Finding Text
Finding Type. Immaterial Noncompliance / Significant Deficiency in Internal Control over Compliance (Special
Tests and Provisions). Program. Student Financial Assistance Cluster; U.S. Department of Education; Assistance Listing Numbers
84.007, 84.033, 84.063, and 84.268; Award Numbers P007A222054, P033A222054, P063P221646, and
P268K231646. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial
institutions to explain their information‐sharing practices to their customers and safeguard sensitive data." Condition. The most recent Gramm Leach Bliley Policy fails to address the implementation of multi‐factor
authentication for anyone accessing customer information on the institution's system, conducting a periodic
inventory of data that notes where it is collected, store, or transmitted, encrypting customer information on the
institution's system and when it's in transit, and the assessment of apps developed by the institution. Cause. The College does not have a review process in place for ensuring all safeguard policies are met in
accordance with the Gramm Leach Bliley Act. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply
with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is
possessed by the College. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach
Bliley Policies are met and verified by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.