Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency
DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The University did not sufficiently comply with all the requirements of GLBA.
Criteria: 16 CFR 314.3, 16 CFR 314.4
Questioned Costs: $0
Context: The University has not sufficiently updated its documentation of its information security program, its security risk assessment and safeguards, implemented adequate process for continuous monitoring, implemented sufficient vendor management policies and reviews, updated its incident response plan to cover all components of the revised regulations, nor updated its written annual report to the board to fully align with the regulations.
Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA.
Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable
Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.