Auditors found that OITS does not have an established monitoring and oversight process for user access management of DCJS systems and is not operating in compliance with state cyber security policies. OITS does not have established policies and procedures for backup of key DCJS systems. Also, ITS does not have an active regional backup site, and DCJS systems are at risk for total data loss in the event of a regional disaster. Auditors also found OITS does not have an established monitoring and oversight process for software or operating systems and changes made to these systems.
Read the full audit report.