By Ernst Lamothe Jr.
September 12, 2007
GATES - The Gates Chili Central School District needs to better control
unauthorized access to its information technology computer rooms that
could result in someone altering records or essential data being lost,
according to a recent state Comptroller's Office report.
The audit examined seven schools within the district from July 1, 2005,
to Feb. 27, 2007.
Currently, the district does not keep a log of who enters server rooms,
which makes its computer systems and equipment vulnerable to any
intruder. In addition, the district's network servers are scattered in
seven rooms, with only two of the doors being locked.
Auditors recommended locking doors at all times to enhance security, as
well as documenting the arrival and departure of visitors having access
to the server rooms.
"The audit found that the school district systems were at risk because
of not properly securing the area where the computers were stored. They
also failed to have a disaster recovery plan in place," said Emily
DeSantis of the Comptroller's Office.
The report also showed Gates Chili spent $44,226 for meals and
refreshments during the audit period without having a procedure to
document why the district needed to pay the costs. The Comptroller's
Office plans to audit every state school district by March 2010.
"We look into various areas for schools such as payroll or purchasing
procedures and we audit the areas that are most at risk," said DeSantis.
Superintendent Richard Stein sent a letter last month to the state
office saying the school district will implement several corrective
actions. Those plans include the board adopting procedures to restrict
access to its information technology system.
The policy will also require that the system be located in a ventilated
area that is protected from unauthorized access. The board plans to
develop a formal disaster recovery plan that provides guidance on
preventing computer data loss and improving record recovery methods.
Stein said the board will forward a plan to the Comptroller's Office by
Visit the InfoSec News Bookstore