Broome County – Information Technology (2013M-351)

Issued Date
May 09, 2014

Purpose of Audit

The purpose of our audit was to determine if the County’s computerized data and assets were properly safeguarded for the period of January 1, 2012 through August 20, 2013.

Background

Broome County, located in the Southern Tier of the State, has approximately 200,000 residents and is governed by a 15-member County Legislature. The County’s budgeted expenditures for 2013 totaled $247.7 million for the general fund.

Key Findings

  • The County has a policy regarding removable USB storage devices but does not monitor or enforce it, increasing the risk that data could be compromised, including personal, private and sensitive information such as bank account numbers.
  • A breach notification policy has not been approved by the IT department and adopted by the County Legislature.
  • A formal disaster recovery plan has not been developed.

Key Recommendations

  • Establish procedures that more effectively manage the use of portable storage devices.
  • Approve and adopt a breach notification policy.
  • Develop a disaster recovery plan.