They are also subject to the provisions of the Gramm–Leach–Bliley Act (GLBA) regarding processing of financial transactions and must comply with the PCI-DSS standards for credit card transactions. Finally, educational institutions are continually addressing changes to their business processes. For example, as educational technologies evolve, institutions must
address security issues involved with delivering course content and maintaining confidential student records
online. All of these factors make educational institutions a rich setting in which to begin investigating the
nature of the relationship between the information security and internal audit functions.