Audit Objective
Determine whether the Board and District officials adequately safeguarded data from abuse or loss.
Key Findings
- Officials do not regularly review network user accounts and disable those that are determined to be unnecessary.
- The Board does not have an adequate contract and separate service level agreement (SLA) for information technology (IT) services provided by the Broome Tioga Board of Cooperative Educational Services’ South Central Regional Information Center (SCRIC).
- Officials do not provide periodic IT security awareness training to staff.
In addition, sensitive IT control weaknesses were communicated confidentially to district officials.
Key Recommendations
- Regularly review user accounts and disable those that are unnecessary.
- Ensure there is an adequate contract and separate SLA with SCRIC for IT services provided.
- Provide periodic IT security awareness training to personnel who use IT resources.
District officials generally agreed with our recommendations and indicated they planned to initiate corrective action.