Finding Text
MATERIAL WEAKNESS, Compliance with Gramm-Leach-Bliley Act, Information on the federal program: U.S. Department of Education, Assistance Listing No. 84.268; Federal Direct Student Loan Program, Criteria: Institutions that participate in Title IV educational assistance programs are subject to the Gramm-Leach-Bliley Act to protect student financial aid information. They are required to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and includes certain elements. Condition: The Seminary did not have a written program in place by June 9, 2023, the required deadline. Context: The Seminary has an outsourced IT provider which provides services under a service agreement. Questioned Costs: None, Cause: Management was not aware of the documentation requirement. Effect: While the services provided by the IT service provider as well as the Seminary's internal IT department address security concerns and needs within the Seminary, all areas of Gramm-Leach-Bliley might not be addressed. Recommendation: We recommend that management develop the written comprehensive information security program using the standards set by the Gramm-Leach-Bliley Act including designating a qualified individual responsible for overseeing, implementing, and enforcing the program. Views of responsible officials and planned corrective actions: Management acknowledges this finding and is working toward documenting Gramm-Leach-Bliley Act processes and procedures. The Seminary is working on formal process and procedure guides. The Seminary has done work in this area, but without a procedure guide we realize that the documentation is as key as the work that is being done.