Recent media has reported that there is considerable risk of forged degrees and diplomas entering Australian employment markets visa sophisticated, off-shore forgery businesses offering them at a premium fee.

With this in mind, most Universities and Registered Training Organisations (RTOs) would have received advice from the Tertiary Education Quality Standards Agency (TEQSA) asking that these institutions review their own policies and procedures in relation to the 'integrity and security of your student record systems and the production of testamur certificates'.  RSM has been assisting our RTO clients with this task, of which some crucial points of interest have arisen.

As an RTO, has your organisation considered the following elements of the security surrounding your award processes? - 

Physical controls of Parchment Storage 

What are the physical controls around the storage of your stock of parchment onto which your awards are printed?  How secure are they? Will they prevent unauthorized access? Weak controls in this area may leave your organisation susceptible to theft, and therefore misuse of your brand.

Electronic Template Security

What are the locations of your electronic templates?  Who has access?  Are they protected or encrypted? As above, weak controls in this area may leave your organization susceptible to theft, and therefore misuse of your brand.

Off-site printing security 

For 3rd party printing of these awards, do you have written agreement in place as to how those parties are to handle your information, parchment stock and award data?  Do you periodically check that these agreements are being followed by the 3rd party?

Transfer of data security 

How is your award information transferred to printers?  IN what format?  What to the printers do with the data, once processing is complete?

How secure is your Student Management Systems (SMS) from external hacking  

Have you recently completed any Vulnerability Assessments or Penetration Testing of your SMS?  Have there been any recent attempts to infiltrate  your SMS?

These are valid questions that we have been assisting our RTO clients in reviewing and addressing with a view to strengthen the control framework in the area and therefore mitigate the risk of forgeries.