Department of Education - Information Management

The Arizona Department of Education (ADE) needs to make improvements in all Information Technology (IT) areas auditors examined. The most critical need is to better manage the security of its IT systems and applications. Although auditors found no indication that sensitive information, such as social security numbers, had been compromised, multiple vulnerabilities were found in all 12 Web-based applications reviewed during the audit. ADE needs to improve its process for addressing IT security vulnerabilities and should consider creating an IT security position. In addition, ADE needs to improve the reliability of the Student Accountability Information System (SAIS). SAIS data is the basis for calculating and distributing approximately $3 billion in state funding for education. Although SAIS has some data validation controls, additional controls would help further improve data accuracy. ADE also needs a more structured approach for developing and maintaining IT systems and to improve its planning and prioritization of its IT resources. Additionally, ADE is not fully complying with statutory requirements for student-level data collection notification and disposal.