Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance Significant Deficiency
DEPARTMENT OF EDUCATION
ALN #: 84.268
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The Seminary did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.4
Questioned Costs: $0
Context: The Seminary has not:
1) sufficiently documented its security risk assessment and safeguards, including an application-specific assessment
2) implemented multi-factor authentication on all systems containing personally identifiable information (PII)
3) implemented ongoing vendor management policies and reviews
4) implemented an incident response plan that addresses all requirements
5) provided a written, annual report to the board
6) updated employee training in light of the revised regulations from June 2023
7) updated its written information security program to address all components that went into effect in June 2023
Cause: The Seminary has not allocated sufficient resources to address and document compliance with the requirements of GLBA.
Effect: The Seminary has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable.
Recommendation: We recommend the Seminary allocate sufficient resources to address all requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.