ALBANY – Putnam Valley Central School District officials did not ensure information technology systems were adequately secured and protected against unauthorized use, access and loss, an audit from the state comptroller’s office found.
The study said the district did not adopt a password security policy or manage the use of administrative accounts. As a result, the district has an increased risk of unauthorized use or access that could result in important data loss and a serious interruption in operations.
It said the district did not adopt an adequate password security policy to address password requirements and create security user accounts for the IT system for three employees whose job responsibilities required administrative permissions, to be used for non-administrative activities.
The audit also communicated sensitive IT control weaknesses confidentially to officials.
The state officials recommended that the district adopt a comprehensive password security policy to address password requirements and assess all local user accounts with administrative permissions and create secondary accounts to be used for non-administrative activities.
District officials generally agreed with the recommendations and indicated they planned to take corrective action.