Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, and 84.033 - Student Financial Assistance Cluster
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: Bethany did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.3, 16 CFR 314.4
Questioned Costs: $-0-
Context: Bethany has contracted with a third party to assist with compliance with GLBA. Bethany is in the process of fully documenting its information security program. Bethany has implemented multi-factor authentication (MFA) on some systems that contain personally identifiable information and is working to implement MFA on the remaining systems. Bethany is also working to implement sufficient continuous monitoring, such as penetration testing and vulnerability scanning.
Cause: The timing of the contracting by Bethany has not allowed all updated components of GLBA to be addressed and documented during the audit process.
Effect: Bethany may have unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable
Recommendation: We recommend Bethany work with the third party and determine timeframes remaining to address all requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.