San Mateo County Grand Jury
• 2016-2017
Acquisition and Deployment of Information Technology Resources by the County of San Mateo
⚠️ Translation Notice: This content has been automatically translated. The original English text is the official version. Translation may contain errors.
⚠️ Este contenido ha sido traducido automáticamente. El texto original en inglés es la versión oficial. La traducción puede contener errores.
Findings and Recommendations 3 findings
F1
Based upon Grand Jury interviews and examination of the IT Service Catalog, the Information Services Department cross-charging method appears complex, difficult to manage, and subject to time-consuming error correction.
Related Recommendations (1)
R1
The County Manager’s Office and Information Services Department shall: • Centralize the budgeting, cost-incurrence, personnel, operations, and responsibilities for backbone infrastructure and general-purpose hardware support not managed by user departments and all software support (including nonstandard, special mission applications) within the Information Services Department; • Discontinue actual charging of services to user departments and replace with a memorandum-charging system to mimic the current cross-charging method for continued grant reimbursement; • Continue inclusion of costs for supplies, capital, and leasing of hardware and software in departments using them, as is currently done.
F2
Data security vulnerabilities arise because of the varied responsibilities of the Information Services Department and user departments for software patches and upgrades and hardware encryption under different arrangements supported in the current cross-charging method.
Related Recommendations (1)
R2
The Information Services Department shall schedule replacement of the existing cross- charging method with the memorandum charging system for July 2018.
F3
The current cross-charging method complicates the budget process because it causes difficulties for both the Information Services Department in forecasting alternative modes of service that departments may elect, and also for departments in forecasting their Information Services Department charges.
Related Recommendations (1)
R3
The Information Services Department shall assume single-point responsibility and accountability for all software security compliance throughout the County.