Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance Material Weakness
DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, and 84.033, Student Financial Assistance Cluster
Federal Award Identification #: 2023-2024 Award Year
Condition: Life Pacific University did not sufficiently comply with all the updated requirements of GLBA.
Criteria: 16 CFR 314.3, 16 CFR 314.4
Questioned Costs: $0
Context: Life Pacific University has not documented its written information security program, sufficiently documented its security risk assessment and safeguards for all systems, or confirmed and/or implemented multi-factor authentication on all systems containing personally identifiable information (PII). Additionally, Life Pacific University has not implemented a data deletion policy, sufficient vendor management policies and reviews, or implemented an incident response plan.
Cause: Life Pacific University has experienced turnover within the last year and focused on improving the written risk assessment, continuous monitoring capabilities, and the annual report to the board. We commend Life Pacific University for these pieces with significant improvement.
Effect: Life Pacific University has not adequately addressed all the remaining updated requirements of GLBA, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: 2023-002
Recommendation: We recommend Life Pacific University allocate sufficient resources to address all requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.