Greece Public Library – Information Technology (2017M-130)

Issued Date
September 29, 2017

Purpose of Audit

The purpose of our audit was to evaluate the Library’s information technology (IT) controls for the period January 1, 2016 through June 21, 2017.

Background

The Greece Public Library is located in the Town of Greece in Monroe County. The Library, which received its charter from the New York State Board of Regents in 1958, is governed by a seven-member Board of Trustees appointed by the Town’s governing body. Budgeted appropriations for 2017 total approximately $3.1 million.

Key Findings

  • The Board did not adopt any policies to protect its IT assets.
  • The Board did not develop a disaster recovery plan.
  • Library officials did not have a comprehensive hardware inventory.

Key Recommendations

  • Adopt comprehensive IT policies that include acceptable use, password management, user accounts, access rights, backups, breach notification, hardware and software inventories, restricting personal use and connecting personally owned devices to Library computers and the sanitation and disposal of hardware and electronic media.
  • Adopt a comprehensive disaster recovery plan and ensure that the plan is distributed to all essential personnel.
  • Maintain complete, comprehensive hardware inventory records that detail the locations, assigned users and acquisition dates.