Finding 529430 (2024-001)

Finding 2024-001 - Student Financial Aid Cluster, CFDA# 84.007, 84.033, 84.063, 84.268 Compliance Requirement: Gramm-Leach-Bliley Act - Student Information Security Responsible Party: Vice President for Information Technology and Analytics (Program Officer) - Jason Womick Institution's Response: The College is fully committed to the security and protection of student information in compliance with the Gramm-Leach-Bliley Act (GLBA). We recognize the importance of safeguarding sensitive data and have long maintained comprehensive security measures aligned with GLBA requirements. Historically, the College has operated under a GLBA memo that outlined our security practices; however, this document did not explicitly enumerate all seven elements specified in 16 CFR 314.4(b). While our practices have always been aligned with the intent of GLBA, we acknowledge the need for a formalized written security program explicitly addressing each element. Corrective Action Plan: 1. Formal Documentation Update: The College has reviewed and updated its existing GLBA security memo to explicitly incorporate all seven required elements as outlined in 16 CFR 314.4(b). This document now formally details the steps, policies, and controls in place to ensure compliance. 2. Approval and Implementation: The updated security program document has been reviewed and approved by the Program Officer and is now in effect. It will be disseminated to relevant personnel responsible for maintaining information security compliance. 3. Ongoing Training and Awareness: To reinforce compliance, we will conduct training sessions for staff handling student financial aid information to ensure they are familiar with the updated security program and its requirements. 4. Annual Review and Enhancement: The College will establish a formal review process to assess and update the written security program annually, ensuring continued compliance with regulatory changes and best practices. 5. Monitoring and Oversight: The College's Information Technology Office, in coordination with the Financial Aid and Business Office, will oversee the implementation of these measures, conduct periodic audits, and address any emerging risks related to student information security. Conclusion: The College has taken proactive steps to address this finding by formalizing existing security measures into a written security program that explicitly aligns with GLBA requirements. With these actions, we are confident that we meet all compliance expectations and will continue to prioritize the security of student information.