ALBANY – A State Comptroller’s audit of the information technology in the Marlboro Central School District found it did not establish adequate controls over network user accounts and settings.
The review found that school officials did not regularly review network users and permissions to determine whether they were appropriate or needed to be disabled.
It found that 79 percent of the reviewed accounts were unneeded or questionable accounts.
The audit also found that officials developed a data security plan in January 2010, but the board did not adopt the policy and the practice was not implemented.
Sensitive information technology control weaknesses were communicated confidentially to officials.
Auditors said the district should develop written procedures for managing system access and restrict the use of shared network user accounts.
District officials agreed with the recommendations and indicated they are taking corrective action.