Jefferson County needs to implement better computer policies and train employees in IT security to prevent unauthorized access to and loss of systems and private data, according to a state audit.
The state comptrollers office released its report last week after examining the countys internal controls over its IT environment from Jan. 1, 2010, to Aug. 31, 2011, and performing tests on the countys network through Nov. 30.
The audit found that the county Board of Legislators has not adopted IT policies that address topics including the protection of personal, private and sensitive information; password security; remote access; back-up and retention of data; breach notification and disaster recovery.
State auditors also found that an account clerk had more than necessary access rights to the countys computerized accounting system.
County officials said they would take corrective action.