Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314).
Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement.
Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment.
Effect – The College was not in compliance with the Department of Education’s requirements for GLBA.
Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
View of Responsible Officials – The Vice President of Information Technology will designate a manager responsible for overseeing, implementing, and maintaining the College’s information security program and enforcing the information security program.
Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314).
Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement.
Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment.
Effect – The College was not in compliance with the Department of Education’s requirements for GLBA.
Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
View of Responsible Officials – The Vice President of Information Technology will designate a manager responsible for overseeing, implementing, and maintaining the College’s information security program and enforcing the information security program.
Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314).
Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement.
Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment.
Effect – The College was not in compliance with the Department of Education’s requirements for GLBA.
Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
View of Responsible Officials – The Vice President of Information Technology will designate a manager responsible for overseeing, implementing, and maintaining the College’s information security program and enforcing the information security program.
Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314).
Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement.
Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment.
Effect – The College was not in compliance with the Department of Education’s requirements for GLBA.
Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
View of Responsible Officials – The Vice President of Information Technology will designate a manager responsible for overseeing, implementing, and maintaining the College’s information security program and enforcing the information security program.
Criteria – A requirement of accepting the Higher Education Emergency Relief Fund (HEERF) award is compliance with reporting requirements which state that the College must submit an Annual Performance Report Form in March 2023 covering calendar year 2022 expenditures.
Condition – Per inquiry with College management, it was noted that the Annual Performance Report Form was not submitted to the Department of Education.
Cause – The College has experienced significant turnover in its Budget and Finance department in 2023 resulting in loss of institutional knowledge regarding requirements to file reports with regulatory bodies.
Effect – The College was not in compliance with the Department of Education’s requirements for reporting.
Recommendation – The College needs to establish and maintain a schedule for required reporting to ensure that all compliance requirements are able to be met regardless if turnover occurs. The College also needs to assign responsibility for required reporting to designated employees and ensure there is a process for transferring that responsibility upon turnover.
View of Responsible Officials – The Vice President of Finance and Administration will maintain a Schedule of Financial Reporting for the College. New engagements that require reporting will be added to this schedule detailing the type of report and the relevant deadlines. The Comptroller or other designated employee will be assigned with the responsibility to maintain new engagement records and satisfy all of the reporting requirements. The Comptroller or other designated employee will report the completion of each requirement to the Vice President of Finance and Administration to update this schedule. This schedule will be shared with auditors to verify compliance.
Criteria – A requirement of accepting the Higher Education Emergency Relief Fund (HEERF) award is compliance with reporting requirements which state that the College must submit an Annual Performance Report Form in March 2023 covering calendar year 2022 expenditures.
Condition – Per inquiry with College management, it was noted that the Annual Performance Report Form was not submitted to the Department of Education.
Cause – The College has experienced significant turnover in its Budget and Finance department in 2023 resulting in loss of institutional knowledge regarding requirements to file reports with regulatory bodies.
Effect – The College was not in compliance with the Department of Education’s requirements for reporting.
Recommendation – The College needs to establish and maintain a schedule for required reporting to ensure that all compliance requirements are able to be met regardless if turnover occurs. The College also needs to assign responsibility for required reporting to designated employees and ensure there is a process for transferring that responsibility upon turnover.
View of Responsible Officials – The Vice President of Finance and Administration will maintain a Schedule of Financial Reporting for the College. New engagements that require reporting will be added to this schedule detailing the type of report and the relevant deadlines. The Comptroller or other designated employee will be assigned with the responsibility to maintain new engagement records and satisfy all of the reporting requirements. The Comptroller or other designated employee will report the completion of each requirement to the Vice President of Finance and Administration to update this schedule. This schedule will be shared with auditors to verify compliance.
Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314).
Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement.
Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment.
Effect – The College was not in compliance with the Department of Education’s requirements for GLBA.
Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
View of Responsible Officials – The Vice President of Information Technology will designate a manager responsible for overseeing, implementing, and maintaining the College’s information security program and enforcing the information security program.
Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314).
Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement.
Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment.
Effect – The College was not in compliance with the Department of Education’s requirements for GLBA.
Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
View of Responsible Officials – The Vice President of Information Technology will designate a manager responsible for overseeing, implementing, and maintaining the College’s information security program and enforcing the information security program.
Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314).
Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement.
Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment.
Effect – The College was not in compliance with the Department of Education’s requirements for GLBA.
Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
View of Responsible Officials – The Vice President of Information Technology will designate a manager responsible for overseeing, implementing, and maintaining the College’s information security program and enforcing the information security program.
Criteria – Institutions participating in Title IV programs are required to comply with various laws and regulations as part of their signed Program Participation Agreement (PPA), including but not limited to, the Federal Trade Commission’s Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (Title 16, Chapter I, Subchapter C, Part 314).
Condition – The College has not performed a formal risk assessment of their technology environment since 2018. In addition, the College’s written information security program (WISP) has not been updated and does not address the seven required minimum elements per the 2023 Compliance Supplement.
Cause – The College had not performed any additional review or updates since 2018 to its WISP and/or risk assessment to include the required elements or document any updates to the College’s Information Technology (IT) environment.
Effect – The College was not in compliance with the Department of Education’s requirements for GLBA.
Recommendation – The College needs to conduct a formal risk assessment and update its WISP to ensure the seven required elements are addressed. As part of this process, IT policies should be updated to align with the College’s current IT environment and be formally approved and implemented throughout the College.
View of Responsible Officials – The Vice President of Information Technology will designate a manager responsible for overseeing, implementing, and maintaining the College’s information security program and enforcing the information security program.
Criteria – A requirement of accepting the Higher Education Emergency Relief Fund (HEERF) award is compliance with reporting requirements which state that the College must submit an Annual Performance Report Form in March 2023 covering calendar year 2022 expenditures.
Condition – Per inquiry with College management, it was noted that the Annual Performance Report Form was not submitted to the Department of Education.
Cause – The College has experienced significant turnover in its Budget and Finance department in 2023 resulting in loss of institutional knowledge regarding requirements to file reports with regulatory bodies.
Effect – The College was not in compliance with the Department of Education’s requirements for reporting.
Recommendation – The College needs to establish and maintain a schedule for required reporting to ensure that all compliance requirements are able to be met regardless if turnover occurs. The College also needs to assign responsibility for required reporting to designated employees and ensure there is a process for transferring that responsibility upon turnover.
View of Responsible Officials – The Vice President of Finance and Administration will maintain a Schedule of Financial Reporting for the College. New engagements that require reporting will be added to this schedule detailing the type of report and the relevant deadlines. The Comptroller or other designated employee will be assigned with the responsibility to maintain new engagement records and satisfy all of the reporting requirements. The Comptroller or other designated employee will report the completion of each requirement to the Vice President of Finance and Administration to update this schedule. This schedule will be shared with auditors to verify compliance.
Criteria – A requirement of accepting the Higher Education Emergency Relief Fund (HEERF) award is compliance with reporting requirements which state that the College must submit an Annual Performance Report Form in March 2023 covering calendar year 2022 expenditures.
Condition – Per inquiry with College management, it was noted that the Annual Performance Report Form was not submitted to the Department of Education.
Cause – The College has experienced significant turnover in its Budget and Finance department in 2023 resulting in loss of institutional knowledge regarding requirements to file reports with regulatory bodies.
Effect – The College was not in compliance with the Department of Education’s requirements for reporting.
Recommendation – The College needs to establish and maintain a schedule for required reporting to ensure that all compliance requirements are able to be met regardless if turnover occurs. The College also needs to assign responsibility for required reporting to designated employees and ensure there is a process for transferring that responsibility upon turnover.
View of Responsible Officials – The Vice President of Finance and Administration will maintain a Schedule of Financial Reporting for the College. New engagements that require reporting will be added to this schedule detailing the type of report and the relevant deadlines. The Comptroller or other designated employee will be assigned with the responsibility to maintain new engagement records and satisfy all of the reporting requirements. The Comptroller or other designated employee will report the completion of each requirement to the Vice President of Finance and Administration to update this schedule. This schedule will be shared with auditors to verify compliance.