Information Technology

Management understands the importance of accurate, reliable financial reporting and has invested adequate resources to maintain a high level of reliability and security of the information system infrastructure.

 

INFRASTRUCTURE

 

  • Technology infrastructure has been acquired by the Institute and placed on the VALBHCS network so that it provides appropriate platforms to support the accounting system and other software used by the Institute.

 

  • The VALBHCS IT service maintains and monitors the network to ensure reliability and security of all SCIRE data.

 

  • The VA network is protected by firewall and enterprise level virus detection software.

 

  • All IT components, as they relate to security, processing, and availability, are well protected, would prevent any unauthorized changes, and assist in the verification and recording of the current configuration.

 

  • IT systems are evaluated periodically based on the current business needs of the Institute.

 

  • Service agreements on hardware and the accounting software system are in place.

 

CONTROL OBJECTIVES

 

  • Access to the network is appropriately restricted to prevent unauthorized activity.

 

  • Physical access to computer facilities and data are appropriately restricted.

 

CONTROL ACTIVITIES

 

  • The SCIRE accounting server is located in a locked room. Access to the room is limited to authorized SCIRE personnel.

 

  • All users are required to sign on to their desktops with a user ID and password. Passwords are promptly canceled for terminated employees.

 

  • User access is limited to those applications and files that are necessary to perform their duties.

 

  • The accounting system is monitored by the VA on a regular basis. All software updates are installed on the server and desktops.

 

DATA SECURITY

 

CONTROL OBJECTIVES

 

  • Access to particular functions within applications is appropriately restricted to ensure segregation of duties and prevent unauthorized activity.

 

  • Levels of control over the functions of the accounting system are monitored on a regular basis.

 

  • All financial transactions that occur over the internet are done via a secure connection using industry-approved technologies to ensure information that is transmitted or collected is protected.

 

  • All communications with the internet from both sites is protected by an enterprise class fire-wall and a secondary proactive Intrusion Detection and Prevention System. Alarms are generated proactively and SCIRE management is notified of treats to information security.

 

CONTROL ACTIVITIES

 

  • Remote access of the accounting database by Sage software is allowed only when done through a secure connection.

 

  • All credit card purchases are made on secure sites. Credit card information is not stored online.

 

  • All banking transactions that occur over the internet are done via a secure connection to the bank website. Access is restricted to authorized staff.

 

  • Software licenses are monitored for desktops and servers. All software is registered with the vendor to ensure proper notification of updates is received.

 

  • Daily backups of the accounting database are performed and are uploaded to an FTP server. They are also included in the daily VA backup protocol.
  • All accounting data are backed up prior to installing system upgrades.

 

  • All system upgrades from Sage are installed.