Determine whether the Board and School officials ensured information technology (IT) assets were safeguarded.
- A former employee’s user account was used to process 510 financial transactions after her resignation.
- School officials did not adopt IT policies or a disaster recovery plan.
- IT users were not provided with IT security awareness training.
Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
- Immediately disable user accounts of former employees and ensure all IT users have and use their own user accounts when accessing the network and specialized software applications.
- Adopt comprehensive IT policies and procedures and a disaster recovery plan.
- Provide IT users with IT security awareness training.