Effective June 9, 2023, the Gramm-Leach-Bliley Act (GLBA) requires more of your institution to ensure student information’s security, integrity, and confidentiality. Any GLBA findings can affect your institution’s participation in Title IV programs, risk your access to Fin Aid, and require resolution through a Corrective Action Plan (CAP). Non-compliance with GLBA regulations may lead to the loss of eligibility for federal funding, potentially impacting the institution’s ability to offer financial aid to students.
Navigating these new rules and regulations can be complex. That’s where Columbia Advisory Group (CAG) steps in. Our expertise in the compliance process and a deep understanding of the NIST 800-171 and GLBA Safeguards Rule requirements make us the ideal partner to guide you through these changes.
Over the past few years, CAG has been instrumental in helping improve the State of Texas’ cybersecurity posture. CAG has completed over 200+ Texas Cybersecurity Framework (TCF) assessments of State of Texas Agencies and Higher Education Institutions. The TCF is a NIST 800-53/171-based framework assessment for the Texas Department of Information Resources (DIR). The TCF offers a uniform language for addressing and managing cybersecurity risk cost-effectively, aiming to bolster cybersecurity without imposing additional regulatory burdens on agencies. The TCF is aligned with the NIST framework, offering five continuous functions that concurrently manage cybersecurity risks: Identify, Protect, Detect, Respond, and Recover. These functional areas are encapsulated within 42 total security control objectives, guiding organizations in identifying, assessing, and managing their unique cybersecurity risks.
CAG can provide the expert support needed to implement and manage the essential elements required for your Information Security Program:
- Proficiency in GLBA Compliance: We can assist your institution in developing a comprehensive information security program that aligns with the nine critical elements of the updated GLBA Safeguards Rule.
- NIST 800-171 Expertise: Our rich experience with NIST 800-171 standards has equipped us with the expertise to help your institution integrate the requisite information security controls, thus enhancing your data protection efforts.
- Risk Assessment and Safeguard Implementation: Our team of experts can support you in identifying potential risks, designing and implementing safeguards, and continually monitoring their efficacy.
- Corrective Action Planning: In case of non-compliance findings, we can guide you in formulating an effective Corrective Action Plan (CAP).
CAG is your strategic partner in achieving and maintaining compliance, reducing risk, ensuring the ongoing protection of your student data, and being prepared for the future of information security in higher education.
For additional information, check FSA’s electronic announcement: Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements, or contact FSA_IHECyberCompliance@ed.gov. More information is also available on the Federal Trade Commission’s website. Updates to the Gramm-Leach-Bliley Act Cybersecurity Requirements | Knowledge Center