Department of Education Tightens Data Requirements
Published on by Bryan Gayhart in SOC Reports, Technology
Cyber attacks on universities and colleges have been on the rise over the past few years. As a result, the Department of Education (DoE) has released guidance that will regulate data security practices in the education industry under the Gramm-Leach-Billey Act (GLBA). The DoE will require universities and colleges to adhere to the following:
- Develop, implement, and maintain a written information security program
- Designate the employee(s) responsible for coordinating the information security program
- Identify and assess risks to stored personal/confidential information
- Design and implement an information safeguards program
- Select appropriate service providers that are capable of maintaining appropriate safeguards
- Periodically evaluate and update their security program
The DoE has encouraged institutions to comply with the standards developed by the National Institute of Standards and Technology (NIST) – specifically 800-171. In addition, the DoE plans to conduct an annual audit on universities and colleges to ensure compliance with the GLBA.
Contact Us
The Barnes Dennig team is here to help! Contact us here or call 513-241-8313 to learn more about how we can help your institution assess compliance or implement NIST 800-171. Conducting an assessment includes reviewing existing processes, conducting a risk assessment, developing a compliance road map and evaluation of compliance through an audit.