Finding Text
Finding 2023-005: Student Financial Assistance Cluster Gramm-Leach-Bliley Act – Student Information Security
Federal Agency: Department of Education
Program: Student Financial Assistance Cluster
Criteria: In accordance 16 CFR Part 314, institutions receiving Student Financial Assistance Cluster funding were required to be in compliance with the revised requirements of the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards by June 9, 2023. Included in these standards is the institution’s requirement to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and includes the required elements included in 16 CFR 314.4.
Condition: The internal control system to ensure that that the program’s compliance with the requirements of the GLBA was not operating effectively. WCCC is in the process of creating a written information security program that addresses the required minimum elements; however, that written program was not in place prior to June 9, 2023.
Cause: Procedures in place to ensure WCCC was in compliance with the requirements of the GLBA were not adequate.
Effect: WCCC was not in compliance with the GLBA requirements for Student Financial Aid funds.
Repeat Finding: This is not a repeat finding.
Questioned costs: Unknown
Recommendation: We recommend that WCCC implement a procedure to ensure that all required GLBA requirements are reviewed, and those requirements are included in the written information security program once it is completed.
View of Responsible Officials and Planned Corrective Action: WCCC created a written information security program that addresses the required minimum elements. The condition was corrected by implementing the security plan and following the guidelines of the GLBA. The plan was implemented as of 12/1/23. Moving forward we will continue to monitor the requirements of GLBA.