Finding Text
Gramm-Leach-Bliley Act (GLBA) Compliance
Material Weakness
DEPARTMENT OF EDUCATION
ALN #: 84.268, 84.063, 84.007, 84.033, and 84.038 Student Financial Assistance Cluster
Federal Award Identification #: 2022-2023 Financial Aid Year
Condition: San Diego Christian College did not sufficiently comply with the updated requirements of GLBA.
Criteria: 16 CFR 314.3, 16 CFR 314.4 Questioned Costs: $0
Context: San Diego Christian College has not sufficiently documented its written information security programs, its security risk assessment and safeguards, including general threats, not implemented multi-factor authentication on all systems containing personally identifiable information (PII). San Diego Christian College has not implemented continuous monitoring, such as penetration testing and vulnerability scanning. Additionally, San Diego Christian College has not sufficiently implemented an incident response plan, and has not provided a written, annual report to the board. Furthermore, San Diego Christian College has not formalized its employee training program.
Cause: San Diego Christian College has limited resources and has allocated certain staff time and dollars as available to address and document compliance with the requirements of GLBA.
Effect: San Diego Christian College has not adequately addressed the requirements of GLBA, which may lead to unintended exposure of student information to security risks.
Identification as repeat finding, if applicable: Not applicable
Recommendation: We commend San Diego Christian College for the work completed on GLBA. We recommend San Diego Christian College allocate sufficient resources to address the remaining requirements of GLBA.
Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.