Finding Text
Finding Type. Immaterial Noncompliance / Significant Deficiency in Internal Control over Compliance (Special Tests and Provisions). Program. Student Financial Assistance Cluster; U.S. Department of Education; Assistance Listing Numbers 84.007, 84.033, 84.063, 84.268; Award Numbers P007A222008, P033A222008, P063P221633 and P268K231633. Criteria. The Federal Trade Commission (FTC) states that the Gramm Leach Bliley Act "requires financial institutions to explain their information-sharing practices to their customers and safeguard sensitive data." Condition. The College's most recent Gramm Leach Bliley Policy fails to address the assessment of apps that are developed by the institution, the disposal of customer information securely, and maintaining a log of authorized users' activity and keeping an eye out for unauthorized access.Cause. The College does not have a review process in place for ensuring all safeguard policies are met in accordance with the Gramm Leach Bliley Act. Effect. As a result of this condition, the College isn't meeting the safeguard requirements necessary to comply with the FTC. In addition, the lack of safeguard controls creates an increased risk to highly sensitive data that is possessed by the College. Questioned Costs. No costs were required to be questioned as a result of this finding, inasmuch as our testing did not reveal any unallowed costs. Recommendation. We recommend that the College implement procedures to ensure that all Gramm Leach Bliley Policies are met and verified by a second individual. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.