Purpose of Audit
The purpose of our audit was to determine whether the Town’s IT assets were adequately safeguarded for the period January 1, 2014 through February 28, 2015.
Background
The Town of Saugerties is located in Ulster County and has a population of approximately 20,000. The Town is governed by an elected five-member Town Board. The Town’s 2015 general fund budget was approximately $8.23 million.
Key Findings
- The Board does not review user access on an ongoing basis or restrict administrative rights to those who need them to perform their jobs.
- The Board also has not provided Town personnel with a copy of the acceptable computer use policy.
- The Board has not developed computer security and disaster recovery plans, and has not established a breach notification policy or a comprehensive inventory policy for all hardware and software.
Key Recommendations
- Limit the administrative access rights to those individuals that have oversight and control of a system or application, and review those rights on an ongoing basis.
- Provide Town personnel who use computers a copy of the acceptable use policy and retain a signed copy of the acknowledgement page to ensure the users’ understanding and their responsibilities to the Town policy.
- Adopt IT policies and procedures related to computer security, disaster recovery and breach notification and establish a comprehensive inventory policy for all hardware and software.