Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance
Significant Deficiency
DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038 - Student Financial Assistance Cluster Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: The College did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.3, 16 CFR 314.4
Questioned Costs: $0
Context: The College has not documented its compliance with the updated regulations that went into effect in June 2023. Those items include: - sufficiently documented its security risk assessment for all systems containing personally identifiable information (PII) and safeguards - implemented multi-factor authentication on all systems containing personally identifiable information - implemented sufficient ongoing vendor management policies and reviews - implemented an incident response plan including all revised legislation - provided a written, annual report to the board covering all required areas
Cause: The College has not allocated sufficient resources to address and document compliance with the requirements of GLBA.
Effect: The College has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: not applicable
Recommendation: We recommend the College allocate sufficient resources to address all requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.