Higher Education Innovation In Action

  • Credentials Explains: What is a Data Matrix Barcode?

    by Rose Addison, Manager, Documentation & Training | Feb 06, 2018

    Credentials Solutions ExplainsA data matrix barcode, or DMB, is a unique two-dimensional barcode encoded with alphanumeric information. Each DMB is comprised of black and white dots and/or squares, most commonly displayed in a square pattern. Generally speaking, specialized camera equipment and software is required to read the light and dark areas of the code, decode it, and then analyze the information within.

    Data stored within the code is contained in columns and rows, so the size of the DMB itself ranges, as it depends on the amount of data included. The binary numeral system is used to represent this stored data – dark spots typically represent a “1”, while light spots usually indicate a “0”. Each DMB arranges its matrix within a predetermined standard to correctly orient the code and accurately provide a count of the numbers of rows and columns within the symbol.

    Today, DMBs are used across many different industries, in countless applications. If you haven’t noticed them yet, you will now. DMBs exist everywhere; they’re on our car tires, the computers we work on, the smartphones we tweet with, and the food we eat… NASA even engraves DMBs onto specialized aerospace parts eliminating the need for traditional labels that might fall off or get damaged along the way.

    At Credentials, we use DMBs within the eRoboMail® solution. Each transcript page contains a very small data matrix code used by our advanced machinery to properly sort, stuff, and seal transcript pages. Incorporating DMBs allows us to automate tedious manual processes and provides an extra measure of built-in quality assurance! If ever a transcript page gets out of order or pages are not properly sorted, our machines come to a halt to avoid any potential errors.

  • Credentials Explains: What is the Intelligent Mail Barcode?

    by Rose Addison, Manager of Documentation & Training | Jan 23, 2018

    Credentials ExplainsIntelligent Mail barcode, or IMB, is a 65-character string used by the United States Postal Service to provide efficiency and visibility throughout the delivery process.

    IMBs are height-modulated barcodes – vertical bars – comprised of up to 31 decimal digits representing 130 bits of helpful mail data. These bars mean nothing to the human eye, but once read by USPS mail-processing equipment, sorting the information becomes available as the letter makes its way to its destination. This data can then be communicated for delivery transparency and tracking.

    IMBs are required to qualify for automated pricing and therefore are applied by the sender. At Credentials, we use IMBs in our eRoboMail® solution, which prints, folds, stuffs, creates postage automatically, and best of all, provides mail history via the IMB. Using our state-of-the-art machinery, transcripts are processed and delivered faster than ever before and without error.

  • Credentials Explains: Our Approach on Authorization

    by CS Staff | Jun 28, 2017

    Here at Credentials, we offer several authorization options to our TranscriptsPlus® clients. Not every institution utilizes each method – as clients choose methods that work best for their specific preferences and requirements.  

    All methods have been evaluated by the American Association of Collegiate Registrars and Admissions Officers (AACRAO) using FERPA regulations, specifically §99.30, which allows disclosure of education records to any party listed in the consent and §99.31(a), which provides for disclosure without consent to third-party agents, such as outside contractors, that perform an institutional service or function.

    The four methods of authorization here at Credentials are: PIN/SHA Authentication, Automatic Authorization, Mouse Signature Authorization, and Wet Signature Authorization.

    PIN/SHA Authentication

    PIN/SHA authentication takes place when the student signs on at the school’s web portal and accesses the TranscriptsPlus online order form via his/her web portal; because of this, the requestor’s identity is authenticated during the initial log on and passed to Credentials in a secure and locked down method.  

    Automatic Authorization

    Participating institutions configured with our automation tool, RoboRegistrar®, have the option to work with automatic authorization, which takes place when a predetermined set of data elements entered on the TranscriptsPlus order form match the information within the Student Information System. When automatic authorization requirements are not met or automatic authorization isn’t offered at an institution, requestors are required to sign an Authorization Form.

    “Mouse Signature” Authentication

    Credentials now supports mouse/electronic signatures through our Self-ServicePlus™ application. When institutions work with this option, Credentials provides the option to sign our Authorization Form electronically, using a mouse, touchscreen, or stylus. This method is very convenient and can be offered based on the school’s written approval.

    Wet Signature Authorization

    A wet signature authorization takes place whenever any of the above options are not used or requirements were not met. At the end of the transaction, a barcoded PDF is sent to the student that requires a wet signature to authorize the order.  In most cases, the signed Authorization Form can be uploaded, faxed, or mailed.

    Most schools choose to have Credentials receive and process the Authorization Form, however, we do have some institutions that prefer to receive and process the Authorization Form themselves. These signature authorization forms are handled on a first in, first out basis by our Customer Service Representatives (CSRs). Our CSR group processes between 40,000 and 62,000 Authorization Forms each month, which doesn’t even include the number of automatic or PIN/SHA authorizations!

    Because the authorization process is a serious legal matter, we treat it as such! Each CSR spends a total of 15 hours learning the authorization process with a qualified trainer before he or she is allowed to perform the function unaccompanied. Once the form is accepted and saved, a different set of eyes performs a quality assurance audit on the received authorization to ensure FERPA guidelines are strictly met.

    We’re proud to offer such a comprehensive offering of authorization methods!

  • Credentials Explains: What is SOC 2?

    by Rose Addison, Manager of Documentation & Training | Feb 01, 2017

    SOC 2® is the next generation of globally recognized SAS 70 auditing standards, which were set forth by the AICPA in 1992 and centered around financial reporting.[1] As the Internet grew and cloud computing and web services became ubiquitous, the AICPA updated its standards to meet the needs of the information age and its new business models.

    Today, many universities automate or outsource administrative tasks: student portals, transcript orders and degree verification are just a few examples. While transcripts on demand and round-the-clock access to information are certainly convenient for students, the decentralization of data increases the risk for its exposure. SOC 2 is designed to mitigate this risk through independent auditing of technology service providers (also known as “service organizations”) and their systems.[2]

    Trust Services Principles

    A SOC 2 Report is performed by a certified, independent auditor (e.g., an accounting firm), and focuses on a set of Trust Services Principles, including:[3]

    • Security – Both physical and virtual access to systems and data are protected from unauthorized users
    • Availability – Products and/or services are available for use as set forth in the vendor agreement
    • Processing Integrity – A system works the way it’s supposed to: login credentials are verified, transcripts are processed on time, accurate results are returned, etc.
    • Confidentiality – Sensitive information is kept secure as agreed in the vendor contract and in compliance with any regulatory standards
    • Privacy – The disclosure, retention and disposal of personal data complies with Generally Accepted Privacy Principles (GAPP) that are published and maintained by the American Institute of Certified Public Accountants (AICPA) and CPA Canada

    An Extra Layer of Assurance

    Universities are ultimately responsible for any and all data breaches, and though they may already have a set of requirements in place for their service providers, SOC 2 certification offers an extra layer of assurance. A wide range of vendors – from cloud storage firms to SaaS (“Software as a Service”) companies – may voluntarily undergo a SOC 2 audit. Upon successful completion and certification, audits are typically performed on an annual basis.[4]

    [1] Evolution of SAS 70 to SOC Reports. (2012). American Institute of Certified Public Accountants (AICPA). Retrieved from 
    [2] Service Organization Controls (SOC) Reports for Service Organizations. AICPA. Retrieved from'sManagement.aspx
    [3] Explaining SOC: Easy as 1-2-3. (2012). James C. Bourke, AICPA. Retrieved from      
    [4] Expanding Service Organization Controls Reporting. (2011). Chris Halterman, Journal of Accountancy. Retrieved from 

  • Credentials Explains: What is Section 508?

    by Kate Heider, Technical Writer | Dec 08, 2016

    Section 508 is an amendment to the U.S. Workforce Rehabilitation Act of 1973. It requires federal agencies and their contractors to make all electronic communications and information technology accessible to people with disabilities. It’s also the first federal law to detail best practices for website accessibility.[1]

    Although public and private universities and their vendors are exempt from the Workforce Rehabilitation Act itself, many states have adopted 508 standards in laws that govern higher ed.[2] Even voluntary compliance is considered good practice among schools, as an estimated 11% of undergraduate students and 7-8% of grad students are disabled.[3],[4]

    Accessibility Standards

    Accessibility standards set forth under Section 508 cover a wide range of technologies, from computer hardware and software to telecommunications products and the Internet. The long list of standards includes:

    •  Teletypewriter (TTY) compatibility with telecommunications equipment
    •  Caption decoder circuitry built into television screens
    •  “Tactilely discernible” keys and controls for users who are blind
    •  Preservation of accessibility features and user settings (e.g., screen contrast and brightness)

    For websites in particular, Section 508 outlines sixteen rules for things like input controls on forms, text rendering, screen readers, site navigation, and color coding. Eleven of these rules were taken from the World Wide Web Consortium (W3C) recommendation: Web Content Accessibility Guidelines (WCAG).[1]

    Proposed Update

    In 2015, the United States Access Board, which is tasked with authoring federal accessibility guidelines, proposed an update to Section 508 to reflect sweeping changes in technology over the past 15 years and to incorporate criteria from latest version of WCAG.[5]

    [1] Web Accessibility Standards. (2016). California Dept. of Education. Retrieved from 
    [2] Higher Education, the Americans with Disabilities Act and Section 508. University System of Georgia. Retrieved from     
    [3] Fast Facts – Students with Disabilities. (2016). National Center for Education Statistics. Retrieved from   
    [4] Data Sources: Graduate Students with Disabilities. (2011). Council of Graduate Schools. Retrieved from         
    [5] WCAG 2.0 Conformance. (2015) Retrieved from