Finding 563928 — 2023-012

AI Summary

Core Issue: The College is not fully compliant with the updated requirements of the Gramm-Leach-Bliley Act (GLBA), risking student information security.
Impacted Requirements: Key areas lacking include security risk assessments, multi-factor authentication for PII, vendor management policies, and incident response plans.
Recommended Follow-Up: Allocate necessary resources to meet GLBA requirements and implement a corrective action plan.

Finding Text

Gramm-Leach-Bliley Act (GLBA) Compliance Material Weakness DEPARTMENT OF EDUCATION ALN #: 84.268, 84.063, 84.007, 84.033, and 84.379 Federal Award Identification #: 2022-2023 Financial Aid Year Condition: The College did not sufficiently comply with the updated requirements of GLBA. Criteria: 16 CFR 314.4 Questioned Costs: $0 Context: The College has not sufficiently documented its security risk assessment and safeguards, including general threats, multi-factor authentication on systems containing personally identifiable information (PII), or continuous monitoring, such as penetration testing and vulnerability scanning. Additionally, the College has not fully implemented sufficient vendor management policies and reviews, implemented an incident response plan, or provided a written, annual report to the board. Cause: The College has not allocated sufficient resources to address and document compliance with the requirements of GLBA. Effect: The College has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks. Identification as repeat finding, if applicable: Not applicable. Recommendation: We recommend the College allocate sufficient resources to address all requirements of GLBA. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.

Other Findings in this Audit

563901 2023-004

Material Weakness

563902 2023-004

Material Weakness

563903 2023-004

Material Weakness

563904 2023-004

Material Weakness

563905 2023-004

Material Weakness

563906 2023-005

Material Weakness

563907 2023-005

Material Weakness

563908 2023-005

Material Weakness

563909 2023-005

Material Weakness

563910 2023-005

Material Weakness

563911 2023-006

Material Weakness

563912 2023-006

Material Weakness

563913 2023-006

Material Weakness

563914 2023-006

Material Weakness

563915 2023-006

Material Weakness

563916 2023-007

Material Weakness

563917 2023-007

Material Weakness

563918 2023-008

Material Weakness Repeat

563919 2023-009

Material Weakness Repeat

563920 2023-010

Material Weakness Repeat

563921 2023-010

Material Weakness Repeat

563922 2023-011

Material Weakness

563923 2023-011

Material Weakness

563924 2023-011

Material Weakness

563925 2023-011

Material Weakness

563926 2023-012

Material Weakness

563927 2023-012

Material Weakness

563929 2023-012

Material Weakness

563930 2023-012

Material Weakness

563931 2023-013

Significant Deficiency Repeat

563932 2023-013

Significant Deficiency Repeat

563933 2023-013

Significant Deficiency Repeat

1140343 2023-004

Material Weakness

1140344 2023-004

Material Weakness

1140345 2023-004

Material Weakness

1140346 2023-004

Material Weakness

1140347 2023-004

Material Weakness

1140348 2023-005

Material Weakness

1140349 2023-005

Material Weakness

1140350 2023-005

Material Weakness

1140351 2023-005

Material Weakness

1140352 2023-005

Material Weakness

1140353 2023-006

Material Weakness

1140354 2023-006

Material Weakness

1140355 2023-006

Material Weakness

1140356 2023-006

Material Weakness

1140357 2023-006

Material Weakness

1140358 2023-007

Material Weakness

1140359 2023-007

Material Weakness

1140360 2023-008

Material Weakness Repeat

1140361 2023-009

Material Weakness Repeat

1140362 2023-010

Material Weakness Repeat

1140363 2023-010

Material Weakness Repeat

1140364 2023-011

Material Weakness

1140365 2023-011

Material Weakness

1140366 2023-011

Material Weakness

1140367 2023-011

Material Weakness

1140368 2023-012

Material Weakness

1140369 2023-012

Material Weakness

1140370 2023-012

Material Weakness

1140371 2023-012

Material Weakness

1140372 2023-012

Material Weakness

1140373 2023-013

Significant Deficiency Repeat

1140374 2023-013

Significant Deficiency Repeat

1140375 2023-013

Significant Deficiency Repeat

Programs in Audit

ALN	Program Name	Expenditures
84.268	Federal Direct Student Loans	$710,658
84.063	Federal Pell Grant Program	$469,280
84.033	Federal Work-Study Program	$40,692
84.425	Covid-19 Education Stabilization Fund Heerf - Institutional Portion	$40,326
84.007	Federal Supplemental Educational Opportunity Grants	$13,134
84.379	Teacher Education Assistance for College and Higher Education Grants (teach Grants)	$11,316

Finding 563928 (2023-012)

AI Summary

Finding Text

Categories

Other Findings in this Audit

Programs in Audit