Finding 384283 (2023-001)

Significant Deficiency

Requirement

Questioned Costs

Year

2023

Accepted

2024-03-25

Audit: 297426

Organization: Trinity Bible College and Graduate School (ND)

Auditor: Capincrouse LLP

AI Summary

Core Issue: The College is not fully compliant with the updated requirements of the Gramm-Leach-Bliley Act (GLBA), particularly in documenting security assessments and implementing necessary safeguards.
Impacted Requirements: Key areas of concern include lack of multi-factor authentication, insufficient vendor management, and absence of an incident response plan, which could expose student information to security risks.
Recommended Follow-Up: Allocate more resources to meet GLBA requirements and enhance compliance efforts, as management agrees with the findings and has a corrective action plan in place.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, 84.038, 84.379 Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The College did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $0 Context: The College has not sufficiently documented its security risk assessment and safeguards, including general threats or implemented multi-factor authentication on all systems containing personally identifiable information (PII). Additionally, the College has not sufficiently implemented continuous monitoring, such as penetration testing and vulnerability scanning, implemented sufficient vendor management policies and reviews, implemented an incident response plan, or provided a written, annual report to the board that covers all areas required by GLBA. Cause: The College has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The College has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable Recommendation: We commend the College for all work completed on GLBA. We recommend the College allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: Trinity Bible College and Graduate School has implemented policies and procedures to address GLBA compliance and is taking steps to address all exceptions noted. Person Responsible for Corrective Action Plan: Executive Vice President Vaughn Jordan and Director of IT Matthew Johnson Anticipated Date of Completion: End of fiscal year 2024.

Other Findings in this Audit

384284 2023-001

Significant Deficiency
384285 2023-001

Significant Deficiency
384286 2023-001

Significant Deficiency
384287 2023-001

Significant Deficiency
384288 2023-001

Significant Deficiency
384289 2023-002

-
960725 2023-001

Significant Deficiency
960726 2023-001

Significant Deficiency
960727 2023-001

Significant Deficiency
960728 2023-001

Significant Deficiency
960729 2023-001

Significant Deficiency
960730 2023-001

Significant Deficiency
960731 2023-002

-

Programs in Audit

ALN	Program Name	Expenditures
84.268	Federal Direct Student Loans	$808,701
84.063	Federal Pell Grant Program	$373,013
84.038	Federal Perkins Loan Program	$161,569
84.033	Federal Work-Study Program	$100,559
84.007	Federal Supplemental Educational Opportunity Grants	$58,968
84.379	Teacher Education Assistance for College and Higher Education Grants (teach Grants)	$20,746