Finding Text
Assistance Listing Number, Federal Agency, and Program Name ‑ Student Financial Assistance Cluster ‑ Federal Direct Student Loan Program ALN 84.268, Federal Pell Grant Program ALN 84.063, Federal Work‑Study Program ALN 84.033, Federal Perkins Loan Program ALN 84.038, and Federal Supplemental Educational Opportunity Grant (FSEOG) ALN 84.007
Federal Award Identification Number and Year ‑ Various
Pass‑through Entity ‑ N/A
Finding Type ‑ Significant deficiency
Repeat Finding ‑ No
Criteria ‑ Institutions must address safeguards within their written information security program (16 CFR 314.4). The institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8).
Condition ‑ The University does not have all of the minimum safeguards written down within its information security program.
Questioned Costs ‑ None
Identification of How Questioned Costs Were Computed ‑ N/A
Context ‑ Of the seven minimum elements required to be written in the information security program, the University did not have one of them. The University did not have all of the required safeguards written within their information security program.
Cause and Effect ‑ The University does not have adequate controls or processes in place to ensure safeguard policies are documented.
Recommendation ‑ The University should implement controls to ensure minimum required elements, including the safeguards, are incorporated into written policies.
Views of Responsible Officials and Corrective Action Plan ‑ The University does have information security controls in place. While we have implemented these controls and safeguards, we acknowledge they are not documented in our formal policies. Our corrective action is to have these controls formalized and documented in the coming year.