Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007 and 84.033 - Student Financial Assistance Cluster
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The Master’s University & Seminary and Subsidiary did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.3, 16 CFR 314.4
Questioned Costs: $0
Context: The Master’s University & Seminary and Subsidiary developed a risk assessment matrix and evaluation process. The written information security program has not been fully updated to comply with the recent changes in GLBA. The two largest areas are implementing multi-factor authentication on all systems that contain personally identifiable information (PII) and providing a written report to the board covering all the required areas.
Cause: The Master’s University & Seminary and Subsidiary has experienced turnover in the information technology department that has hindered the ability to document and implement all the updated changes.
Effect: The Master’s University & Seminary and Subsidiary has not adequately addressed the updated requirements of GLBA, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable.
Recommendation: We recommend The Master’s University & Seminary and Subsidiary update the information security program in light of the revised regulations, including the implementation of multi-factor authentication on all systems containing PII and the written, annual report to the the board.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.