DANSVILLE — Dansville Central School was the subject of a recent audit of information technology practices by the new York State Comptroller's Office.

The Board and District officials ensured information technology (IT) assets were safeguarded, and that district officials accurately maintained leave records for non-instructional employees. The report does not indicate what triggered the audit.

The audit, running from July 1, 2016 to July 27, 2018, however, found that the Board and District officials have not adopted adequate security policies and procedures to safeguard IT assets.

District officials did not provide IT security awareness training for employees.

As of Feb. 27, 2018, leave balances for 31 of the 40 non-instructional employees tested (78 percent) were inaccurate.

In addition, sensitive IT control weaknesses were communicated confidentially to District officials.

The Comptroller's report recommended the following remedies:

Adopt comprehensive IT security policies, procedures and plans to safeguard IT assets and data; Provide periodic IT security awareness training to personnel who use IT resources; Ensure that amounts earned for leave are granted in accordance with contracts and Board approval and that leave records are accurately maintained and up-to-date; and address the confidentially communicated IT recommendations.

District officials generally agreed with the recommendations and indicated they planned to initiate corrective action.

A written corrective action plan (CAP) that addresses the findings and recommendations must be prepared and provided to the Comptroller's Ooffice within 90 days of the final report being issued.

Much of Dansville's plan was outlined in their initial response to the report. In regards to protection of its IT assets, the response promised further consultation with Wayne/Finger Lakes BOCES, which handles the district's internet filtering and firewall/intrusion processes, will monitor and enforce existing acceptable computer use policy for all employees, develop an IT operations manual, and provide further IT policy awareness opportunities for staff.

Regarding non-instructional employee leave balances, the district will ensure a contractually recorded and uniform process for requesting and granting leave, which includes use of a new request interface, according to the report.

According to Superintendent Paul Alioto, the district has already made progress on the Comptroller's requests.

"Thank you for the opportunity to work with the Office of the New York State Comptroller on our 2018 audit of information technology and employee leave benefits ... We accept the report of findings and have made progress towards addressing deficiencies in IT security and the accounting of leave accrual. We're grateful for the professionalism of your office, and have learned and grown from our interactions with [redacted name of auditor]," Alioto wrote in a letter dated Jan. 4, 2019.