About Partners Contact Client Portal
LinkedIn Twitter
Services Industries Insights & Events Careers & Culture

Services

RubinBrown specializes in providing a comprehensive range of services to meet business and personal needs. Whether you require expert tax, strategic business consulting, audit services or more, RubinBrown's team of experienced professionals are here to support you.

View All Our Services
Assurance Services
Benefit Plan Audit Services Public Company Services
Consulting Services
Business Process Improvement Services Business Restructuring & Bankruptcy Services Cyber Security Services Environmental, Social and Governance Services ERP & Enterprise Software Advisory Fraud & Forensics IT Audit, Third-Party Risk & SOC Examinations Information Technology Services Litigation Services Mergers & Acquisitions Services Risk & Internal Audit Services Valuation Services
Entrepreneurial Services
Outsourced Accounting & Advisory Services
Tax Services
Federal Tax Services Private Client Services Credits & Incentives Services State & Local Tax Services
RubinBrown Advisors RubinBrown Corporate Finance

Industries

At RubinBrown, we bring experience across a range of industries. Our experience enables our professionals to offer tailored solutions catering to the intricacies of each sector. Our professionals have years of focused engagement and skills, allowing them to navigate industry-specific challenges to benefit our clients.

View All Our Industries
Colleges & Universities Construction Gaming Healthcare Law Firms Life Sciences & Technology Manufacturing & Distribution Not-For-Profit Private Equity Public Sector Real Estate Transportation & Dealerships

Insights & Events

At RubinBrown, we provide valuable insights detailing emerging trends and industry-specific information. Our events, hosted virtually and in-person, keep you informed and connected to the topics and industries that matter most to you and your organization.

View All Insights & Events

RubinBrown Combines with The Rybar Group to Expand Healthcare Consulting

RubinBrown LLP, is joining forces with The Rybar Group. John F. Herber, Jr., CPA, CGMA, Chairman - RubinBrown, Steven Harris, CPA, CGMA, Managing Partner - RubinBrown, and Richard Reid - President and CEO, The Rybar Group jointly made the announcement.

Learn More

Understanding the Changes in PCI DSS v4.0.1: Key Updates You Need to Know

Are you impacted by the PCI DSS v4.0.1 updates? The changes are minor, but need to be reviewed regardless of merchant or service provider level.

Learn More

IRS Provides Final Rules on Inherited Retirement Account RMDs

The SECURE Act of 2019 brought big changes to the retirement world, including the taxation of inherited retirement accounts.

Learn More

RubinBrown Sports Betting Index: July 2024 Analysis

For July, increases in handle continued as 30 of 32 eligible states saw increases in July ’24 handle versus July ’23.

Learn More

Careers & Culture

At RubinBrown, we are inspired team members, working as one firm, living our core values, and Being Our Best for Others while delivering totally satisfied clients. We invite you to learn more about the Firm's culture, the Be Your Best for Others mentality, and explore the available opportunities at RubinBrown.

Discover Our Culture
Baker Tilly International Campus Recruiting Diversity & Inclusion Experienced Recruiting RubinBrown Charitable Foundation Join The Team
Back to Insights

Focus on Colleges and Universities: GLBA and FTC Safeguard Rule Audit Guidance

Contact Us

Focus on Colleges and Universities: GLBA and FTC Safeguard Rule Audit Guidance

Contact Us
We mentioned in our previous E-Focus, eventually auditors will be directed to assess the implementation of the GLBA and FTC Safeguard Rule requirements.  The 2023 Compliance Supplement – 2 CFR Part 200 Appendix XI (May 2023), Part 5 Cluster of Program (page 5-3-80) provides auditors suggested audit procedures including:
  1. Verifying the institution has a Qualified Individual for implementing and monitoring the information security program.
  2. Verifying the institution has a formal (written) information security program addressing the specific required minimum specifications.

The details are bit more complicated, but auditors will begin looking at these programs further. The 2023 Compliance Supplement only requires that auditors verify the written information security program contains the minimum specifications, but does not require the auditor to test verify or test the implementation; however, the scope of those audits may increase in future years to address all the requirements listed.

The guidance directs auditors to verify the institution has a designated Qualified Individual and has a formal security program addressing the following:

  • Access Controls: Access controls (least privilege approach) are implemented and periodically reviewed.
  • Data Inventory: Data inventories track the collection, processing, transmission, and storage of sensitive data.
  • Applications: Internally developed applications are periodically assessed.
  • Multi-Factor Authentication: All student data (and sensitive data) is protected by Multi-Factor Authentication.
  • Data Disposal: Sensitive data, including student financial information, is securely destroyed when no longer required.
  • Risk Assessment: Periodic risk assessments are conducted to anticipate and evaluate changes to the environment.
  • Logging User Activity: Logs of user activity are maintained to identify potential occurrences of unauthorized access.
  • Testing: Safeguards are regularly tested or monitored to ensure the effectiveness of the protective controls.
  • Service Providers: Addressing how the institution will assess service providers and oversee the service providers to minimize risk.
  • Periodic Updates: Using the information generated through all activities, the information security program will be updated to address new threats and risks.
The guidance dives into a little more detail on areas of responsibility for the Qualified Individual, audit objectives, and guidance on goals of the GLBA and FTC Safeguards Rule.

We encourage all higher education institutions to review their written information security program and make sure you are ready for your auditors to start digging into these details.

As always, if you need information or assistance with any of the areas discussed in this E-Focus, please feel free to contact the RubinBrown Colleges and Universities team at any time.

 

Published: 6/26/2023

Readers should not act upon information presented without individual professional consultation.

Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.

 

Contact Us:

Talk to Our Experts

Chester Moyer, CPA Partner chester.moyer@rubinbrown.com 816-859-7945

Be Your Best for Others at RubinBrown

At RubinBrown, our firm fosters a culture built upon five vision points, and are guided by our philosophy of Being Our Best for Others. Discover how you can be your best at RubinBrown today by visiting our Careers & Culture Overview for available opportunities and more.

Discover Our Culture

Join Our Mailing List

RubinBrown periodically sends breaking regulatory updates, technical summaries, industry-specific information and event (in-person and virtual) invitations through electronic newsletters.

Sign Up for Our Communications
1-800-678-3134 Certified Public Accountants & Business Consultants

Ranked a Top 50 Accounting Firm by Inside Public Accounting

Firm News Disclaimers Privacy Policy Client Payment © 2024 RubinBrown LLP
ABACUS Recruiting RubinBrown Advisors RubinBrown Corporate Finance