Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance
Material Weakness
DEPARTMENT OF EDUCATION ALN #: 84.268 Federal Direct Loans, 84.063 Federal Pell Grants, 84.007 Federal Supplemental Education Opportunity Grant, 84.033 Federal Work Study, and 84.379 TEACH grants
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The College did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.4
Questioned Costs: $0
Context: The College has not sufficiently documented its security risk assessment and safeguards, implemented multi-factor authentication on systems containing personally identifiable information (PII), or implemented continuous monitoring, such as penetration testing and vulnerability scanning. Additionally, the College has not implemented sufficient vendor management policies and reviews, implemented an incident response plan, or provided a written, annual report to the board
Cause: The College has limited resources and has allocated certain staff time and dollars as available to address and document compliance with the requirements of GLBA.
Effect: The College has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable.
Recommendation: We commend the College for the work completed on GLBA. We recommend the College allocate sufficient resources to address the remaining requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.