ABSTRACT Academic Enterprise Resource Planning (ERP) systems are meant to integrate the separate activities, processes, and functions within a higher institution to help streamline the process and to provide real-time, on-demand information needs. The volume of data produced by academic institutions grows every day. Due to the increasing numbers of staff, students, departments, and programs, this continuous growth requires continuous scaling and improvement of the academic ERP system. Therefore, to adapt to this continuous growth, the system should be constructed based on a cloud computing platform. Cloud-based Enterprise Resource Planning system address many security and privacy issues in higher institutions: the increase of data/information, cost of hardware/software, data alteration, loss of data during migration from one server to another server, limited teaching materials and resources, high administrative costs, difficulties in managing large population of learners against small number of lecturers. This study designed a security and privacy model for an academic cloud-based ERP system. In this study, the researcher used a qualitative research design to examine the current server-based ERP system for Kampala International University and descriptive design to determine the requirements for the development of a secure model for cloud-based ERP system, which was guided by a well-structured interview guide and expert panel. Data was collected from the ICT department, interviewing four staff who manage the current server-based ERP system. The findings from this study showed that higher institution is faced with security and privacy challenges that compromise the Confidentiality, Integrity, and Availability of data/information. Also, a security and privacy model was developed, which was guided by the findings from the analysis of the face to face interview, the expert panel conducted as well as literature reviewed. It is recommended that higher institution should migrate to cloud computing, Infrastructure as a Service (IaaS) should be adopted since higher institution are concerned with security and privacy issues in the cloud, Data Encryption and Tokenization should be used when storing data/information in the cloud and also comply with the ISO27002 security standard after migrating to the cloud. Hence, it is undeniable that a cloud-based ERP system provides a secure environment, reduces costs in terms of hardware, software, upgrades, upfront expenses, and promotes mobile computing, which is the ability to access resources from anyplace at any time.