Download: docx | pdf

Designation of Authorizing Official

Current Designee:

If you as the President or CEO wish to designate someone other than yourself to sign SAIG enrollment applications, you may do so by completing the designation statement below and signing Box 1. Have your designee complete and sign Box 2.

If you do not want to assign a designee, leave Box 1 empty and sign Box 2.

I hereby designate with the title , to be my

(Name of New Designee - Required) (Position Title of New Designee - Required)

responsible authorizing official for all future Federal Student Aid System enrollment applications. All related responsibilities of the President/ CEO shall be carried out by this designee. As President/CEO, I agree to assume the responsibility for such actions associated with this and future enrollment agreements. This designation is effective as of the date signed below.

Note: Authorized Official name and signature must match information on file with ED.

Responsibilities of the President/CEO or Designee

As the President/CEO or Designee, I certify that:

• I or my designee will notify FPS Help Desk within one business day, by email at [email protected] or call
  1-800-330-5947 when any person no longer serves as a designated authorizing official, Primary DPA, or Non-Primary DPA.

• I will not permit unauthorized use or sharing of SAIG passwords or codes that have been issued to anyone at my organization.

• Each person who is a SAIG DPA for my organization has read and signed a copy of “Step Three: Responsibilities of the Primary and Non-Primary Destination Point Administrator.”

• Each person who is a SAIG DPA for my organization has made a copy of the signed Step Three document for their own files and a copy is maintained at my organization.

• My organization has provided security due diligence and verifies that administrative, operational, and technical security controls are in place and are operating as intended. Additionally, my organization verifies that it performs appropriate due diligence to ensure that, at a minimum, any employee who has access to FSA ISIR data meets applicable state security requirements for personnel handling sensitive personally identifiable information.

• My organization has ensured the standards for protecting federal tax information (FTI) have been implemented according to Internal Revenue Code (IRC) 26 U.S.C. §6103 – Confidentiality and disclosure of returns and return information and pursuant to 20 U.S.C.§483 of the Higher Education Act, as amended – Use of FAFSA^® data and FTI data. I further acknowledge violations of the IRC may lead to criminal and/or civil penalties pursuant to 26 U.S.C. 7213; 7213A; and §7431. Penalties apply to willful unauthorized disclosure and inspection of tax return or return information with punishable fines or imprisonment. Additionally, I further acknowledge a taxpayer may bring civil action for damages against an officer or employee who has inspected or disclosed, knowingly or by reason of negligence, such taxpayer’s tax return or return information in violation of any provision of IRC §6103.

• I understand the Secretary may consider any unauthorized disclosure or breach of student records and student applicant information as a demonstration of a potential lack of administrative capability as stated in 34 C.F.R. § 668.16. I further understand that in the event of an unauthorized disclosure or breach of student applicant information or other sensitive information (such as personally identifiable information), the DPA or the Qualified Individual identified under 16 C.F.R. Part 314 must notify Federal Student Aid within 24 hours after the incident is known or identified for postsecondary educational institutions at https://fsapartners.ed.gov/title-iv-program-eligibility/cybersecurity/cybersecurity-breach-intake and for all other by notifying Federal Student Aid at [email protected].

• I understand that my organization must cooperate with Federal Student Aid and provide any requested information regarding an unauthorized disclosure or breach as well as report any breach that occurs at my organization’s third-party providers that maintain, store or otherwise utilize the data.

• I understand that I am responsible for the information security of any information provided by Federal Student Aid that may be maintained by, stored by or shared with any third-party entity.

• I have ensured that the Standards for Safeguarding Customer Information (as the term customer information applies to my institution – See the Glossary of the SAIG Enrollment Form), 16 C.F.R. Part 314, issued by the Federal Trade Commission (FTC), as required by the Gramm-Leach-Bliley (GLB) Act, P.L. 106-102 have been implemented and understand that these Standards provide, among other things, that I implement the following and I understand that failure to implement the requirements of the GLB Act may be considered a lack of administrative capability under 34 C.F.R. § 668.16 by the Secretary. I further acknowledge that my responsibility to safeguard customer information extends beyond Title IV, HEA program recipients:

• Develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts that meets the requirements for an information security program in 16 C.F.R. Part 314.

• Designate a qualified individual responsible for overseeing an implementing my institution’s information security program and enforcing my institution’s information security program in compliance with 16 C.F.R. 314.4(a).

• Base my institution’s information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to my institution – See Glossary) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks as required under 16 C.F.R. 314.4(b).

• Design and implement safeguards to control the risks my institution identifies through risk assessment that meet the requirements of 16 C.F.R. 314.4(c)(1) through (8).

• Regularly test or otherwise monitor the effectiveness of the safeguards my institution has implemented that meet the requirements of 16 C.F.R. 314.4(d).

• Implement policies and procedures to ensure that personnel are able to enact my institution’s information security program and meet the requirements of 16 C.F.R. 314.4(e)(1) through (4).

• Oversee my institution’s service providers (See Glossary) by meeting the requirements of 16 C.F.R. 314.4(f)(1) through (3).

• Evaluate and adjust my institution’s information security program in light of the results of the required testing and monitoring required by 16 C.F.R. 314.4(d); any material changes to my institution’s operations or business arrangements; the results of the required risk assessments under 16 C.F.R. 314.4(b)(2); or any other circumstances that I know or have reason to know may have a material impact on my institution’s information security program as required by 16 C.F.R. 314.4(g).

• Establish an incident response plan that meets the requirements of 16 C.F.R. 314.4(h).

• Require my institution’s Qualified Individual to report regularly and least annually to those with control over my institution on my institution’s information security program as required by 16 C.F.R. 314.4(i).

• I have signed this certification below and sent the original to the Department. I have retained a copy of this certification at the organization. My signature below affirms that I have read these responsibilities and agree to abide by them.

Office Use Only

Customer Number_________________________________________________________________

TG/FT Number____________________________________________________________________

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	Certification of the President/CEO or Designee
Subject	Certification of the President/CEO or Designee
Author	Nelson, Laurie A
File Modified	0000-00-00
File Created	2024-07-22