Finding Text
2023-005: Gramm-Leach-Bliley Act Compliance
Federal Agency: Department of Education
Federal Program Name: Student Financial Assistance Cluster
Assistance Listing Number: Various
Federal Award Identification Number and Year: Various
Award Period: July 1, 2022 through June 30, 2023
Type of Finding: Material Weakness in Internal Control over Compliance and Other Matters
Criteria: In accordance with 16 CFR 314.3(a) and 2 CFR 200.303, Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The regulations require the written information security program to include seven elements for institutions with fewer than 5,000 customers.
Condition: During our testing, we noted the District's information security policy is in draft form and does not include all of the required seven elements.
Questioned Costs: None.
Context: The District's information security policy does not contain all seven elements required by the Gramm-Leach-Bliley Act.
Cause: The District's information security policy is still in draft form.
Effect: The District's information security policy is not in compliance with the Gramm-Leach- Bliley Act.
Repeat Finding: This was not a finding in the prior year.
Recommendation: We recommend the District review and finalize its information security policy and ensure it contains all seven elements required for compliance with Gramm-Leach-Bliley.
Views of responsible officials: Management concurs with the finding and plans to correct the finding.