Skip to Main Content
About
Industries
Services
Professionals
Careers
News + Insights
Locations
Industries
About us
Services
Culture
Careers
Press kit
Events
Articles
Contact us
Submit an RFP
Subscribe
Join our team
Contract with us
Make a payment
insights

success stories

GLBA assessment for Ohio University

overview industries services professionals

Challenge

Ohio University’s (OU’s) Information Security Office (ISO) engaged BerryDunn’s higher education consulting team to conduct security risk assessments for three departments within the University. These departments are required to be in compliance with the Gramm-Leach-Bliley Act (GLBA) per the US Department of Education’s (ED’s) requirements. The assessments used the NIST 800-171 Rev. 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST 800-171) framework and included consideration of relevant GLBA controls. 

Approach

BerryDunn completed the first assessment for the Office of Student Financial Aid and Scholarships (OSFAS) in 2018 and additional assessments for the Bursar’s Office and Heritage College of Osteopathic Medicine (HCOM) in May 2020. 

Over the course of these security risk assessments, the BerryDunn higher education consulting team reviewed the university’s information security policies, procedures, and standards, and engaged members from the respective departments, before planned on-site meetings, to prepare for the engagement and obtain an initial understanding of the systems and controls in scope. The assessments were completed on-site, where team members met with OU ISO, Office of Information Technology (OIT), department leadership, and staff teams. 

Outcomes

The scope of these security risk assessments involved evaluating the systems, processes, and practices against the requirements in the NIST 800-171 framework for adherence. BerryDunn’s deliverables for each assessment included: 

  • Completed NIST risk assessment workbook that documented BerryDunn procedures and the assessed unit’s adherence status towards NIST compliance.
  • A report providing an overview of the scope of the assessment, the processes followed, risk assessment outcomes, risk mitigation plans, and recommendations for next steps.

BerryDunn's higher education consultants developed prioritized remediation plans that addressed gaps identified and, where needed, recommended the implementation of new controls, policies, procedures, and practices. BerryDunn included important considerations to help leadership understand the implementation of remediating activities.

Related Industries

Related Services

Consulting

Information Systems

Higher Education Consulting

Organizational and Governance

Higher Education Consulting Strategic IT Planning

Related Professionals

Principals

BerryDunn experts and consultants

Professional
Joe Traino

“We have engaged BerryDunn for the performance of two NIST/GLBA risk assessments over the last two years. Each time the consultants were professional, knowledgeable, and provided great insight with specific knowledge to the higher education industry.”  

- Alicia Porter, Ohio University

Testimonial
Higher education expertise
Industry
Colleges and Universities