Skip to main content

Audit of the Massachusetts District Attorneys Association

During the period of July 1, 2019 through June 30, 2021 the audit found MDAA did not ensure that employees received cybersecurity awareness training.

Organization: Office of the State Auditor
Date published: June 2, 2022

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Massachusetts District Attorneys Association (MDAA) for the period July 1, 2019 through June 30, 2021. In this performance audit, we examined whether MDAA ensured that its employees completed initial and annual cybersecurity awareness training and signed an acceptable use policy as required by the state’s Executive Office of Technology Services and Security.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1
 

MDAA did not ensure that employees received cybersecurity awareness training.

Recommendations
 
  1. MDAA should develop and implement policies and procedures that require newly hired employees to receive initial cybersecurity awareness training within 30 days of their hire dates.
  2. MDAA should develop and implement policies and procedures that require all employees to receive annual cybersecurity awareness training.
  3. MDAA should retain records of training completion for each employee.

 

A PDF Copy of the Audit of the Massachusetts District Attorneys Association is available here.

Table of Contents

Downloads

Audit Report - Massachusetts District Attorneys Association (English, PDF 662.86 KB)

Contact

Phone

Main (617) 727-2075

Online

Auditor@sao.state.ma.us

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133
Directions 

Help Us Improve Mass.gov with your feedback

Feedback