This page, Audit of Holyoke Community College (HCC), is offered by

Audit Audit of Holyoke Community College (HCC)

This audit reviewed Holyoke Community College's information security training and awareness practices to determine whether system users had completed information security training and signed acceptable use policies. It examined the period of July 1, 2017 through March 31, 2019.

Organization: Office of the State Auditor
Date published: August 11, 2020

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Holyoke Community College (HCC) for the period July 1, 2017 through March 31, 2019.

In this performance audit, we reviewed HCC’s information security training and awareness practices to determine whether system users had completed information security training and signed acceptable use policies.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1

HCC did not ensure that required information security training was completed or retain copies of signed acceptable use policies.

Recommendations

  1. HCC should develop, document, and disseminate to personnel an information security training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
  2. HCC’s Information Technology Department should continuously monitor compliance with the policy to ensure successful completion of information security training for all system users.
  3. HCC should have signed acceptable use policies1 on file for all system users.
  4. HCC should negotiate collective bargaining agreements to include information security training requirements for all system users.

 

A PDF copy of the audit of Holyoke Community College is available here.

 

1. According to the SysAdmin, Audit, Network, and Security Institute, acceptable use policies outline the acceptable use of computer equipment by an organization’s computer system users.

Downloads

Contact

Feedback