Laserfiche WebLink
County of Hawai‘i, State of Hawai‘i <br />STATUS REPORT <br />Fiscal year Ended June 30, 2015 <br />This section contains the current status of prior audit recommendations. The recommendations <br />are referenced to the pages of the previous audit report for the fiscal year ended <br />June 30, 2014, dated January 12, 2015. <br />SECTION II - FINANCIAL STATEMENT FINDINGS <br />Reference <br />NumberRecommendationCurrent Status <br /> <br />2014-001 Logical Access & Access Security (pages 25 - 26) <br /> Strengthen password controls for the IAS and ReCo Accomplished. As of <br />systems that include a combination of minimum June 30, 2015, password <br />length, complexity, expiration, history, and lockout requirements for both the <br />policy and duration. As a compensating control to ReCo system and IAS have <br />mitigate the lack of functionality in the IAS and ReCo been strengthened. <br />systems, strengthen the domain password <br />parameters and security settings to increase the <br />minimum password age and lockout duration <br />requirements. <br />Develop an information security policy, have the policy Not accomplished. Refer to <br />approved by the appropriate level of management and current year finding 2015- <br />communicate the policy to employees. 001 for management’s <br />response. <br /> <br />2014-002 Physical Security (page 27) <br /> The County should develop formal policies over the Not accomplished. Refer to <br />physical security of IT systems at the Civil Defense current year finding 2015- <br />Center and to implement them. The server room 002 for management’s <br />should be locked and access to keys or codes should response. <br />be limited to authorized personnel. A fire suppression <br />system should be installed to prevent or limit the loss <br />of data from fire. <br /> <br />2014-003 Information Technology (IT) Governance (page 28) <br /> The County should formally establish an IT Accomplished. The County <br />management steering committee that meets on a implemented quarterly IT <br />regular basis in order to evaluate IT risks and to management committee <br />ensure that identified risks are appropriately meetings to facilitate <br />addressed on a timely basis. information sharing and <br />collaboration between the <br />various departments <br />supporting the County’s <br />information technology <br />function. <br /> <br />30 <br /> <br />