Forestville Central School District - Information Technology (2019M-170)

Issued Date
February 21, 2020

[read complete report - pdf]

Audit Objective

Determine whether personal, private and sensitive information (PPSI) on, or accessed through, the District’s information technology (IT) system was properly safeguarded.

Key Findings

  • District officials did not provide formalized IT security awareness training for individuals who used the District’s IT assets.
  • Personal Internet use was found on computers assigned to employees who routinely accessed PPSI.
  • Network and application user accounts were not properly managed.

In addition, sensitive information technology control weaknesses were communicated confidentially to District officials.

Key Recommendations

  • Provide periodic IT security awareness training.
  • Develop and implement written administrative regulations to further define the District’s acceptable use policy guidelines.
  • Develop comprehensive written procedures for managing network and application user accounts.

District officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.