Finding Text
Finding Type. Immaterial Noncompliance / Significant Deficiency in Internal Control over Compliance (Special Tests and Provisions). Program. Student Financial Assistance Cluster; U.S. Department of Education; Assistance Listing Numbers 84.007, 84.033, 84.063, and 84.268; Award Numbers P007A212026, P007A222026, P033A222026, P063P212898, and P063P222898. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information‐sharing practices to their customers and safeguard sensitive data." Condition. The most recent Gramm Leach Bliley Policy fails to address the implementation of multi‐factor authentication for anyone accessing customer information on the institution's system. Cause. The College does not have a review process in place for ensuring all safeguard policies are met in the Gramm Leach Bliley Policy. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply
with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is
possessed by the College. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley
Policies are met and verified by a second individual.View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.