CLIFTON PARK – Mayor Philip Barrett reacted violently to a state audit report that in 2019 revealed four problematic findings regarding Clifton Park’s IT resources.
The state noted in its report that city workers were visiting websites the auditor deemed “questionable” while 14 former workers had access to email accounts long after they left the city, it said Office of State Auditor Thomas DiNapoli in a statement on Monday.
Barrett, however, denied each of the allegations, countering that the examiner’s audit used “boilerplate language” for “headline purposes”.
The DiNapoli office said Clifton Park officials had failed to adequately protect IT resources, and although they paid an IT service provider more than $ 98,000 in 2019, officials failed to establish the vendor’s responsibilities.
DiNapoli also said Clifton Park officials had not put in place a comprehensive IT policy, monitored employee Internet usage, or implemented extensive procedures to manage and monitor user access to the city’s network and computers.
DiNapoli said 14 user accounts belonged to former Clifton Park employees who left town a month to 15 years before the auditor’s review.
Eventually, the state auditor’s office said Clifton Park officials did not have a written contract with the city’s IT provider describing specific services to be provided. Sensitive weaknesses in the IT control were reported to the officials confidentially, it said in the audit.
Barrett provided The Daily Gazette with a copy of his written reply thanking DiNapolis office, but denying the veracity of the exam.
The supervisor said:he In fact expenditure Therefore advisory Services for ABS Solutions while the test Period was $48,100 – no $ 98,000 as the auditor claimed – with the remained funds spent Hardware, software, cloud–based backup service and installation costs.
Barrett said the town was advisory arrangement with ABS solutions is full.
Through the town‘s six-year relationship with Section Solutions, the provider consequent provided prompt, Reliable and payable It isServices, and Clifton Park can quit the Agreement with 30th Days’ note if it is dissatisfied with their performance, solutions offered, or answer times, said Barrett.
A informal opinion poll from Surroundings Municipalities showed the city’s spending At IT advisory Services compares cheap with Peers, in some cases significant, he said.
The auditor’s claim that the city did not have a full Internet According to Barrett, the policy was also imprecise.
Clifton Parks iInternet politics is included in the employee Manual, which whow prepared by the city administration advisor, who have “Points” from communal Customers through the capital city Region, said Barrett.
“The politics in our Manual is default to the great mostly from our advisor‘S. Customers and is consistent with those Entities, ”said Barrett.
NSthe city relationship with ABS solutions while the 2019 test period was Are defined from pto buy assignments to the Specific Projects and a clear Are defined hourly Price, according to the city.
Finally, Barrett said a number from the identified “former” Employee remain active with the town, and many of those AccountsHat was deemed unnecessary Disabled person.
the E-mail Accounts to the those Individuals became not ready for use and none from those Individuals would have remote control enter to the town‘S. system. Any purpose of use tied together with their account want to need to being accomplished by electronically city secured devices, said the superior.
In 2019, the city started to to implement a system the automatically Disabled person a account that was not Second hand. Barrett said the city will review Accounts quarterly until to ensure none are unnecessarily active.
The town Even implemented “barracuda total E-mail Protection “, the pprovidet the town with Microsoft 365 Fuse and monitoring. Any E-mail sent by Barracuda Has Safelink technologyGy that “Sandboxes ” all web links.
Aadvanced Antivirus software with use steering is also in place.
Barrett said the majority of the websites the audit report had shown “questionable” were determined “sensible and reasonable” for town Employee to use while the course from conduct Companies.
purchasing activities, financially tasks, travel and Excursion destination research and many miscellaneous normal town Functions require the purpose of use of related sites, he said while recognizing the city regularly sends memories to Employee Above Phishing attacks and miscellaneous subjects to include computer use.
“To do weather closely monitor the purpose of use from each employee At a regular Base? no. To do weather monitor and opinion poll computer purpose of use if weather believe there is a reason to to do so? Yes sir. we record Everyone network Traffic, ”Barrett responded.
The city Even Has a product the blocks all webmail enter by Town Computers, eliminate the occasion to use the system to the personally Email, wrote Barrett.
“we to understand the use from boilerPlate language in the test Reports to the headline Purposes, ”said the manager about the results of the audit. “I am pleased there was nothing identified in the test the want root cause alarm, or place the city Systems in a compromised position, Yet Has the door been opened to abuse or unjustified entry. “
Contact the reporter Brian Lee at [email protected] or 518-419-9766.