ALBANY – A state comptroller’s audit of Ulster BOCES network user accounts said it did not adequately manage and monitor them to help prevent unauthorized use, access or loss.
The state review said as a result, BOCES had an increased risk of inappropriate access by users with malicious intent.
The audit period from July 1, 2021 to July 21, 2022 found that officials did not disable 17 unneeded network user accounts, including seven former employee accounts and 10 accounts not used by active employees, that had last log-on dates ranging from November 2016 to December 2021.
BOCES also did not review and disable 76 potentially unneeded user accounts, including 34 shared accounts, 31 service accounts, and eight vendor accounts.
The audit recommended that BOCES should develop procedures for granting, removing and modifying network user account access and ensure those procedures are followed, and that periodically review existing network user accounts and disable user accounts when access is no longer needed.
BOCES officials agreed with the state recommendations and indicated they plan to initiate corrective action.
Ulster BOCES is comprised of eight component school districts and is governed by an 11-member BOCES board elected by the boards of the component districts.
The board is responsible for the general management and oversight of BOCES’ financial and educational affairs.
