Point of Contact
In an email to President’s Cabinet on July 10th, 2023, Dr. Kim Kuster Dale designated Derek Robinson, Chief Information Officer for Western Wyoming Community College as the responsible party for GLBA, replacing the previous owner and coordinator: Financial Aid Director. Contact information:
Derek Robinson
Chief Information Officer
Western Wyoming Community College
cio@westernwyoming.edu
307-382-1896
Resource Requirements
Correcting the audit findings identified in the 2022-2023 fiscal year audit requires participation from the Chief Information Officer, Vice President for Student Services, Associate Vice President of Finance, Dean of Students, Financial Aid Director, Associate Vice President of Human Resources, and Chief Academic Officer. The budget for any corrective actions and findings is yet unknown. The technical system requirements identified in the GLBA on June 9, 2023 (GENERAL-23-09), were underway and largely completed before the audit including the incorporation of the NIST 800-171 security standards. A draft of the Information Security Program also existed prior to June 30th, 2023. However, the College did not publish or complete the Information Security Program due to staff turnover.
Planned Milestones
The important milestones for this corrective action plan are aligned with the Information Security Program scope. Successful implementation of these categories and acceptance by the Program Coordinators indicates completion of the milestone. More detailed information about the goals and outcomes for each category can be found in the attached document.
1.Risk identification and assessment and current safeguards.
2.Risk assessment.
3.Information security controls.
4.Security awareness and training.
5.Incident response and data breach notification.
6.Vendor management.
7.Monitoring and auditing.
8.Program evaluation and improvement.
9.Sign the attestation form on the SAIG portal indicating that the College is now fully GLBA compliant.
Scheduled Completion Date
The Information Security Program will be developed and accepted by the end of December 2023, to be compliant with the requirements of the signature of attestation for the SAIG-FTI enrollment statement, and to be eligible to enroll in the data exchange for the processing systems for ISIR files. The ISIR files need to be processed in January, which require access to the SAIG portal, which requires signing a confirmation that the college meets all GLBA requirements.
Status
The following tasks and updates have been completed since the President designated the CIO as the responsible party:
1.July 2023 – Information Security Program draft created (attached to this email).
2.August 2023 – Reviewed the policy-defined membership list indicates many people that should not be on this team, and many people that should be on the team and are not included. Proposing new membership to members, then presenting to P&P committee for changes.
3.September 2023 – Goals for Information Security Program drafted. New GLBA requirements reviewed and included in draft Information Security Program.
4.October 2023 – CIO and Information Security Analyst identified and written several protocols to address some initial findings, including account termination procedures, use of AI and related technologies on campus, and authentication mechanisms.
5.November 2023 – Corrective Action Plan identified for previous year’s audit findings. Meeting dates set to finish the Information Security Program.
Anticipated Completion Date: December 31, 2023
Contact Person: Derek Robinson, Chief Information Officer