LETU IT KnowledgeBase

Child pages
  • Title IV: Department of Education Requirements
Skip to end of metadata
Go to start of metadata

The Dear Colleague letter of July 29, 2015 (https://ifap.ed.gov/dpcletters/GEN1518.html and https://ifap.ed.gov/dpcletters/GEN1612.html) requires specific requirements of institutions handling Title IV data when signed up for SAIG (https://ifap.ed.gov/dpcletters/attachments/20152016SAIGFormWatermarked.pdf#page=31). 

LETU InfoSec Compliance Reference: These requirements are outlined below and detailed in the LETU Information Security program & Compliance Reference.

2019: Additional information about the GLBA Safeguards FY19 Supplement is available here: https://er.educause.edu/blogs/2019/7/the-safeguards-rule-audit-objective-is-here

ControlRemediation
Develop, implement, and maintain a written information security program;

LETU Information Security Program & Compliance Reference

Security Awareness Program: Title IV Data

Designate the employee(s) responsible for coordinating the information security program;Title IV Information Security Program Responsibilities
Identify and assess risks to customer information;

Data Classification Standard
http://www.letu.edu/start/publications/policy/letu-policy-handbook.pdf

Annual Risk Assessment (available internally)

NIST Framework for Improving Critical infrastructure CyberSecurity v1.1 (available internally)

Design and implement an information safeguards program

Security Safeguards Program: Title IV Data

LETU Continuity Plan (available internally)

Select appropriate service providers that are capable of maintaining appropriate safeguards; and

LETU HECVAT and Cloud Vendor Guidelines (Required for approval of new Information Systems Vendors)

Acceptable Use for Technology Systems

http://www.letu.edu/start/publications/policy/letu-policy-handbook.pdf

Periodically evaluate and update their security program.Annual evaluation: Security Awareness Program: Title IV Data


Additional FSA Cybersecurity Compliance information is available at https://ifap.ed.gov/eannouncements/Cyber.html



;



  • No labels