Town of Seneca Falls - Information Technology (2018M-218)

Issued Date
March 29, 2019

[read complete report - pdf]

Audit Objective

Determine whether the Board established policies and procedures to adequately safeguard information technology (IT) assets.

Key Findings

The Board did not:

  • Adopt IT policies and procedures to adequately address acceptable computer use, user access rights, disaster recovery, password security management, data breach notification and backups.
  • Provide users with security awareness training to help ensure their understanding in security measures to protect the network.

Town officials did not:

  • Ensure user accounts for former personnel were disabled or removed in a timely manner.

Sensitive IT control weaknesses were communicated confidentially to officials.

Key Recommendations

  • Adopt policies and procedures to adequately address acceptable computer use, user access rights, disaster recovery, password security management, data breach notification and backups.
  • Ensure the access rights for users no longer employed are revoked.
  • Provide security awareness training to personnel who use IT resources.
  • Address the IT recommendations communicated confidentially.