Audit Committee Materials-November 2017 Background Image
Table of Contents Table of Contents
Previous Page  22-23 / 264 Next Page
Information
Show Menu
Previous Page 22-23 / 264 Next Page
Page Background

Institution

Report

Release

Date

Recommendation

Responsible Staff

Date

Management’s

Actions to be

Implemented

Revised Date

Management’s

Actions to be

Implemented

# of Changes to

Date

Management's

Actions to be

Implemented

Initial Date

of Internal

Audit

Follow-up

Most

Recent Date

of Internal

Audit

Follow-up

Status

TBR SWIA - Status Report on Internal Audit Recommendations- Information Systems

(Reports sorted by Status, Institution, Report Release Date)

CoSCC

24-Jul-15 CoSCC - IT GCR -

Observation 7 of 16: 7. Amend the existing Disaster Recovery Plan to reflect needed changes to

information technology recovery requirements for compliance with business requirements stated in

the Business Continuity Plan.

Emily Siciensky -

Associate VP for IT

31-Jan-16

30-Dec-17

3

14-Jul-17

In Progress

DSCC

14-Aug-15 DSCC - IT GCR -

Observation 10 of 15: 10. Develop a Business Continuity Plan that will ensure planning for and

documentation of:

a. The business-side of the plan, including business recovery requirements and objectives as well as

assigned roles and responsibilities of a Plan Coordinator who will maintain the plan and prepare

personnel in advance of a disaster or other event requiring use of the plan.

b. Secondary and tertiary assignments for persons in the event personnel are not available at the

time of a disaster.

c. Amend the existing Disaster Recovery Plan to reflect needed changes to information technology

recovery requirements for compliance with business requirements stated in the Business Continuity

Plan.

d. A test plan and documentation of periodic testing conducted to ensure the plan's effectiveness

for recovery.

Diane Camper - VP for

Technology

1-Apr-16

30-Dec-17

3

14-Jul-17

In Progress

JSCC

8-Sep-14 IT General Controls Review:

Recommendation 8 of 11: Document the business-side of the Business Continuity Plan (BCP) to

ensure business recovery requirements and objectives are established and planned; assign the role

and responsibilities of BCP Coordinator to the person who will maintain the plan and will prepare

personnel in advance of an event requiring use of the plan.

CIO - Dana Nails

31-Mar-15

30-Dec-17

3

14-Jul-17

In Progress

JSCC

8-Sep-14 IT General Controls Review:

Recommendation 9 of 11: Develop a process to test parts of the BCP periodically to ensure the

plan's effectiveness for recovery.

CIO - Dana Nails

31-Mar-15

30-Dec-17

3

14-Jul-17

In Progress

MSCC

15-Apr-16 MSCC IT GCR: Need for Business Continuity Plan and Disaster Recovery Plan

1. Enhance and implement a comprehensive university-wide BCP that identifies business recovery

strategies, business resumption processes and business recovery requirements for the entire

university. Also include possible adjustments in backup assignments in the event of a pandemic

sickness crisis.

2. Implement a plan to test the BCP periodically and document the results of such testing.

3. Revamp the IT Disaster Recovery section of the BCP for changes needed to meet business

requirements

Cindy Logan, CIO

14-Oct-16

30-Dec-17

2

14-Jul-17

In Progress

NaSCC

15-Aug-16 NaSCC ITGCR # 10 - Improved Topology Diagram - Update the current network topology diagram to

better depict the college's network, its ingress/egress points and the layered security in place at

each of these points

CIO, Paul Kaminsky

15-Feb-17

27-Oct-17

3

25-Aug-17

In Progress

NeSCC

17-Feb-17 NeSCC ITGCR # 1 - Information Security Policy - Develop the Information Security Program Policies. CIO, Fred Lewis

15-Aug-17

3-Nov-17

1

18-Sep-17

In Progress

12