Finding Text
Information on the federal program: Student Financial Assistance Cluster; United States Department of Education; Award Year 2022-23: Compliance Requirement – Special Tests and Provisions; Type of Finding: Material Noncompliance.
Criteria: 16 CFR 314 requires that higher education institutions develop, implement, and maintain a comprehensive written information security program (WISP) in compliance with the Gramm-Leach-Bliley Act (GLBA).
Condition: The University has not established a WISP.
Cause: The University’s IT personnel were not made aware of this compliance requirement.
Effect: Confidential student financial and other information could be exposed to the risk of outside parties gaining access.
Questioned Costs: n/a for this finding.
Context: All confidential student financial and other information could be affected if the information security procedures are not adequate.
Recommendations: Formulate a WISP and follow its procedures as soon as possible.
Responsible Official’s Response and Corrective Action Planned: see corrective action plan.