Audit 401665

Condition: It was noted that the College has not designated an individual for implementing and monitoring of the College’s information security program and no written information security program is available. Criteria: The GLBA requires the College to explain its information sharing practices to its customers and to safeguard sensitive information. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 CFR Part 314 to implement the GLBA information safeguarding standards that institutions must implement. Institutions are required to be in compliance with the revised or final requirements no later than June 9, 2023. Cause: Unknown Effect or Potential Effect: Currently, the College is not in compliance with the GLBA, a required Program Eligibility compliance for the Student Financial Assistance program. Known Questioned Costs: None noted Context: Adherence to the GLBA is part of program eligibility requirements for the Student Financial Assistance Program. Repeat Finding: No Recommendation: We recommend that the College designate an individual that would take responsibility for implementing and monitoring of the College’s information security program including drafting the Information Security Program for approval by the Board of Trustees.