Newsroom
Department of Education issues security reminder
March 04, 2020
When it comes to security issues, there probably cannot be enough reminders about the importance of ensuring the confidentiality, security, and integrity of student and parent data.
In a Feb. 28 Electronic Announcement, the U.S. Department of Education said it "continues to take steps to ensure the confidentiality, security, and integrity of student and parent information related to the federal student aid programs."
In the Electronic Announcement, the Department goes on further to say that protecting that information is a shared obligation among the Department, institutions, third-party servicers, and other partners in the financial aid system. All of the Department's partners are expected to maintain strong security policies and effective internal controls to prevent unauthorized access or disclosure of sensitive information.
Specifically, auditors are expected to evaluate three information safeguard requirements of GLBA in audits of postsecondary institutions or third-party servicers under the regulations in 16 C.F.R. Part 314:
- The institution must designate an individual to coordinate its information security program.
- The institution must perform a risk assessment that addresses three required areas described in 16 C.F.R. 314.4(b):
- Employee training and management.
- Information systems, including network and software design, as well as information processing, storage, transmission and disposal.
- Detecting, preventing and responding to attacks, intrusions, or other systems failures.
- The institution must document a safeguard for each risk identified in Step 2 above.
Any institutions with questions should contact the Cybersecurity Team at fsaschoolcybersafety@ed.gov or by phone at 202-245-6550.