Finding Text
Criteria or Specific Requirement – Special Tests Gramm-Leach-Bliley Act (GLBA): Per 16 CFR Part 314, the institution is required to develop, implement, and maintain a comprehensive information security program that, at a minimum, addresses all seven required elements included in 16 CFR 314.3(a) and 16 CFR 314.6.
Condition – The College did not have a comprehensive information security program that covered all criteria required by the Gramm-Leach-Bliley Act during the fiscal year ended June 30, 2024.
Questioned Costs - None noted.
Context – We reviewed the College’s comprehensive information security program noting that it addressed all required elements, however, this program was not implemented during the fiscal year ended June 30, 2024.
Effect - The College was not in compliance with the GLBA requirements of the grant agreement program.
Cause – The College was in the process of preparing a comprehensive information security program, but it was not completed and implemented until after the fiscal year ended June 30, 2024.
Identification as a Repeat Finding - Not a repeat finding
Recommendation – We recommend that management establish procedures to ensure new requirements are identified and completed timely and accurately.
View of Responsible Official – There is no disagreement with the audit finding.