Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance
Significant Deficiency
DEPARTMENT OF EDUCATION
ALN #: 84.268 and 84.033, Student Financial Assistance Cluster
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The Seminary did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.4
Questioned Costs: $-0-
Context: The Seminary has not:
- sufficiently documented its security risk assessment and safeguards for systems and programs added during the year
- implemented multi-factor authentication on all systems containing personally identifiable information (PII)
- implemented a formal employee training program
- implemented comprehensive continuous monitoring or annual penetration testing and biannual vulnerability scanning
during the audit period
- provided a written, annual report to the board
Cause: The Seminary underwent a system conversion during the year and was not able to allocate sufficient resources
to address and document compliance with the updated requirements of GLBA. Additionally, equipment purchased to
address portions of compliance has remained on backorder.
Effect: The Seminary has not adequately addressed the requirements of GLBA, which may lead to unintended exposure
of student information to security risks.
Identification as repeat finding, if applicable: Not applicable.
Recommendation: We recommend the Seminary allocate sufficient resources to address all updated requirements of
GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective
action plan.