Finding Text
FINDING 2023-002: FAILURE TO MEET THE STANDARDS FOR SAFEGUARDING CONSUMER
INFORMATION FEDERAL AGENCY: U.S. DEPARTMENT OF EDUCATION
PROGRAM NAME: FEDERAL SUPPLEMENTAL EDUCATIONAL OPPORTUNITY GRANT PROGRAM, FEDERAL PELL GRANT PROGRAM , FEDERAL DIRECT LOAN PROGRAM ALN: 84.007, 84.063, 84,268 FEDERAL AWARD YEAR: 2021-2022, 2022-2023, 2023-2024 Compliance Requirement: Eligibility (E.) Criteria: Institutions shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical
safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the
sensitivity of any customer information at issue. The information security program shall include the elements
set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in the objectives of section 501(b) of the Act (16 CFR 314.3(a)). Condition: The Institution failed to implement the new Gramm-Leach-Bliley Act's (GLBA) standards for safeguarding customer information to their student information security policy. We consider this finding to be a significant deficiency. Cause: The condition was caused by the Institution's security officer's being unaware of the new GLBA requirements. Effect: The result is the Institution did not meet the requirements for protecting and securing data obtained from the Department of Education's systems for the purposes of administering the Title IV programs. Question Costs: $0 Statistical sampling was not used when making sample selections. Recommendation: We recommend the Institution update their student information security program to adhere to the regulations and await guidance from the Department of Education. Views of Responsible Officials: The Institution agrees with the Single Audit Finding and a response is
included in the Corrective Action Plan.