Village of Pelham – Information Technology (2016M-410)

Issued Date
April 07, 2017

Purpose of Audit

The purpose of our audit was to determine whether Village officials adequately safeguarded sensitive data stored on Village computer systems for the period June 1, 2015 through August 11, 2016.

Background

The Village of Pelham is located in the Town of Pelham in Westchester County and has a population of approximately 6,900. The Village is governed by an elected seven-member Board of Trustees. Budgeted appropriations for the 2016-17 fiscal year total approximately $13.9 million.

Key Findings

  • The Village has not installed an adequate web filtering process and not adopted procedures to adequately monitor IT usage and enforce compliance with the Village’s acceptable use policy.
  • The Village has not adopted a breach notification policy.
  • The Board has not developed a disaster recovery plan.
  • The Board has not negotiated a formal contract with the Village’s IT service provider identifying the specific services to be provided or the vendor’s responsibilities.

Key Recommendations

  • Ensure Village officials install an adequate web filtering process and adopt procedures to monitor IT usage and enforce compliance with the acceptable use policy.
  • Adopt a breach notification policy.
  • Develop a comprehensive disaster recovery plan.
  • Develop a formal contract with the IT service provider stating the services to be provided and the vendor’s responsibilities