The City Auditor’s Office contracted with Berry Dunn McNeil & Parker, LLC, (BerryDunn) for a network security audit to evaluate the effectiveness of the City's network controls. The scope of work included an information technology (IT) governance controls review, external vulnerability scanning and penetration testing, and server configuration assessment.
After its review of IT governance, BerryDunn recommended formalizing configuration and security standards and roles and responsibilities between the City’s central IT department and departmental technology groups. The audit also recommended the IT department prioritize the completion and testing of its disaster recovery and business continuity plan and assess department resources allocated to the security function.
While BerryDunn’s technical review found no critical issues at the time of testing, the audit made recommendations to enhance and mature the security of the City’s network and technical assets.
The detailed results of this audit are not included in the public report due to its sensitive nature.
The department agreed with the recommendations and noted that corrective actions are underway.