The audit, which examined the period of July 1, 2016 through June 30, 2018, revealed the need for EOE to improve the administration of IT contracts to ensure vendors meet performance standards and adhere to essential security provisions.
- This page, Audit of the Executive Office of Education—Information Technology Contracts, is offered by
- Office of the State Auditor
Audit Audit of the Executive Office of Education—Information Technology Contracts
|Organization:||Office of the State Auditor|
|Date published:||October 11, 2019|
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted an audit of the Executive Office of Education (EOE). The purpose of this audit was to determine whether EOE effectively monitored its information technology (IT) contracts during the period July 1, 2016 through June 30, 2018.
In this performance audit, we examined EOE’s processes for managing its IT contracts to ensure that the terms of the contracts were met.
Below is a summary of our findings and recommendations, with links to each page listed.
EOE did not always establish performance metrics or effectively measure the performance of its IT vendors.
EOE did not ensure that all of its third-party contracts contained essential security provisions.
EOE should establish policies and procedures that require that all IT contracts it negotiates with IT vendors comply with the Executive Office of Technology Services and Security’s “Third-Party Information Security Standard.”
After we completed our audit work, EOE officials informed us that the agency had added a “Third-Party Information Security Standard” to its internal control plan.