This page, Audit of Holyoke Community College (HCC), is offered by
Office of the State Auditor

Audit

Audit Audit of Holyoke Community College (HCC)

This audit reviewed Holyoke Community College's information security training and awareness practices to determine whether system users had completed information security training and signed acceptable use policies. It examined the period of July 1, 2017 through March 31, 2019.

Organization:	Office of the State Auditor
Date published:	August 11, 2020

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of Holyoke Community College (HCC) for the period July 1, 2017 through March 31, 2019.

In this performance audit, we reviewed HCC’s information security training and awareness practices to determine whether system users had completed information security training and signed acceptable use policies.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1	HCC did not ensure that required information security training was completed or retain copies of signed acceptable use policies.
Recommendations	HCC should develop, document, and disseminate to personnel an information security training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. HCC’s Information Technology Department should continuously monitor compliance with the policy to ensure successful completion of information security training for all system users. HCC should have signed acceptable use policies¹ on file for all system users. HCC should negotiate collective bargaining agreements to include information security training requirements for all system users.

Finding 1

HCC did not ensure that required information security training was completed or retain copies of signed acceptable use policies.

Recommendations

HCC should develop, document, and disseminate to personnel an information security training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
HCC’s Information Technology Department should continuously monitor compliance with the policy to ensure successful completion of information security training for all system users.
HCC should have signed acceptable use policies¹ on file for all system users.
HCC should negotiate collective bargaining agreements to include information security training requirements for all system users.

A PDF copy of the audit of Holyoke Community College is available here.

1. According to the SysAdmin, Audit, Network, and Security Institute, acceptable use policies outline the acceptable use of computer equipment by an organization’s computer system users.

Downloads

Open PDF file, 972.83 KB, Audit of Holyoke Community College (English, PDF 972.83 KB)

Contact

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Directions

Contact

Office of State Auditor Diana DiZoglio

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Directions

Help Us Improve Mass.gov with your feedback

Did you find what you were looking for on this webpage?

Yes

If you have any suggestions for the website, please let us know. How can we improve the page?

Please do not include personal or contact information.

The feedback will only be used for improving the website. If you need assistance, please contact the State Auditor. Please limit your input to 500 characters.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Please let us know how we can improve this page.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Audit Audit of Holyoke Community College (HCC)

Executive Summary

Table of Contents

Downloads

Contact

Office of State Auditor Diana DiZoglio

Phone

Online

Fax

Address

Help Us Improve Mass.gov with your feedback