Finding Text
2024-001 - Student Financial Aid Cluster - Federal Direct Student Loans and Federal Pell Grant Program - Assistance Listing No. 84.286 and 84.063; Grant Period - For the year ended June 30, 2024
Condition: The School does not have a written information security program containing the required minimum elements including the designation of a qualified individual who is responsible for implementing and monitoring the School’s program.
Criteria: The School is required to have a written information security program that includes the required minimum elements including designating a qualified individual who is responsible for implementing and monitoring the School’s program.
Cause: The School did not have a written information security program containing the required elements.
Effect of Condition: The School was not in compliance with the requirement to have a written information security program that includes the required minimum elements including designating a qualified individual who is responsible for implementing and monitoring the School's program
Questioned Costs: None.
Recommendation: The School should designate a qualified individual responsible for implementing an monitoring the School's information security program. This individual should put procedures in place to create a written information security program that addresses the required minimum elements required by the Student Financial Aid cluster included in the Gramm-Leach-Bliley Act - Student Information Security.
Views of Responsible Officials and Planned Corrective Actions: NTCC is in the process of a First Reading Policy on or before February 20, 2025, and a Second Reading Policy for full approval on or before March 20, 2025. This policy will name the Practical Nursing Coordinator, as the individual responsible for implementing and monitoring the School’s security program. The seven required minimum elements for a financial institution of fewer than 5,000 customers will be in place with this policy.