Finding Text
Finding 2023-003: Student Financial Assistance Cluster Gramm-Leach-Bliley Act – Student Information Security
Federal Agency: U.S. Department of Education
Program: Student Financial Assistance Cluster (84.007, 84.033, 84.063, 84.268)
Criteria: In accordance 16 CFR Part 314, institutions receiving Student Financial Assistance Cluster funding were required to be in compliance with the revised requirements of the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards by June 9, 2023. Included in these standards is the institution’s requirement to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and includes the required elements included in 16 CFR 314.4.
Condition: The internal control system to ensure that the program’s compliance with the requirements of the GLBA was not operating effectively. The College did not designate a Qualified Individual responsible for a written information security program, nor did it create such a program that addresses the six required minimum elements prior to June 9, 2023.
Cause: Procedures were not in place to ensure the College was in compliance with the requirements of the GLBA.
Effect: The College was not in compliance with the GLBA requirements for Student Financial Aid funds.
Repeat Finding: This is not a repeat finding.
Questioned costs: Unknown
Recommendation: We recommend that the College designate a Qualified Individual responsible for implementing and monitoring all GLBA requirements, and ensure that the written information security program addressing all required minimum elements is created and implemented.
View of Responsible Officials and Planned Corrective Action:
Management agrees, see separate Corrective Action Plan.