Finding Text
Significant Deficiency – Gramm-Leach Bliley Act Compliance
Program: Student Financial Aid Cluster
Assistance Listing Number: 84.007; 84.033; 84.063; 84.268
Federal Award Year: June 30, 2023
Condition: The College did not comply with all elements included in the standards for safeguarding customer information as defined under 16 CFR 314.4.
Criteria: 16 CFR 314 requires the College to develop, implement and maintain reasonable administrative technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.
Cause: The College experienced turnover in its information technology director.
Effect: The College was not fully compliant with all elements of 16 CFR 314.4 that became effective as of June 9, 2023. Specifically, the College was not in compliance with subparagraphs (a), (b)(1), (c)(1), (c)(2), (c)(4) through (8), (d)(2), (e), (f)(3), (h), and (i).
Questioned costs: Not Applicable
Recommendation: The College should take action to establish the above elements of an information security program so it will be in full compliance with this requirement.
Views of Responsible Officials and Planned Corrective Actions: Management agrees with this finding and will modify the design of its existing security program so the College is in full compliance with this requirement.