Clyde-Savannah Central School District – Network Access Controls (2020M-122)

Issued Date
January 22, 2021

[read complete report - pdf]

Audit Objective

Determine whether Clyde-Savannah Central School District (District) officials ensured network access controls were secure.

Key Findings

District officials did not ensure that the District’s network access controls were secure.

  • Officials did not regularly review network user accounts and permissions to determine whether they were appropriate or needed to be disabled.
  • The District had the following unneeded accounts:
    • 354 network user accounts (33 percent)
    • 53 generic and/or shared user accounts (53 percent)
    • Five administrative user accounts (19 percent)

In addition, sensitive information technology (IT) control weaknesses were communicated confidentially to officials. Due to the COVID-19 pandemic, as the District moves to increased reliance on a remote learning environment and administrative operations, protecting IT assets becomes more critical.

Key Recommendations

  • Regularly review network user accounts and disable those that are unnecessary.
  • Ensure all IT users have and use their own network user accounts to access the District’s network.

District officials agreed with our recommendations and indicated they planned to initiate corrective action.