Laserfiche WebLink
Recommendation #2. Purchase Request and Approval Status: In Process <br />We recommend DIT implement a policy to maintain an approved software listing and communicate the risks to the departments. The policy should include an annual review of the listing to ensure that software listed is still relevant and does not pose a security concern to the County. A review process should be implemented to respond to requests for software titles that are not currently in the supported software listing. <br /> <br />Auditee Action: We reviewed 137 approved and disapproved software listings and found DIT has a process of maintaining an approved software listing and communicates the risk in their Hawai‘i County Security Handbook that provides guidance on, “What you need to know to stay safe while computing, and help protect the County’s IT assets.” <br /> <br />To fully meet best practices, DIT should address current software approval processes including an annual review in DIT Employee Policies. <br /> <br />We also recommend DIT update the County-Issued Technology Device policy to include prohibiting users from installing non-supported software and adding un-approved devices to the County network. <br />Status: Implemented <br />Auditee Action: <br />We reviewed DIT Employee Policies’ Electronic Resources Policy (March 2020) prohibiting: <br />“Engaging in disruptive or malicious activities such as unauthorized software, hardware, or data modification.” <br />“Installing or downloading software not approved and/or licensed to the County.” <br /> IT Asset Management Follow-up Audit Status of Recommendations page 3 <br />