Issued Date
July 02, 2020
Audit Objective
Determine whether District officials ensured information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.
Key Findings
- The District did not adequately control and secure its personal, private and sensitive information (PPSI).
- District employees were not provided with IT security awareness training.
- The District did not have service level agreements (SLAs) with its IT service providers.
In addition, sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
Key Recommendations
- Inventory, classify and develop effective controls over PPSI.
- Ensure all necessary personnel receive up-todate IT security awareness training.
- Ensure that all IT services are provided based on a formal service level agreement.
District officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.