TLDR: The New York State Comptroller conducted an audit of Garrison Union Free School District’s information technology (IT) systems and found several key weaknesses in their security measures. District officials did not adequately secure network user accounts, establish physical controls, maintain accurate inventory records for IT equipment, or develop an IT contingency plan. Specifically, the audit found that district staff did not have sufficient guidance for responding to IT disruptions or disasters, which could result in a delayed recovery of data and essential operations. Additionally, 35% of nonstudent network user accounts were no longer needed, posing a potential risk of unauthorized access to sensitive information. The audit also revealed that 10 IT assets were not properly recorded in the district’s inventory listing. The New York State Comptroller’s Office made several key recommendations, including developing procedures for managing network user account access and periodically reviewing user access, maintaining accurate inventory records, and developing a comprehensive written IT contingency plan. District officials generally agreed with the recommendations and indicated that they have initiated or plan to initiate corrective action.