Audit Committee Materials-November 2017 Background Image
Table of Contents Table of Contents
Previous Page  20-21 / 264 Next Page
Information
Show Menu
Previous Page 20-21 / 264 Next Page
Page Background

Institution

Report

Release

Date

Recommendation

Responsible Staff

Date

Management’s

Actions to be

Implemented

Revised Date

Management’s

Actions to be

Implemented

# of Changes to

Date

Management's

Actions to be

Implemented

Initial Date

of Internal

Audit

Follow-up

Most

Recent Date

of Internal

Audit

Follow-up

Status

TBR SWIA - Status Report on Internal Audit Recommendations- Information Systems

(Reports sorted by Status, Institution, Report Release Date)

VSCC

13-May-16 Begin documenting the annual process to review to identify and approval for updated policy

changes.

Kevin Blankenship, CIO

30-Nov-16

31-Aug-17

3

19-Sep-17 19-Sep-17

Action

Completed

VSCC

13-May-16 VSCC ITGCR:

Define the duties associated with the positions of an ISO and the BCP Coordinator.

Kevin Blankenship, CIO

30-Nov-16

31-Aug-17

3

19-Sep-17 19-Sep-17

Action

Completed

VSCC

13-May-16 VSCC ITGCR: Cloud strategy

Document your strategy for moving data to the cloud that includes the type of cloud environment

needed and data security requirements.

Kevin Blankenship, CIO

30-Nov-16

31-Aug-17

4

19-Sep-17 19-Sep-17

Action

Completed

VSCC

13-May-16 VSCC ITGCR: Chain of custody procedure

Enhance and document the process to confiscation computer hard drives when such may be

required for legal purposes

Kevin Blankenship, CIO

30-Nov-16

31-Aug-17

3

19-Sep-17 19-Sep-17

Action

Completed

ChSCC

12-Apr-16 ChSCC ITGCR: Need for BCP

Enhance the college-wide Business Continuity Plan to ensure planning for and documentation of:

a. A business impact analysis that identifies the impact of disasters on the ability to educate

students, so business recovery requirements and objectives, as well as assigned roles and

responsibilities of a Plan Coordinator who will maintain the plan and prepare personnel in advance

of a disaster can be developed.

b. Amendments to the existing Disaster Recovery Plan to reflect needed changes to information

technology recovery requirements for compliance with business requirements stated in the Business

Continuity Plan.

c. A test plan and documentation of periodic testing conducted to ensure the plan's effectiveness

for recovery. This should begin with testing recoverability of data backed up using the recently

implemented process

AVP/CIO, Greg Jackson

3-Oct-16

30-Dec-17

2

14-Jul-17

In Progress

ChSCC

12-Apr-16 ChSCC ITGCR: Logging deficiency #2

Review and update the current information security alerts from vendor products to better serve the

college's needs.

AVP/CIO, Greg Jackson

3-Oct-16

30-Oct-17

4

28-Jun-17

In Progress

ClSCC

6-Apr-15 "IT General Controls Review:

Recommendation 10 of 17: Document the business-side of the Business Continuity Plan (BCP) to

ensure business recovery requirements and objectives are established and planned; assign the role

and responsibilities of the BCP Coordinator to the person who will maintain the plan and will

prepare personnel in advance of a disaster or other event requiring use of the plan. "

CIO Chris Mowery

1-Dec-15

30-Dec-17

3

14-Jul-17

In Progress

ClSCC

6-Apr-15 "IT General Controls Review:

Recommendation 11 of 17: Develop a process to test parts of the BCP periodically to ensure the

plan's effectiveness for recovery. "

CIO Chris Mowery

1-Dec-15

30-Dec-17

3

14-Jul-17

In Progress

CoSCC

24-Jul-15 CoSCC - IT GCR -

Observation 6 of 16: 6. Develop a Business Continuity Plan that will ensure planning for and

documentation of:

a. The business-side of the plan, including business recovery requirements and objectives as well as

assigned roles and responsibilities of the Plan Coordinator who will maintain the plan and prepare

personnel in advance of a disaster or other events requiring use of the plan.

b. Secondary and tertiary assignments for persons in the event personnel are not available at the

time of a disaster.

c. A test plan and documentation of periodic testing conducted to ensure the plan's effectiveness

for recovery.

Emily Siciensky -

Associate VP for IT

31-Jan-16

30-Dec-17

3

14-Jul-17

In Progress

11