NYS Comptroller has concerns with the village of Alfred

This is the summary for a recent examination of the Village of Alfred by the Comptrollers Office: Officials have not implemented appropriate policies and procedures to ensure IT assets and computerized data are properly safeguarded. The village also does not have a recovery plan or breach notification plan and has not provided adequate security training to employees.

Key Findings

• The Village did not have written policies or procedures detailing the acceptable use of IT assets and the backing up of critical data.
• The Village did not have a recovery plan or breach notification plan.
• The Village did not provide adequate IT security training to employees.

Key Recommendations

• Develop and adopt an acceptable use policy and comprehensive policies and procedures for backing up data and disposing of IT assets.
• Develop and adopt a disaster recovery plan and a breach notification policy or local law.
• Ensure that all necessary Village personnel receive IT security awareness training and that the training is updated whenever the IT policies are updated.

The Village of Alfred seems to agree with the state findings -

You can review the complete audit HERE.