ALBANY – Garrison Union Free School District officials did not adequately secure the district’s network user accounts, establish physical controls, maintain complete and accurate inventory records for IT equipment, or develop an IT contingency plan, according to an audit conducted by the state comptroller’s office.
The review by state officials found district staff did not have sufficient documented guidance or plans to implement following an unexpected IT disruption or disaster. As a result, district officials have an increased risk they may not recover data and resume essential operations in a timely manner.
The audit found 40 of the 115 enabled nonstudent network user accounts (35 percent) were no longer needed. They said unneeded user accounts could be used to inappropriately access and view personal, private and sensitive information or disable the network.
Ten IT assets, including nine laptops and one printer, were not properly recorded in the district’s inventory listing as well.
Key recommendations by the state auditors include:
- Develop written procedures for managing network user account access that includes disabling unnecessary network user accounts and periodically reviewing user access.
- Maintain complete, accurate and up-to-date inventory records.
- Develop and adopt a comprehensive written IT contingency plan, update the plan as needed and distribute it to all responsible parties.
District officials generally agreed with the state auditor’s recommendations and indicated they have initiated or plan to initiate corrective action.
Read the full article here
Leave a Reply