Audit Objective
Determine whether East Williston Union Free School District (District) officials adequately managed and monitored nonstudent network user accounts to help prevent unauthorized use, access and loss.
Key Findings
District officials did not adequately manage and monitor nonstudent network user accounts to help prevent unauthorized use, access and loss. In addition to sensitive information technology (IT) control weaknesses that were communicated confidentially to officials, we found:
- 222 of the enabled nonstudent network user accounts (32 percent) were not needed or disabled.
Most of these accounts should have been disabled in February 2021 when the District updated their network access requirements. However, District officials did not develop a system to communicate when a network account was no longer necessary and should be deactivated.
Key Recommendation
- Periodically review user access for all network user accounts and disable user accounts when access is no longer needed.
District officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action. Appendix B includes our comment on an issue that was raised in the District’s response letter.