ALBANY – Over 100 user accounts that were no longer needed were
not disabled or removed from the Sullivan County Community College information
technology system, an audit by the state comptroller’s office found.
The review covered the period of September 1, 2015 through February 27,
2017.
The audit also said the college board of trustees did not establish policies
and procedures regarding breach notifications and disaster recovery plans.
The report also said the server room equipment was not adequately protected.
Recommendations in the state report included creating, adopting and implementing
written policies and procedures for the review and removal of inactive
and unnecessary user accounts, breach notifications and disaster recovery
testing and updating; and implementing environmental controls to mitigate
the risk of damage to servers, or consider other options for the server
room’s location that would provide a more appropriate environment.
In response to the report, College President Jay Quaintance said it “accurately
describes conditions” of the college’s information technology.
“The college agrees with the recommendations (and) will submit a
separate corrective action plan,” he wrote.
