| |
The Arizona Department of Education (ADE)
needs to make improvements in all Information Technology (IT) areas auditors
examined. The most critical need is to better manage the security of its IT
systems and applications. Although auditors found no indication that sensitive
information, such as social security numbers, had been compromised, multiple
vulnerabilities were found in all 12 Web-based applications reviewed during the
audit. ADE needs to improve its process for addressing IT security
vulnerabilities and should consider creating an IT security position. In
addition, ADE needs to improve the reliability of the Student Accountability
Information System (SAIS). SAIS data is the basis for calculating and
distributing approximately $3 billion in state funding for education. Although
SAIS has some data validation controls, additional controls would help further
improve data accuracy. ADE also needs a more structured approach for developing
and maintaining IT systems and to improve its planning and prioritization of its
IT resources. Additionally, ADE is not fully complying with statutory
requirements for student-level data collection notification and disposal.
|
|
