Finding Text
Federal Program Information: Student Financial Assistance Cluster (Various ALN’s)
Criteria or Specific Requirement: N. Special Test and Provisions - Gramm-Leach-Bliley Act: In order to develop, implement, and maintain its information security program, the institution shall identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks. At a minimum, such risk assessment should include consideration of risks in each relevant area of the institution’s operations, including: (1) employee training and management; (2) information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) detecting, preventing and responding to attacks, intrusions, or other systems failures (16 CFR § 314.4).
Condition: The College was unable to provide documentation supporting the completion of an appropriate risk assessment as required by the Gramm-Leach-Bliley Act.
Cause: Administrative oversight and insufficient internal controls.
Effect or Potential Effect: The College is not in compliance with required federal guidelines.
Questioned Costs: None.
Context: The College was unable to provide documentation supporting the completion of an appropriate risk assessment as required by the Gramm-Leach-Bliley Act.
Identification as a Repeat Finding: There was no similar finding identified during the prior year.
Recommendation: We recommend that the College enhance its procedures and internal controls surrounding the completion of a risk assessment to ensure compliance with the Gramm-Leach Bliley Act.
Views of Responsible Officials: The College will perform a risk assessment and document safeguards for identified risks.