Hamburg Central School District - Information Technology (2019M-10)

Issued Date

July 03, 2019

Audit Objective

Determine whether information technology (IT) assets are properly safeguarded, secured and accessed for appropriate District purposes.

Key Findings

District officials did not provide IT cybersecurity awareness training for individuals who used District IT assets.
Personal Internet use was found on computers assigned to four employees who routinely accessed personal, private and sensitive information (PPSI).

In addition, sensitive IT control weaknesses were communicated confidentially to District officials.

Key Recommendations

Provide periodic IT cybersecurity awareness training.
Provide adequate oversight of employee Internet use to ensure it complies with Board policies and regulations.

District officials generally agreed with our recommendations and indicated they planned to initiate corrective action. Appendix B includes our comment on the District’s response.

Background

The Hamburg Central School District (District) serves the Towns of Boston, Eden, Hamburg and Orchard Park in Erie County.

The District is governed by an elected seven-member Board of Education (Board). The Superintendent of Schools (Superintendent) is the chief executive officer and is responsible, along with other administrative staff, for the District’s day-to-day management under the Board’s direction.

The District employs a Director of Technology/Chief Information Officer (Director) to manage its IT department.

Quick Facts
Employee Network Accounts	631
Student Network Accounts	3,707
Employee Computers Examined	15

Audit Period

July 1, 2017 – September 11, 2018