FAC Explorer

Finding 391243 (2023-002)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-04-01
Audit: 301872
Organization: Saint Elizabeth University (NJ)
Auditor: 363990892

AI Summary

  • Core Issue: The University is not fully compliant with the Gramm-Leach-Bliley Act (GLBA), risking student information security.
  • Impacted Requirements: Key areas lacking include information security documentation, risk assessments, vendor management, and incident response plans.
  • Recommended Follow-Up: Allocate sufficient resources to ensure compliance with GLBA requirements and address identified deficiencies.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038-Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The University did not sufficiently comply with all the requirements of GLBA. Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $0 Context: The University has not sufficiently updated its documentation of its information security program, its security risk assessment and safeguards, implemented adequate process for continuous monitoring, implemented sufficient vendor management policies and reviews, updated its incident response plan to cover all components of the revised regulations, nor updated its written annual report to the board to fully align with the regulations. Cause: The University has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The University has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable Recommendation: We recommend the University allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Corrective Action Plan

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: The University’s IT Department will work to update procedures and controls to ensure any federal regulations of the FTC Safeguards Rule (16 CFR § 314.4(b)(1) - 16 CFR § 314.4(i)) that were found to be in partial compliance are remediated and brought into compliance. Some of these have already been remediated. We will work with other departments who administer third party vendor accounts to enforce MFA where there are gaps. A penetration test and the standing up of a tool to continuously monitor our network internally and those of third party vendors are already in startup phases Our information security program and risk assessment will be updated to reflect any recommendations offered by our auditors to fill any existing gaps in the 2023 audit. Person Responsible for Corrective Action Plan: Ron Loneker, Jr., Director, IT Special Projects Anticipated Date of Completion: May 31, 2024

Categories

Subrecipient Monitoring Significant Deficiency

Other Findings in this Audit

  • 391244 2023-002
    Significant Deficiency
  • 391245 2023-002
    Significant Deficiency
  • 391246 2023-002
    Significant Deficiency
  • 391247 2023-002
    Significant Deficiency
  • 391248 2023-003
    Significant Deficiency
  • 391249 2023-003
    Significant Deficiency
  • 391250 2023-004
    Significant Deficiency
  • 391251 2023-004
    Significant Deficiency
  • 391252 2023-004
    Significant Deficiency
  • 391253 2023-005
    - Repeat
  • 391254 2023-006
    -
  • 391255 2023-007
    -
  • 967685 2023-002
    Significant Deficiency
  • 967686 2023-002
    Significant Deficiency
  • 967687 2023-002
    Significant Deficiency
  • 967688 2023-002
    Significant Deficiency
  • 967689 2023-002
    Significant Deficiency
  • 967690 2023-003
    Significant Deficiency
  • 967691 2023-003
    Significant Deficiency
  • 967692 2023-004
    Significant Deficiency
  • 967693 2023-004
    Significant Deficiency
  • 967694 2023-004
    Significant Deficiency
  • 967695 2023-005
    - Repeat
  • 967696 2023-006
    -
  • 967697 2023-007
    -

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $12.14M
84.063 Federal Pell Grant Program $2.28M
84.031 Higher Education_institutional Aid $803,292
84.038 Federal Perkins Loan Program $608,633
84.425 Covid-19 Governors Emergency Education Relief Fund $380,055
84.425 Covid-19 Education Stabilization Fund Heerf - Minority Serving Institutions $131,646
84.007 Federal Supplemental Educational Opportunity Grants $100,000
84.033 Federal Work-Study Program $100,000
47.076 Stem Education $73,515