Newfield Central School District - Information Technology (2019M-181)

Issued Date

December 20, 2019

Audit Objective

Determine whether the Board and District officials ensured District information technology (IT) assets and computerized data were safeguarded.

Key Findings

District officials did not develop procedures for managing, limiting and monitoring user accounts and securing personal, private and sensitive information (PPSI).
District officials generally maintained proper asset inventory records and provided IT security awareness training for District employees.

In addition, sensitive IT control weaknesses were communicated confidentially to District officials.

Key Recommendations

Thoroughly review user accounts on a routine basis and disable any unnecessary network accounts as soon as they are no longer needed.

District officials agreed with our findings and recommendations and indicated they have taken, or planned to take, corrective action.

Background

The Newfield Central School District (District) serves six towns in Tompkins, Tioga and Chemung counties.

The District is governed by a seven-member Board of Education (Board) that is responsible for the general management and control of the District’s financial and education affairs. The Superintendent of Schools (Superintendent) is the District’s chief executive officer and is responsible for the District’s administration.

The District employs a Director of Technology and Professional Development (Director) and two network specialists who provide IT support to District staff and students.

Quick Facts
Desktop, Laptop and Tablet Computers	850
Total Network Accounts	1,152
Non-Student Network Accounts	395

Audit Period

July 1, 2017 – June 30, 2019