Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance
Material Weakness
DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, and 84.033 - Student Financial Assistance Cluster
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: Life Pacific University did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.3, 16 CFR 314.4
Questioned Costs: $0
Context: Life Pacific University has not completed the following components in light of the updated GLBA regulations. - designated a single individual responsible for the information security program - created a written information security program - implemented multi-factor authentication on systems containing personally identifiable information (PII) - implemented continuous monitoring, such as penetration testing and vulnerability scanning - implemented sufficient vendor management policies and reviews - implemented an incident response plan - provided a written, annual report to the board.
Cause: Life Pacific University has experienced turnover in the information technology department during the time when the updated regulations went into effect.
Effect: Life Pacific University has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable.
Recommendation: We recommend Life Pacific University allocate sufficient resources to address all requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.