Office of Information Technology Services

 

Skip to Content

Login   Subscribe   Site Index   Contact Us   Google Translate™

NYS Comptroller

THOMAS P. DiNAPOLI

Taxpayers' Guide to State and Local Audits

Office of Information Technology Services
Security and Effectiveness of Division of Criminal Justice Services' Core Systems (Follow-Up)


Issued: April 07, 2017
Link to full audit report 2016-F-28

Purpose
To determine the extent of implementation of the eight recommendations included in our initial audit report, Security and Effectiveness of Department of Criminal Justices Core Systems (2014-S-24).

Background
Our initial audit report, which was issued on February 24, 2015 determined whether the Division’s core systems were secure, operating effectively, and available to continue critical processing in the event of a disaster or mishap that disables normal processing. We found that ITS did not have established policies and procedures for backup of key Division systems. Also, ITS does not have an active regional backup site, and Division systems are at risk for total data loss in the event of a regional disaster. We also found ITS did not comply with certain State cybersecurity policies and did not establish adequate processes for monitoring and oversight of user access of Division systems and software and changes made to these operating systems. The eight recommendations addressed user access, change management, patching, business continuity, disaster recovery, data classification, implementation of a service level agreement and system availability and performance.

Key Finding

  • Department officials have made some progress in correcting the problems we identified in the initial report. However, improvements are still needed. Of the eight prior audit recommendations, four recommendations have been implemented, two recommendations have been partially implemented and two have not been implemented.

Key Recommendation

  • Officials are given 30 days after the issuance of the follow-up review to provide information on any actions that are planned to address the unresolved issues discussed in this review.                                                                            

Other Related Audits/Reports of Interest

Office of Information Technology Services: Security and Effectiveness of Department of Motor Vehicles’ Licensing and Registration Systems (Follow-Up) (2016-F-15)
Office of Information Technology Services: Effectiveness of the Information Technology Transformation (2015-S-2)
Office of Information Technology Services: Security and Effectiveness of Division of Criminal Justice Services’ Core Systems (2014-S-24)


State Government Accountability Contact Information:
Audit Director: John Buyce
Phone: (518) 474-3271; Email: StateGovernmentAccountability@osc.state.ny.us
Address: Office of the State Comptroller; Division of State Government Accountability; 110 State Street, 11th Floor; Albany, NY 12236