Finding Text
2022-002 ? Gramm-Leach-Bliley Act (GLBA) Federal Agency: U.S. Department of Education Federal Program Title: Student Financial Assistance Cluster Federal Assistance Listing Number: 84.007, 84.033, 84.038, 84.063, and 84.268 Award Period: 7/1/2021 ? 6/30/2022 Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: In accordance with the Gramm-Leach-Bliley Act and the Code of Federal Regulations 16 CFR 314.4(e), the University is required to implement policies and procedures to ensure that personnel are able to enact you information security program by providing personnel with security awareness training that is updated as necessary to reflect the identified risk by the risk assessment. Condition: The University risk assessment did not include security awareness training. Questioned costs: None. Context: During our testing of the University?s risk assessment, it was noted that security awareness training was not identified. Cause: The University did not have all required elements of GLBA documented in their risk assessment. Effect: Noncompliance with GLBA requirements. Repeat finding: No. Recommendation: We recommend the University evaluate its procedures and policies around their risk assessment under the requirements of GLBA. Views of responsible officials: Management agrees with the finding.