It almost seems surreal to discuss a routine school audit in the midst of all the news right now, but here we go…
The NYS Comptroller’s Office released its report on Susquehanna Valley Central School District to determine whether district officials established information technology (IT) controls over user access to protect against unauthorized use, access and loss.
Key Findings from the public summary:
District officials did not establish adequate IT controls over user access to protect against unauthorized use, access and loss. District officials did not:
- Adequately manage user accounts including periodically reviewing and disabling unneeded network user accounts.
- Maintain accurate, complete and up-to-date hardware and software inventory.
- Ensure that computers were free from malicious software. In fact, two malicious software applications were installed on District computers.
Sensitive IT control weaknesses were communicated confidentially to officials.
Read the full report here (pdf).