Determine whether the Board and School officials ensured information technology (IT) assets were safeguarded.
- The Board did not adopt adequate IT policies or a disaster recovery plan.
- School officials did not provide IT security awareness training to staff.
- Hardware and software inventory records were inaccurate and outdated.
In addition, sensitive IT control weaknesses were communicated confidentially to School officials.
- Adopt comprehensive IT policies and procedures and a disaster recovery plan.
- Provide security awareness training to staff and maintain complete and up-to-date hardware and software inventory records.
School officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.