Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, and 84.033 - Student Financial Assistance Cluster
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The Seminary did not sufficiently comply with all the updated requirements of GLBA.
Criteria: 16 CFR 314.3, 16 CFR 314.4
Questioned Costs: $-0-
Context: The Seminary has put forth significant effort towards GLBA compliance. The remaining areas are on the Seminary’s road map to codify and document or approve exceptions.
• Update the written information security program to address all updated areas from the 2023 legislation change including safeguards specified in the legislation.
• Implement multi-factor authentication on all systems containing personally identifiable information (PII) or approve in writing qualified exceptions.
• Provide a written, annual report to the board covering all areas of GLBA.
Cause: The Seminary has been working through legacy systems and exploring options that are feasible to implement and maintain appropriate security posture.
Effect: The Seminary has additional documentation to perform to ensure all updated components are addressed and any residual risk is approved by the board. This will reduce unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable
Recommendation: We recommend the Seminary allocate sufficient resources to document and/or implement all remaining requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.