Wolf’s Guidance & Integrated Risk Management Solutions Assist Concord University Through GLBA Compliance
Concord University is a public university located in Athens, West Virginia, that works to improve the lives of students through innovative teaching and learning. The university called on Wolf to assist with its compliance needs. The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule requires financial institutions to have measures in place that keep customer information secure. Due to the nature of the data kept by financial aid offices, the Office of Management and Budget (OMB) and the Department of Education’s office of Federal Student Aid (FSA) announced that, starting in 2018, FSA would begin auditing GLBA compliance.
Challenge
The university was faced with the issue of how to meet its compliance obligation, which requires there be measures in place to keep student and parent financial information secure. As the university is not a bank, the information/data security program needed to be expanded to include compliance with GLBA. When it comes to financial aid, information and data security requires collaboration between the information technology (IT) and financial aid departments, where one may not have insight into the other area. This is important because regulators want to ensure the student and parent financial information held by universities and colleges is protected in the same manner as if it were held by a financial institution.
Solution
Concord engaged Wolf and its WolfPAC Integrated Risk Management software solution to conduct a data security and privacy risk assessment. The university was using manual spreadsheets to conduct their risk assessments and was looking for more than a software-centric solution to complete the assessment. With Wolf, they were able to pair industry-leading software with Wolf’s advisory services. We walked them through the risk assessment and provided them with personalized service. In partnership with both the IT and financial aid departments, we reviewed controls in place, where gaps exist, and what threats may impact non-public personal information. We reviewed their processes, controls, and the tasks required to complete their assessment through our expert lens.
Without the use of WolfPac the Risk Assessment for GLBA Compliance would have taken us months to complete. WolfPac allowed us to complete the assessment and provided great information for creating an action plan to improve security of our data.”
Ron Hamilton
Chief Information Officer
Concord University
Result
Drawing on Wolf’s deep industry knowledge of the financial industry, the Financial Aid, Business, and Technology Services offices executed the privacy risk assessments they needed. With the support of Wolf’s team, the university was able to:
Assess the controls in place, view potential gaps or threats, and develop a remediation plan.
Deliver comprehensive reports to examiners and auditors when needed.
Fulfill new compliance requirements and stay ahead of the curve.
This case study is based solely on publicly available information and is in no way an endorsement by Concord University or the State of West Virginia.
