Determine whether Hunter-Tannersville Central School District (District) officials adequately managed and monitored nonstudent network user accounts and developed a comprehensive written information technology (IT) contingency plan.
District officials did not adequately manage or monitor nonstudent network user accounts or develop a written IT contingency plan.
In addition to sensitive IT control weaknesses that were communicated confidentially to officials, we found that officials did not:
- Disable 31 unneeded network user accounts (of the 225 enabled nonstudent accounts) including, but not limited to, accounts for former employees and substitute teachers that were never employed by the District. As a result, the District’s risk of unauthorized network access is increased.
- Develop and adopt a comprehensive written IT contingency plan or store back-up data off site.
- Develop and communicate comprehensive written procedures for managing and monitoring nonstudent network user account access.
- Develop and adopt a comprehensive written IT contingency plan and store back-ups off site.
District officials agreed with our recommendations and indicated that they are implementing corrective action.