Maintained for Historical Purposes

This resource is being maintained for historical purposes only and is not currently applicable.

Summary: Updated COD Web Site Access for Third Party Servicers

Publication Date: February 1, 2006

Author: G. Kay Jacks, General Manager, FSA Application, School Eligibility and Delivery Services

Summary: Updated COD Web Site Access for Third Party Servicers

Posted on 02-01-2006

This announcement provides updated instructions for third party servicers seeking access to the Common Origination and Disbursement (COD) Web site, www.cod.ed.gov/. These instructions supersede all previous versions that we have posted on the IFAP Web site.

The first step to gaining access to the COD Web site is to set up a security administrator for your organization. The questions and answers that follow below explain how to complete the set up process. Once the security administrator is set up, he or she will be able to set up other COD Web site users in your organization.

Schools should refer to the Electronic Announcement entitled "Updated COD Web Site Access for Schools" (that we are posting to the IFAP Web site along with this one) for the procedures they follow to access the COD Web site.

What is a security administrator for the COD Web site?A COD security administrator provides access to the COD Web site for users in his or her organization. Your organization can determine the number of security administrators for the organization, although we suggest that the number be limited for security purposes.

How do we set up a security administrator for our organization?Your organization must submit a security administrator request letter by mail, so that we have a signature on file. This letter must be printed on your organization's letterhead and include the following information:

  • Organization's name;
  • Organization's COD ID (if you do not know your organization's COD ID, contact the COD School Relations Center);
  • Security administrator's first name;
  • Security administrator's last name;
  • Keyword - security administrator's mother's maiden name, favorite dessert, or pet's name (include only one keyword of 20 or fewer characters that will be used to identify an administrator if he or she forgets the Web site password);
  • Security administrator's work telephone number;
  • Security administrator's e-mail address;
  • Security administrator's job title;
  • Security administrator's work address;
  • Security administrator's work fax number;
  • Security administrator's signature; and
  • Approving authority's name, title, work telephone number, e-mail address, and signature (this must be a different and higher-ranking official of the organization unless there is no higher-ranking official than the security administrator).

It is not necessary to include the name or COD ID of the school or schools supported by your organization. COD automatically establishes these relationships based on data stored in SAIG.

Where does our organization send the security administrator request letter?Mail the signed security administrator request letter (printed on your organization's letterhead) to:

U.S. Department of Education
Attn: COD Web Access
COD School Relations Center
P.O. Box 9003
Niagara Falls, NY 14302

How will our organization's security administrator receive his or her user name and password?The COD School Relations Center will send the security administrator's user name and password to the e mail address provided in the security administrator request letter. For security purposes, the COD School Relations Center will send the user name and password in separate e-mails. The security administrator's password is sensitive information and should not be shared with anyone.

How does our organization's security administrator reactivate his or her user ID if it is automatically deactivated due to one of the established inactivity events?A security administrator's user ID will be automatically deactivated when-

  • A temporary password is not changed within a 24-hour period;
  • The COD Web site is not accessed for a consecutive 6-month period following the first visit and change of temporary password; or
  • The COD Web site is not accessed for a consecutive 3-month period following the last visit of a user who has logged in to the COD Web site more than one previous time.

To reactivate his or her user ID, the security administrator must call the COD School Relations Center.

Once our security administrator is set up, how does he or she create user accounts for staff members in our organization?To create user accounts for staff members in your organization, the security administrator completes the following steps:

  • Log in to the COD Web site, www.cod.ed.gov/, and click on the User tab to display the User Search screen.
  • Click on the Create New tab at the bottom of the User Search screen to display the Create Profile screen.
  • Enter the following information for the new user:
    • First name;
    • Last name;
    • Keyword;
    • Phone number; and
    • E-mail address.
  • Select the new user's security access level from the User Role drop down box. For a listing of the COD Web site functionality available to each User Role, refer to the "Third Party Servicer User Roles" section of the "Common Origination and Disbursement (COD) Web Site User Roles" chart attached to this announcement.
  • Select the appropriate COD ID from the Entity ID Type drop down box.
  • Enter a new password in the New Password field. (Passwords are case sensitive and must be 8 characters consisting of 6 alpha, 2 numeric or 5 alpha, 3 numeric.)
  • Re-enter the new password for confirmation in the Re-enter New Password field.
  • Click on the Submit button at the bottom of the Create Profile screen. A Profile screen with the new user's information (including the COD system-generated User Name) then displays.
  • Click on the Submit button at the bottom of the Profile screen to confirm the new user.
  • The new user's user name and password will then be sent to the new user in separate e-mails.

Notes:1. Each user (Third Party Servicer User 1-4 as well as security administrator) is responsible for keeping his or her own "Keyword" field current. A user may change his or her "Keyword" at any time.

2. If the user ID for a Third Party User 1-4 is automatically deactivated due to one of the inactivity events listed in "How does our organization's security administrator reactivate his or her user ID if it is automatically deactivated due to one of the established inactivity events?", the user must contact the security administrator to reactivate his or her user ID.

3. When a Third Party Servicer User 1-4 no longer requires access to the COD System, the organization's security administrator has the responsibility to deactivate the user ID for that user in the COD database.

Should we provide a list of schools that our organization services and their COD IDs in the security administrator request letter?No, it is not necessary to include this information in the security administrator request letter. Also, do not create user IDs and passwords for the school or schools that your organization supports. As previously noted, schools are responsible for setting up their own COD security administrators and user accounts.

Will our organization be able to view information and records for the school or schools that we support?Yes. COD receives information about the relationships between schools and third party servicers from data stored in the TG Numbers at SAIG. This information allows users within a third party servicer organization to access data for the school or schools they support, provided that the TG Numbers at SAIG reflect that a relationship exists. If a change in relationship occurs, the school must contact CPS/SAIG Technical Support about the change. The toll-free telephone number is 800/330-5947, and the e-mail address is CPSSAIG@ed.gov.

How does our organization update information about a security administrator or set up an additional security administrator?When your organization needs to update information about your current security administrator or set up an additional security administrator, it must submit a new signed security administrator request letter that includes all of the required information.

How does our organization deactivate a security administrator's account if we no longer want him or her to be our security administrator?When your organization needs to deactivate a security administrator's account, it must notify the COD School Relations Center in writing. The written notification may be-

  • Mailed to the address provided in "Where does our organization send the security administrator request letter?";
  • Faxed to 877/623-5082; or

In all cases, the written deactivation request must include the following information:

  • Name of Security Administrator (whose account is to be deactivated);
  • Third Party Servicer's name;
  • Approving authority's name;
  • Approving authority's title;
  • Approving authority's work telephone number; and
  • Approving authority's e-mail address.
    Note: The approving authority should be the same official who requested the set up of the security administrator. However, if the initial approving authority no longer serves your organization in that capacity, the new person in that capacity should be named. As a reminder, the approving authority must be a different and higher-ranking official than the security administrator unless there is no higher-ranking official than the security administrator.

If the deactivation request is mailed or faxed to the COD School Relations Center, it must be printed on your organization's letterhead.

If the deactivation request is e-mailed to the COD School Relations Center, it must be sent from an address that clearly identifies your organization.

Contact Information

If you have any questions about this announcement or experience any difficulty setting up a COD security administrator, contact the COD School Relations Center at 800/4PGRANT for Pell Grant or 800/848 0978 for Direct Loan. You may also e-mail CODSupport@acs-inc.com.

Attachments/Enclosures: