|Financial Audit Division Report 17-06||Released March 2, 2017|
The 2011 Information Technology Consolidation Act consolidated the state’s information technology resources under the direction of the State Chief Information Officer in the Office of MN.IT Services.1 The Office of MN.IT Services (MN.IT) is an executive branch agency that provides information technology services to other state agencies. Since 2011, MN.IT has been working to consolidate the computer operations for state agencies into enterprise data centers, which will serve multiple agencies. 2 As of November 2016, MN.IT had reduced the total number of data centers from 49 to 28.
We conducted this audit to determine whether MN.IT had adequate controls in place to protect data center facilities and the computing equipment contained in them.
The Office of MN.IT Services had generally adequate information technology controls to provide reasonable assurance that it protected the physical access and operational environment of the computer equipment, networking systems, and components in its enterprise data centers and the two agency-based data centers we tested. The Office of MN.IT Services also generally complied with related applicable state and federal legal requirements and MN.IT policies and procedures we tested.
However, the Office of MN.IT Services had some weaknesses related to the operation of agency-based data centers and the updating, testing, and training for the disaster recovery plan for the enterprise data centers.
1 Laws of Minnesota 2011, First Special Session, chapter 10, art. 4, sec. 6.
2 MN.IT did not receive funding to help accomplish the data center consolidation goals that policymakers anticipated in the 2011 legislation. As a result, MN.IT has relied on one-time contributions from agencies to fund the data center migrations that have been completed to date.