Gramm-Leach-Bliley Act
Award Period: July 1, 2022 to June 30, 2023
Type of Finding: Significant Deficiency in Internal Control over Compliance; Other Matters
Recommendation: We recommend the College review their documentation and ensure that the written information security program includes the required elements. We also recommend reviewing the changes in the Gramm-Leach-Bliley Act regulations that were required to be implemented as of June 9, 2023.
Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Tabor College appointed an Information Technology Point of Contact in 2023. Tabor College contracted with Tenfold Security to assist with the requirements of the Gramm-Leach-Bliley Act (GLBA). A Risk Assessment was performed in April 2023 and the final report issued in May 2023. Penetration testing has been completed on a regular basis beginning March 27, 2023. Multi-factor Authentication (MFA) implementation began in June with full implementation with the return of students in August 2024. MFA has been fully implemented for all employees, students, and Board members. The significant undertaking of establishing required Policies and Procedures began in June 2023. A GLBA Committee has been recently been formed to help ensure compliance with all of the established policies and procedures. Tabor continues to work with Tenfold to ensure compliance with the GLBA requirements as of June 9, 2023.
Name(s) of the contact person(s) responsible for corrective action: Cathy Castle, Vice President for Business and Finance
Planned completion date for corrective action plan: 2024 and ongoing. If the Department of Education has questions regarding this plan, please call Cathy Castle at 620-947-3121 x 1056.