Audit Objective
Determine whether Jericho Union Free School District (District) officials helped safeguard personal, private and sensitive information (PPSI) by developing controls and communicating an acceptable use policy (AUP) to business office staff.
Key Findings
District officials did not help safeguard PPSI by developing and communicating a comprehensive AUP to business office staff. As a result, PPSI related to District employees and finances could be exposed because some websites may be malicious or contain code to compromise a user’s computer or prompt the user to perform activities that may result in malware infection or PPSI exposure. In addition to sensitive information technology (IT) weaknesses that were communicated confidentially to officials, we found:
- All nine business office employees, including the Assistant Superintendent for Business Affairs (ASB), were not aware that they were expected to follow the Computer Network and Internet Student Acceptable Use policy or what the District considers to be appropriate and inappropriate Internet use.
- District officials did not periodically review web histories to determine whether any employee’s web browsing was inappropriate.
Key Recommendations
- Ensure the AUP is updated, or administrative regulations are developed, to provide guidance for business office staff that defines acceptable Internet use and browsing.
- Ensure business office staff who utilize computers are adequately informed of the regulations.
District officials disagreed with certain aspects of our findings and recommendations. Appendix B includes our comments on issues raised in the District’s response letter.