ALBANY – A State Comptroller’s Office audit of the Town of Wappinger information technology procedures and practices has found holes in it.
The audit found that town employees did not comply with, and officials did not monitor the computer use policy.
The report also said 20 of 66 user accounts were not necessary for town operations and that town officials did not develop a breach notification policy, disaster recovery plan or policy addressing personal, private and sensitive information.
Key recommendations included monitoring web and computer usage for compliance with policy; developing written procedures for managing system access that include periodically reviewing user access and disabling or deleting user accounts when access is no longer needed.
The comptroller’s audit also said the town should develop and adopt comprehensive IT policies that address breach notification, disaster recovery, and personal, private and sensitive information, and communicate all adopted IT policies to town officials, employees and the IT consultant.
Town Supervisor Richard Thurston responded to the audit. “Since the current Thurston Administration took over the supervisor’s office in January 2018, the town government has focused on continuous improvement of what had been found to be an antiquated IT system,” he wrote. “Therefore, overall, the report’s findings accurately reflect the remaining issues that had not yet been addressed prior to the audit.”
