Finding Text
2023-004: Student Financial Aid Cluster - Special Tests: Gramm-Leach-Bliley Act - Student Information Security (Significant Deficiency)
Assistance Listing Numbers and Titles: #84.007, #84.033, #84.063 and #84.268, Student Financial Aid Cluster
Federal Agency Name: U.S. Department of Education
Pass-Through Entity Name (if applicable): N/A
Award Number/Name: N/A
Award Year: July 1, 2022 - June 30, 2023
Criteria: 16 CFR 314.3 requires an institution to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to the institution’s size and complexity, the nature and scope of activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in 16 CFR 314.4 and be reasonably designed to achieve the objectives of this part.
Condition/context: The College does not have a written comprehensive information security program that addresses all elements required by 16 CFR 314.4.
Cause: The College does not have a control in place to ensure that policies are reviewed and revised in accordance with Federal deadlines.
Effect: The College is not compliant with the Gramm-Leach-Bliley Act.
Questioned costs: None.
Identification as a repeat finding: No.
Recommendation: The College should implement a control to monitor changes in Federal guidelines in order to update policies timely.
Views of responsible officials and planned corrective action: Management concurs with the finding. See Exhibit I for the corrective action plan.