Belleville-Henderson Central School District - Information Technology (2019M-128)

Issued Date
October 11, 2019

[read complete report - pdf]

Audit Objective

Determine whether District officials ensured employees’ personal, private, and sensitive information (PPSI) was adequately protected from unauthorized access, use and loss.

Key Findings

  • District officials did not provide IT security awareness training to all employees.
  • District officials did not develop procedures for managing, limiting and monitoring user accounts and permissions and securing personal, private and sensitive information.
  • The District did not have a disaster recovery plan.

Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

  • Provide periodic IT security awareness training to all employees who use IT resources.
  • Develop written procedures for managing access to the network and financial application.
  • Develop and adopt a disaster recovery plan.

District officials agreed with our recommendations and indicated they had already taken or planned to take corrective action.