Security Awareness Program: Title IV Data

• Annual documented training of all personnel handling Title IV data
• Annual review of this program
• Review and sign off by the LeTourneau Information Technology department in consultation with the functional area and in compliance with LETU Policy 6.6 Technology Purchases and Support for any software or system which handles PII / Title IV data and for the administration and maintenance plan for that system including incorporation of LETU's MFA, DLP and other Information Security Safeguards and measures.
• Implementation of Data Loss Prevention (DLP) systems

Training for personnel shall include at a minimum:

• Understanding of Student Aid Internet Gateway (SAIG) agreement response to a suspected or known breach (How do I report a Breach)
• How to ensure that all users are aware of and comply with all of the requirements to protect and secure data from Departmental sources using SAIG
  • The Student Aid Internet Gateway (SAIG) Agreement requires that as a condition of continued participation in the federal student aid programs Title IV schools report suspected/actual data breaches
  • Title IV schools must report on the day of detection when a data breach is even suspected
  • The Department has the authority to fine institutions that do not comply with the requirement to self-report data breaches; up to $54,789 per violation per 34 C.F.R. § 36.2
  • The Department has reminded all institutions of this requirement through Dear Colleague Letters (GEN 15-18, GEN 16-12), electronic announcements, and the annual FSA Handbook.  
• Understanding of PII and the LETU Data Classification Policy (Policy 6.2)
• Acceptable Use of Technology Systems at LETU (Policy 6.1)
• Documentation of agreement to all of the above