Local authorities in Northern Ireland are working to out of date IT strategies with poor procurement and a lack of clear security policies, according to the highly critical verdict of an official audit.
The Northern Ireland Audit Office report into councils’ operations found that “many” had IT plans that were “no longer current” as they waited for a regional IT strategy to be announced.
Councils also exhibited a range of inconsistent procurement practices, with departments buying technology without reference to their IT departments.
Their IT security policies were severely lacking, the audit office additionally found. Many had no details on basic subjects such as laptop security, encryption, portable storage devices or data protection, and did not train staff either.
A number of councils had not established disaster recovery plans, or brought about robust backups of data. Councils also needed to organise independent network testing to be more sure of their security levels, the report found.
The audit office recognised that all the councils used at least “some form” of passport control, but called for better practice including more sophisticated passwords and more regular changes. It also recommended stronger control of access privileges.