For a number of years now, I’ve noted NYS comptroller audits of school districts when it comes to IT and infosecurity. Here’s one that was recently released concerning Urban Choice Charter School in Rochester:
Issued Date
June 12, 2020Audit Objective
Determine whether the Board and School officials ensured information technology (IT) assets were safeguarded.
Key Findings
- A former employee’s user account was used to process 510 financial transactions after her resignation.
- School officials did not adopt IT policies or a disaster recovery plan.
- IT users were not provided with IT security awareness training.
Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
Key Recommendations
- Immediately disable user accounts of former employees and ensure all IT users have and use their own user accounts when accessing the network and specialized software applications.
- Adopt comprehensive IT policies and procedures and a disaster recovery plan.
- Provide IT users with IT security awareness training.