FAC Explorer

Finding 368 (2023-001)

-
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2023-10-18
Audit: 781
Organization: Toccoa Falls College, Inc. (GA)
Auditor: Capincrouse LLP

AI Summary

  • Core Issue: The College is not fully compliant with the GLBA due to lack of multi-factor authentication (MFA) on systems with personally identifiable information (PII).
  • Impacted Requirements: Compliance with 16 CFR 314.4(c)(5) is not met, increasing security risks for student information.
  • Recommended Follow-Up: Implement MFA on all relevant systems immediately to enhance security and meet GLBA requirements.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Other Matter DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, and 84.033 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The College did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4(c)(5) Questioned Costs: $-0-. Context: The College has not implemented multi-factor authentication (MFA) on all systems containing personally identifiable information (PII). Cause: The College is transitioning between student information systems so had not enabled the MFA on the legacy system. Effect: The College has not adequately addressed the requirements of GLBA for the period under audit, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the College implement MFA as soon as possible on any system containing PII. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: While our current student information systems do not allow for Multi-Factor Authentication (MFA), we are in the final stages of implementation for Jenzabar One. Once this implementation is finalized, MFA will be seamlessly integrated into all essential campus systems, including but not limited to PowerCampus, PowerFAIDS, and our SonicWall VPN. This enhanced security measure will bolster the protection of sensitive data and elevate our overall cybersecurity posture. Person Responsible for Corrective Action Plan: Mark Ferron, Interim Director of Information Technology. Anticipated Date of Completion: October 19, 2023

Categories

No categories assigned yet.

Other Findings in this Audit

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $4.25M
84.063 Federal Pell Grant Program $2.09M
84.425 Covid-19 Education Stabilization Fund Heerf - Student Aid Portion $493,263
84.425 Covid-19 Education Stabilization Fund Governor’s Emergency Education Relief Fund $211,826
84.007 Federal Supplemental Educational Opportunity Grants $164,576
84.033 Federal Work-Study Program $121,245
84.425 Covid-19 Education Stabilization Fund Heerf - Strengthening Institutions $114,718