Medium
Agency: | Information Technology Department | Report Date: | May 6, 2015 |
Type: | Service Organization - SOC 2 | LAFRC Date: | |
Issued By: | State Auditor | Period: | April 1, 2014-October 1, 2014 |
[pdf] Download Report
Findings
- ITD Lacks a Formal Risk Assessment Framework
- No Periodic Review of Enabled Ports/Services is Being Done
- No Policy Requiring Visitors to be Escorted in the Data Centers
- Enterprise Architecture Standards not Reviewed According to Description of Controls