It’s been a while since the NYS Comptroller’s Office has released any school district audits on information technology, but they’ve released one this week on Haldane Central School District. They summarize the findings of their audit, which covered the period July 1, 2014 — August 19, 2015 this way:
We also found that the District did not develop and implement comprehensive IT controls to safeguard IT assets and data from unauthorized access, harm or loss. Four individuals have administrative permissions in the financial application that do not align with their job duties. In addition, no one was reviewing the audit log (automated trail of system activity) as a compensating control. Furthermore, the rooms housing servers and other IT infrastructure were unlocked and did not have other adequate safeguards. The hardware inventory that District officials provided us was outdated, and no software inventory is maintained. Lastly, the disaster recovery plan did not contain adequate information to guide District officials and staff in the event of a disaster affecting IT operations. As a result of these weaknesses, the District’s IT resources, systems and electronic data are subject to increased risk of unauthorized access, manipulation, theft, loss or destruction.
You can access the full report here (pdf).