June 29, 2026

The state auditor's email lands on Monday. A privacy complaint from a parent. A request for Field Audit Trail logs showing every grade of modification across the past six terms. The IT director opens the Salesforce Setup. Field Audit Trail isn't enabled. Shield was never purchased. The institution's standard field history caps out at eighteen months and twenty tracked fields per object - nowhere near the audit window or field coverage state law actually requires.
The auditor's report lands two weeks later. Compliance gap. Corrective action plan. Six months of remediation work.
This is the gap between "Salesforce is secure" and "your Salesforce implementation is compliant." The platform ships SOC 2, ISO 27001, FedRAMP certifications. It supports Field-Level Security, audit logging, encryption, and AI guardrails. The controls don't force themselves. Without explicit configuration, every new field - including FERPA-protected ones - defaults to visible across all profiles. Default audit settings don't retain change history. Default integration permissions over-share data.
Student data protection on Salesforce is a layered architecture - platform certifications, Shield enhancements, Trust Layer for AI, and institution-side configuration.
Here's how secure student data is on Salesforce.
Six regulatory frameworks that govern student data.
An institution running Salesforce typically touches three or four of these simultaneously. The platform supports all of them; the configuration enforces them.
Six controls that ship with every Salesforce instance.
This baseline supports FERPA at a minimum. State laws and HIPAA usually require Shield on top.
Three Shield capabilities matter most for student data.
Encrypts standard and custom fields in the platform layer with customer-controlled keys. FERPA fields (grades, SSN, FA award) can be encrypted independently of the rest of the Org. Tenant Secret rotation supported.
Retains field-level change history for up to ten years. Required for FERPA-protected fields where audit reconstruction matters. Standard Salesforce field history retains eighteen months - too short for most institutional audit windows.
Tracks user activity - logins, report exports, API calls, page views - across the Org. Detects bulk data exports, suspicious login patterns, integration anomalies. Feeds Splunk, ServiceNow, or Salesforce's own Event Monitoring Analytics App.
Shield is a paid add-on, typically priced per user. For higher-ed institutions with FERPA and state-law exposure, Shield isn't optional it's the difference between an auditable Org and a compliance gap.
Six controls in the Trust Layer for institutions running Agentforce or Einstein.
The Trust Layer is built into Agentforce. It applies automatically; the institution configures masking rules and audit retention to fit FERPA and state law.
Six configuration decisions every higher-ed and K-12 institution must make.
Map FERPA, PII, financial aid, and disciplinary fields to access tiers. Define which profiles can read, edit, or export each category. Document in a data classification matrix.
Default FLS for new fields is "visible to all profiles." Override. Every FERPA-protected field starts hidden and is granted explicitly.
Multi-campus, multi-school, multi-program institutions need sharing rules that limit student record visibility to the relevant unit. OWD set to Private; sharing rules grant access where needed.
Restrict System Administrator profiles and integration of user accounts to known IP ranges.
MFA is enforced platform wide. Standard users can satisfy this with the Salesforce Authenticator app; third-partyTOTP apps, or SSO, pass a valid MFA signal. Admins and users with Modify All Data, View All Data, Customize Application, or Author Apex permissions need phishing-resistant MFA specifically - hardware security keys or device-based biometrics (Touch ID, Windows Hello). Standard email/SMS codes don't satisfy the requirements for anyone.
Production data refreshed into sandboxes must be masked. Without Data Mask, FERPA exposure extends to every developer and tester touching the sandbox.
Six rules every Salesforce student data environment needs.
Every quarter, list users with administrative permissions and confirm each is still required. Remove dormant access.
Restrict System Administrator profiles and integration of user accounts to known IP ranges.
Annual security testing by an external firm - phishing simulation, API security review, sharing rule audit — scoped and authorized in line with Salesforce's security testing policy, since testing against Multi-tenant infrastructure has defined boundaries.
Field Audit Trail logs reviewed quarterly for unusual activity - bulk grade changes, after-hours edits to financial aid, suspicious deletions.
Re-classify every custom field against FERPA, state law, and HIPAA. New fields added since last review get classified before any user sees them.
The team responsible for breach of notification (under GDPR, state laws) practices the runbook annually.
Every integration (MuleSoft, ETL tool, third-party app) is reviewed annually for SOC 2 currency, data residency, sub-processor disclosure.
No. Salesforce provides FERPA-supporting controls - Field-Level Security, encryption, Shield Field Audit Trail, audit logging. The institution configures those controls to enforce FERPA. The platform doesn't decide which fields are FERPA-protected; the institution does.
For institutions handling FERPA records with audit requirements beyond eighteen months, yes. Standard field history retention is too short for most institutional audit cycles. State laws (Illinois SOPPA, New York Ed Law 2-d) impose retention and audit obligations that standard 18-month field history typically can't meet - Shield's Field Audit Trail is one way to close that gap, though institutions should confirm with counsel which specific provisions apply to their data. effectively require Shield-level audit trails.
Hyperforce lets the institution choose which region data lives in, so that EU students' data can live in the EU region; US data in the US region. Institutions enrolling international students should validate the data residency configuration to match their GDPR commitments.
Salesforce's Government Cloud supports FedRAMP Moderate and FedRAMP High. Institutions handling federal research data, controlled unclassified information, or Department of Defense projects should run on Government Cloud, not standard Salesforce.
Student data on Salesforce is secure when the architecture is configured for it. SOC 2, ISO 27001, FedRAMP certifications cover the platform. Shield handles encryption, Field Audit Trail, and Event Monitoring. The Trust Layer protects AI interactions. The institution configures profile design, Field-Level Security, sharing rules, MFA, sandbox masking, and validation rules. Quarterly access reviews and annual penetration tests turn the controls into operational discipline.
Minuscule Technologies is a Salesforce implementation partner with 160+ Salesforce-certified consultants and 75+ projects delivered globally - including Nasdaq-listed enterprises across BFSI, manufacturing, IT services, and higher education. We architect Salesforce student data security - FERPA-aware Field-Level Security, Shield configuration, Trust Layer for Agentforce, sandbox masking, and quarterly compliance review - for higher-ed institutions, K-12 districts, and private schools.
Get a student data compliance audit with us and we'll review your FERPA configuration, Shield posture, Trust Layer setup, and the validation rules that pass audit.
You've seen what's possible. Now, let's make it happen for your business. Whether you need an end-to-end Salesforce solution, a complex integration, or ongoing managed services, our team is ready to deliver.
Schedule a Free Strategic Call