Purpose of Audit

The purpose of our audit was to determine if College officials ensured that the College's Information Technology system was adequately secured and protected against unauthorized use, access and loss for the period September 1, 2015 through July 31, 2017.

Background

Columbia-Greene Community College is located in the Town of Greenport in Columbia County. The College, which has approximately 560 employees, is governed by a 10-member Board of Trustees.

Key Findings

• The College has 2,498 user accounts that have not been used in the last six months, with the oldest account’s last logon being over 10 years ago.
• The College did not adopt a breach notification policy.
• Five employees visited music streaming, social media and shopping websites which could expose the network to virus attacks or compromise systems and data.
• The College has never tested its disaster recovery plan; therefore, information may not be adequately safeguarded.

Key Recommendations

• Adopt procedures for managing system access.
• Adopt a breach notification policy.
• Review the Internet usage log to ensure compliance with the College’s computer use policy.
• Test the disaster recovery plan.