Data Privacy & Security Digital Digest_Fall 2022

COMPTROLLER'S CORNER

Information Technology Network User Accounts Information Technology User accounts Network Access and Information Technology Assets Unused IT assets User Accounts and Software Updates Inventory Technology Equipment Inventory Safeguarding of Personal Private and Sensitive Information on Mobile Computing Devices The Office of the Comptroller conducted district audits on: The results demonstrate a clear need for districts to better manage all user and network accounts, to have written policies and procedures in place, to develop and adopt a comprehensive IT contingency plan, to maintain up-to-date IT asset inventory records, and to provide IT security awareness training.

Eleven districts did not properly manage or disable unnecessary network user accounts. Four districts did not establish written policies or ensure procedures were in place to add or disable user accounts and permissions. Three districts did not update or maintain IT asset inventory records. Two districts did not have sufficient documented guidance or IT contingency plans to follow to recover data and resume essential operations in a timely manner. Two districts did not provide adequate IT security awareness training for all employees and contractors. Two districts did not adopt a complete and accurate IT equipment inventory. One district did not develop a comprehensive acceptable use policy (AUP) and monitor employee computer use. One District Did not adopt a comprehensive written policy for establishing and maintaining IT equipment inventory. One district had three policies that detail proper usage of IT assets that were not consistent. Out of the 12 districts audited:

Issue 27

Data Security and Privacy Service

Made with FlippingBook Online document maker