Gramm-Leach-Bliley Act (GLBA) Compliance
Planned Corrective Action: We are working towards MFA with SIS (Anthology), as SIS does not currently
have MFA in the built-in security. We are exploring a scope of work to move to MS SSO with Anthology
Support. Our hope is to finish this by the 2nd Quarter 2024, or sooner. We are also evaluating other SIS
systems and are evaluating whether those systems have SSO and MFA capabilities.
Furthermore, we will review vendor contracts to include the required GLBA language and fully complete the
Annual Vendor Review Checklist as specified in our Information Security Program and Incident Response Plan.
We will provide an annual report to the Board of Trustees to include addressing service provider arrangements
and any events or violations and management’s response to each one. We have had no breaches during the 2022-2023 and continue to monitor existing Microsoft platforms, AD
Security groups, policies including MS 365 integrations, and Identity (formerly Azure) SSO integration with
continual testing and reviews against potential threats. Future projects include potentially adding a Cyber
security MDR on the endpoints of all DCC workstations and servers to close any gaps or potential areas of
weakness, including Dark Web scans.
Person Responsible for Corrective Action Plan: Stephen Cobb, Director of Technology and Christopher
Winslow, VP of Finance and Operations
Anticipated Date of Completion: June 2024