Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, and 84.033 Student Financial Assistance Cluster
Federal Award Identification #: 2023-2024 Award Year
Condition: The University did not sufficiently comply with all the requirements of GLBA.
Criteria: 16 CFR 314.4
Questioned Costs: $0
Context: The University has made progress from the prior year on GLBA compliance. The University has one remaining area left to implement relating to sufficient vendor management policies and reviews.
Cause: The University has prioritized resources to address and document compliance with multi-factor authentication and risk assessment evaluation before implementing the vendor management requirements of GLBA.
Effect: The University has not adequately addressed all the requirements of GLBA, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Yes, 2023-003
Recommendation: We recommend the University allocate sufficient resources to address all remaining requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.