Item - 2009.AU11.4
Tracking Status
- City Council adopted this item on October 26, 2009 with amendments.
- This item was considered by the Audit Committee on October 20, 2009 and adopted without amendment. It will be considered by City Council on October 26, 2009.
AU11.4 - Review of Disposal of Surplus IT Equipment - Security, Environmental and Financial Risks
- Decision Type:
- ACTION
- Status:
- Amended
- Wards:
- All
City Council Decision
City Council on October 26 and 27, 2009, adopted the following:
1. City Council request the Chief Information Officer to re-evaluate the agreement with the vendor who is currently providing information technology asset disposal services. Such re-evaluation take into account the experience of the vendor particularly in the area of data security and environmental concerns and where appropriate ensure that the vendor is capable of providing the level of service required.
2. City Council request the Chief Information Officer to review all provisions in the agreement with the third party information technology asset disposal vendor and direct the vendor to comply with all provisions in the agreement. Further policies, procedures be established to ensure that the City is able to confirm compliance. Regular audits including the development of audit programmes be conducted to confirm compliance. Documentary evidence of all such compliance audits be retained and approved by supervisory staff.
3. City Council request the Chief Information Officer, on a random basis, to confirm that hard drives submitted to the auctioneer have been successfully erased. Specialized data recovery tools be used to determine whether or not hard drives have been successfully deleted.
4. City Council request the Chief Information Officer to ensure that disposal processes for surplus information technology assets are in conformance with regulatory procedures and all such disposals are supported by an adequate audit trail for subsequent verification by City staff.
5. City Council request the Chief Information Officer to ensure that receipts from the sale of equipment are reconciled to the actual equipment sold.
6. City Council request the Chief Information Officer to report to the Government Management Committee on the existing policy for the disposal of surplus information and technology equipment, such report to also address the feasibility of amending the City's policy to allow for the sale of surplus information and technology equipment to employees.
Background Information (Committee)
https://www.toronto.ca/legdocs/mmis/2009/au/bgrd/backgroundfile-22125.pdf
Appendix 1 - Auditor General's Office (May 4, 2009) Review of Disposal of Surplus IT Equipment - Security, Environmental and Financial Risks
https://www.toronto.ca/legdocs/mmis/2009/au/bgrd/backgroundfile-22126.pdf
Appendix 2 - Management's Response to the Auditor General's Review
https://www.toronto.ca/legdocs/mmis/2009/au/bgrd/backgroundfile-22127.pdf
Motions (City Council)
That City Council request the Chief Information Officer to report to the Government Management Committee on the existing policy for the disposal of surplus information and technology equipment, such report to also address the feasibility of amending the City's policy to allow for the sale of surplus information and technology equipment to employees.
Vote (Amend Item (Additional)) Oct-26-2009 5:54 PM
Result: Carried | Majority Required - AU11.4 - Moscoe - Motion 1 |
---|---|
Total members that voted Yes: 21 | Members that voted Yes are Paul Ainslie, Sandra Bussin (Chair), Raymond Cho, Frank Di Giorgio, John Filion, Adam Giambrone, Mark Grimes, Doug Holyday, Cliff Jenkins, Joe Mihevc, Denzil Minnan-Wong, Howard Moscoe, Frances Nunziata, Case Ootes, Cesar Palacio, Anthony Perruzza, Bill Saundercook, David Shiner, Karen Stintz, Adam Vaughan, Michael Walker |
Total members that voted No: 14 | Members that voted No are Brian Ashton, Shelley Carroll, Janet Davis, Glenn De Baeremaeker, Mike Del Grande, Suzan Hall, A.A. Heaps, Norman Kelly, Chin Lee, Gloria Lindsay Luby, Peter Milczyn, Ron Moeser, Gord Perks, Kyle Rae |
Total members that were Absent: 10 | Members that were absent are Maria Augimeri, Mike Feldman, Paula Fletcher, Rob Ford, Giorgio Mammoliti, Pam McConnell, David Miller, Joe Pantalone, John Parker, Michael Thompson |
Vote (Adopt Item as Amended) Oct-26-2009 5:55 PM
Result: Carried | Majority Required - AU11.4 - Adopt the Item, as amended |
---|---|
Total members that voted Yes: 28 | Members that voted Yes are Paul Ainslie, Sandra Bussin (Chair), Shelley Carroll, Raymond Cho, Janet Davis, Frank Di Giorgio, John Filion, Adam Giambrone, Mark Grimes, A.A. Heaps, Doug Holyday, Cliff Jenkins, Norman Kelly, Chin Lee, Joe Mihevc, Denzil Minnan-Wong, Howard Moscoe, Frances Nunziata, Case Ootes, Cesar Palacio, Gord Perks, Anthony Perruzza, Kyle Rae, Bill Saundercook, David Shiner, Karen Stintz, Adam Vaughan, Michael Walker |
Total members that voted No: 7 | Members that voted No are Brian Ashton, Glenn De Baeremaeker, Mike Del Grande, Suzan Hall, Gloria Lindsay Luby, Peter Milczyn, Ron Moeser |
Total members that were Absent: 10 | Members that were absent are Maria Augimeri, Mike Feldman, Paula Fletcher, Rob Ford, Giorgio Mammoliti, Pam McConnell, David Miller, Joe Pantalone, John Parker, Michael Thompson |
AU11.4 - Review of Disposal of Surplus IT Equipment - Security, Environmental and Financial Risks
- Decision Type:
- ACTION
- Status:
- Adopted
- Wards:
- All
Committee Recommendations
The Audit Committee recommends that:
1. City Council request the Chief Information Officer to re-evaluate the agreement with the vendor who is currently providing information technology asset disposal services. Such re-evaluation take into account the experience of the vendor particularly in the area of data security and environmental concerns and where appropriate ensure that the vendor is capable of providing the level of service required.
2. City Council request the Chief Information Officer to review all provisions in the agreement with the third party information technology asset disposal vendor and direct the vendor to comply with all provisions in the agreement. Further policies, procedures be established to ensure that the City is able to confirm compliance. Regular audits including the development of audit programmes be conducted to confirm compliance. Documentary evidence of all such compliance audits be retained and approved by supervisory staff.
3. City Council request the Chief Information Officer, on a random basis, to confirm that hard drives submitted to the auctioneer have been successfully erased. Specialized data recovery tools be used to determine whether or not hard drives have been successfully deleted.
4. City Council request the Chief Information Officer to ensure that disposal processes for surplus information technology assets are in conformance with regulatory procedures and all such disposals are supported by an adequate audit trail for subsequent verification by City staff.
5. City Council request the Chief Information Officer to ensure that receipts from the sale of equipment are reconciled to the actual equipment sold.
Origin
Summary
The objective of this review was to determine whether the City’s management and oversight of the disposal of surplus Information Technology (IT) equipment adequately addresses potential risks such as:
- ensuring information residing on computer equipment such as hard drives is effectively erased or destroyed
- ensuring that surplus equipment is disposed of in an environmentally responsible manner, and
- ensuring the City receives its share of the funds from the disposal of the assets.
The review identified the need to address a number of important areas relating to contract compliance. The City needs to address these issues in order to mitigate the risks pertaining to the inappropriate disposal of surplus IT assets. There is also a need to ensure that the qualifications of the current third party vendor are re-evaluated.
Although recommendations in this report focus on improving controls over the disposal of surplus IT equipment at the City the recommendations may be relevant to the City’s Agencies, Boards, Commissions and Corporations and should be reviewed, evaluated and implemented as deemed appropriate.
Background Information
https://www.toronto.ca/legdocs/mmis/2009/au/bgrd/backgroundfile-22125.pdf
Appendix 1 - Auditor General's Office (May 4, 2009) Review of Disposal of Surplus IT Equipment - Security, Environmental and Financial Risks
https://www.toronto.ca/legdocs/mmis/2009/au/bgrd/backgroundfile-22126.pdf
Appendix 2 - Management's Response to the Auditor General's Review
https://www.toronto.ca/legdocs/mmis/2009/au/bgrd/backgroundfile-22127.pdf
Motions
That the Audit Committee recommend to City Council adoption of the recommendations contained in the report (May 4, 2009) from the Auditor General.