Formstack guidelines

Formstack is the web form management tool the University uses on the main University website. This tutorial is designed to help you organize your Formstack forms in an easy-to-find manner. If you are interested in learning Formstack itself, please see Formstack's excellent tutorials here. If you are interested about ensuring that your forms are legal and follow FERPA Guidelines, please read the University FERPA Policy as well as the Data Storage Guidelines Page. Please read through all terms of use before requesting access at the bottom of this page.

Terms of use

User requirements and expectations

We have a fixed number of users for the University, and the account has a limit on number of forms and amount of submission storage.

Users are expected to adhere to the following:

  • Completion of basic web accessibility training annually.
  • Create and maintain accessible forms.
  • Be FERPA compliant. Anyone collecting or viewing student data must have completed FERPA training.
  • Form submissions that include student data must be encrypted with a password that is not recoverable by Formstack or Marketing & Communications.
  • Build/assist with forms for others in their division.
  • Do not create custom themes.
  • Do not use inaccessible fields: Credit card, signature, date and time selector (use short answer), or matrix.
  • Move submissions annually to your unit’s organizational NevadaBox folder. Marketing & Communications reserves the right to delete submissions over a year old.
  • Forms should be reviewed and audited annually to ensure they are current and still needed, otherwise deleted.

Failure to comply with the terms of use may result is loss of account access.

Usage guidelines

The following guidelines have been created for the use of Formstack at the University. The guidelines describe the types of information that should be collected via web forms.

  1. Do not collect any of the following information on forms:
    • Social Security Number
    • Credit Card Information
    • Protected Health Information (PHI)
  2. Confidential data, such as Personally Identifiable Information (PII) and Family Educational Rights and Privacy Act (FERPA) data, may be collected as long as the following security guidelines are followed.
    • Encryption must be enabled.
    • Authentication via NetID must be enforced.
  3. Examples of FERPA data elements are listed below.
    • Name
    • Participation in officially recognized activities and sports
    • Address
    • Telephone Number
    • Weight and height of members of athletic teams
    • Email address
    • Degrees, honors, and awards received
    • Major field of study
    • College
    • Dates of attendance
    • Date of graduation
    • Undergraduate and graduate status
    • Most recent educational agency or institutions attended
    • Enrollment status (full-time or part-time)
    • GPA (grade point average)
    • Grades/exam scores
    • Standardized test scores
    • Actual number of hours enrolled
  4. Do not collect information you do not need.
  5. Do not use the following Formstack components as they are not ADA accessible.
    • Date/Time - If the date is needed, add the separate boxes to collect the date and time.
    • Address Block - Create separate short answer boxes to collect address information
    • "Add Other" option for radio and checkboxes. Add a unique short answer box to collect "other" information.
    • Signature box - Create a required checkbox with an agreement and a textbox where the user types their name.

Data storage

  • Sensitive and Confidential data are required to be stored using the Encrypt Saved Data option under Security.
  • Sensitive and Confidential data may be stored according to the Data Storage Guidelines.
  • The form creator and college/division are responsible for all data collected.
  • In the event of a security or data breach, the University Chief Information Security Officer must be notified immediately.
  • Users with access to Sensitive and Confidential data are required to attend FERPA and/or HIPAA training

Naming and storing conventions

New forms

Proper naming conventions and organization of forms allow for easy maintenance and support of forms. 

  • Left click on a folder on the left panel that corresponds the department you belong in. For example, if you were in Education, click on the EDU-Education folder. 
  • Create a form inside your department's folder. Left click the blue button on the top right of the page that says "Create New Form".
  • Under the form name field, give your form a three or four digit letter abbreviation belonging to that department. For example, if you were in Education, you want to prefix your forms as (EDU). If you were in Student Services, you'd want to prefix your forms as (STSV). For example: (EDU) College Adults Form is a valid name for a form. Note: a complete list of form names can be seen on the left side panel of folders on the Formstack website.
  • The Form URL field will fill automatically, but you can replace this with another name if you would like.

Existing forms

If you have an existing form and are unsure where to put it, please follow the following steps.

  • Left of the form you are working on is a box. Click on that box. This will give it a green check mark.
  • Click on the "move to" button.
  • Move that form, or list of forms, into the appropriate folder. If the appropriate folder does not exist, please let Marketing and Communications know and we will create one for you.

*NOTE: Marketing & Communications may periodically clean up all Formstack forms including organization into appropriate folders and renaming forms to the appropriate name.

Requesting access

Access is dependent on available seats. Access may be denied if your major unit has existing Formstack users.

Request Formstack access