memo: Update on Electronic Transactions in the Child Nutrition Programs, Questions/Answers, Definitions and Resources    Security and Legal Sufficiency of On-line Documents 2.   Ensure before procurement of computer software for acceptance of on-line applications that the software has the legal sufficiency of the information and any signature on the application.Whether an LEA uses the Electronic Signature or a combination of paper-based and electronic documents, all documents electronic or paper, must be legally binding. SeeChecklist to Ensure Electronic Records Are Legally Binding. Encryption of data must start when parent or guardian enters any data on the computer screen. Simply enabling HTTPS/SSL ensures communication between the web browser and the web server is secure but it doesn’t provide authentication security. SeeSecurity Issues Checklist.   Approval of Addendum 3.   Submit an On-line Meal Application Addendum to the LEA Agreement and Policy Statement for approval by ADE CNU. SeeLink toOn-line Meal Application Addendum.LEAs cannot require on-line applications in order for a household to receive benefits. Paper Free and Reduced-Price Meal Applications must still be distributed to all students.   Content Approval for On-line Meal Application 4.   Submit the On-Line Meal Application FORM that will be used on-line by parents or guardians for approval by ADE CNU. All content for on-line Free and Reduced-Price Meal Applications must have prior approval at the state level.    If the content varies from the state agency proto-type application approved by USDA, then the LEA must submit the specific content of the on-line application for prior approval by the ADE CNU when requesting to amend the Agreement and Policy Statement between the Arkansas Department of Education and the local education agency.   In the event that the on-line application content has not been approved before posting on-line, all applications will be void and the household will be required to re-submit the application during which time the eligibility status will be paid, not free or reduced-price.    Maintenance of On-line Records 5.   Submit the written plan and procedures for “Security and Disposal Plan for On-line Documents” which ensures maintenance of support documentation for distribution of federal and state funds. SeeElectronic Record Keeping Checklist.   Procurement of Software 6.   Maintain documentation that computer software has been purchased using open and free competition regardless of dollar threshold for purchase. USDA Food and Nutrition Services (FNS) and ADE/CNU will not approve software packages for this purpose. Should a software vendor imply such approval LEAs are instructed to inform both FNS and ADE/CNU of this violation immediately.   Security Level 2 for Signatures 7.   Must provide for Level 2 Electronic Digital Signatures according to: a.   United States Department of Agriculture (USDA) Specific Requirements:According to the USDA Guidance Memo SP-10-2007, LEAs must have the capability to provide a Level 2 authenticity security for electronic signatures in place for acceptance of On-line Student Meal Applications.  LEAs, not the software companies, have the responsibility for the Level 2 Authenticity Security for electronic signatures required for securing a student meal benefit.   b.   Arkansas Division of Information Services (DIS) and ADE Division of Technology Specific Requirements:Based upon the guidance of the Arkansas Department of Information Systems and the ADE Division of Research and Technology, ADE Child Nutrition Unit will require an Arkansas LEA to have in place a digital signature system. For State Cyber Security Guidance see website at “Cyber Security” athttp://www.dis.arkansas.gov/security/Pages/default.aspx.   The National Institute of Standards and Technology (NIST) Guidance referenced by USDA for Level 2 Security indicates “Successful authentication requires that the claimant prove through a secure authentication protocol that he or she controls the token.” To implement an authentication signature system, the software vendor or in house technology staff would create usernames, passwords, PINs, etc. to securely identify the applicant.   c.   Without an original signature from the parent or guardian on a hard copy meal application, the LEA will be required to use an authentication signature system for on-line applications such as the Grade Quick or E-School Plus. Grade Quick or E-School Plus Student systems will require the district child nutrition office or appropriate district entityto provide by mail to parents/guardians a user name and password to access the on-line meal application.    In summary for an LEA to accept on-line applications the LEA must:   1.   Complete and submit addendum to state agency.   2.   Submit on-line application to ADE CNU Area Specialist for approval prior to publication online.   3.   Level 2 Security and Data Disposal Plan for on-line document must be written plan for security, backup and disposal of on-line documents will be reviewed by SA as part of Coordinated Review Effort.   4.   On-line meal applications cannot be accepted by LEA until Addendum is approved and signed by Wanda Shockey, Director ADE, CNU.     Non-Digital Signature: When local education agencies do not have the capability to provide legally binding electronic signatures via the Grade Quick or eSchool Plus Student systems, local education agencies must collect a hard copy application with original signature.     Questions or Requests for Technical Assistance Technology Questions: For questions with regard to Level 2 Security or technology related information, please email the questions to Suzanne Davidson, CNU Assistant Director for Program Operations atSuzanne.davidson@arkansas.gov, or call 501-324-9502. If common technology questions are collected, Ms. Davidson will arrange a conference call or meeting with the affected district technology persons, CNU, ADE staff, USDA representatives, as well as Dana Thompson, DIS Security Unit, and/or Cody Decker, ADE Technology Division.   Child Nutrition Program Questions: With regard to questions concerning the On-Line Meal Application Addendum and/or Approval of On-line Household Meal Application Content prior to posting the application, please call 501-324-9502 and ask for the Area Specialist assigned to the LEA or Suzanne Davidson, CNU Assistant Director for Program Operations.          

Attachments

No attachments available