Honeoye Falls Lima Central School District – Access Controls (2020M-112)

Issued Date
February 12, 2021

[read complete report - pdf]

Audit Objective

Determine whether Honeoye Falls Lima Central School District (District) officials ensured user access controls were appropriate and designed effectively.

Key Findings

District officials did not ensure user access controls were appropriate and secure. Officials did not:

  • Adopt key information technology (IT) security policies, resulting in increased risk that data, hardware and software may be lost or damaged by inappropriate use or access.
  • Regularly review network user accounts and permissions to determine whether they were appropriate or needed to be disabled.

In addition, sensitive IT control weaknesses were communicated confidentially to officials.

Due to the COVID-19 pandemic, with the District‘s increased reliance on a remote learning environment and administrative operations, protecting IT assets is critical.

Key Recommendations

  • Adopt and enforce comprehensive IT security policies.
  • Regularly review network user accounts and disable those that are unnecessary.

District officials generally agreed with our recommendations and indicated they would implement corrective action.