Finding Text
Assistance Listing, Federal Agency, and Program Name - Student Financial Assistance Cluster - Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007.
Federal Award Identification Number and Year - Various
Pass through Entity - N/A
Finding Type - Significant deficiency
Repeat Finding - Yes
2023-003
Criteria - Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8).
Condition - The University does not have all of the minimum safeguards written down within its information security program.
Questioned Costs - None
Identification of How Questioned Costs Were Computed - N/A
Context - Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program.
Cause and Effect - The University does not have adequate controls or processes in place to ensure safeguard policies are documented.
Recommendation - The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies.
Views of Responsible Officials and Corrective Action Plan - This finding has already been addressed. During the current year testing, we updated our “GLBA Information Security Program”. While it does contain all elements required, technically the policy was not updated until 7/25/2024.
LTU followed up with the FSA Cyber Compliance Team regarding this finding from last year. We received the following response on August 15th, 2024:
Thank you for providing evidence artifacts to the Federal Student Aid (FSA) Cybersecurity Compliance Team indicating that you have satisfied the minimum information security requirements of Gramm-Leach-Bliley Act (GLBA) at Lawrence Technological University for the audit year of 2023. As a courtesy, we remind you that all the GLBA Cybersecurity requirements are to be satisfied each audit year. Protecting student data is an utmost priority for FSA and we are committed to ensuring the safety and security of student information.
We have reviewed the information you provided and determined it sufficient to close the case.