Stockbridge Valley Central School District - Information Technology (2019M-13)

Issued Date

June 14, 2019

Audit Objective

Determine whether the Board and District officials established information technology (IT) policies and procedures to adequately safeguard personal, private and sensitive information (PPSI).

Key Findings

Employees did not comply with the District’s acceptable use policy (AUP).
District officials did not disable unneeded user accounts in a timely manner.
District officials did not provide IT security awareness training to employees.

In addition, sensitive IT control weaknesses were communicated confidentially to District officials.

Key Recommendations

Monitor employees’ computer use to ensure compliance with the AUP.
Disable user accounts as soon as they are no longer needed.
Provide employees with periodic IT security awareness training.

District officials agreed with our recommendations and indicated they would initiate corrective action.

Background

The Stockbridge Valley Central School District (District) has a single K-12 building that is located in the Village of Munnsville in Madison County.

The District is governed by a seven-member Board of Education (Board) that is responsible for the general management and oversight of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the District’s chief executive officer and is responsible, along with other administrative staff, for the District’s day-to-day management.

Quick Facts
Student Enrollment	432
Employees	143
Employee Network Accounts	184
Desktops, Laptops and Tablets	572

Audit Period

July 1, 2017 – June 30, 2018

We extended our scope period forward to August 16, 2018 to perform IT scans.