Â鶹´«Ã½Ó³»city councillors and staff who use mobile devices needed to update their security and find cheaper phone plans. This was the finding of a March 2010 report by the citys internal audit branch, but the city says most of the problems have since been resolved.
The one-page audit summary was obtained by the Courier under the freedom of information law. Twelve lines were blanked out under the FOI exemptions for policy advice and financial harm.
As of May 2011, the city was paying for the use of 1,884 mobile cell devices, including 437 BlackBerry phones. Last year this cost $1,154,071 overall (which worked out to about $50 per month per device), and $520,576 for this year to date. The numbers are for city hall, parks, fire and library staff, but not for police or school board, which manage their own mobile devices. We observed internal control weaknesses around mobile devices that require attention, the audit stated. The current setup does not ensure the most economical and secure use of devices and there is a lack of central monitoring of mobile device usage and compliance to the policy.
The most important audit recommendations were to update BlackBerry device security and restrict general access to phone records... Access should be business unit instead of providing general access to citywide information.
Staff say that since then, the same access levels are in place, but the single common user name and password was changed this month. There is a procedure to change the shared password regularly to ensure only current managers know the authentication details.
As well, the BlackBerry enterprise server (BES) was upgraded to a version with more security capabilities. All BlackBerry phone passwords are set by each user at the time of deployment, and users must change their password regularly. If a device is lost or stolen, IT services can promptly lock and wipe it remotely to block access to email or other city business information.
Strengthen monitoring controls, the audit said. Central monitoring and administration of mobile devices is ineffective... Follow up identified savings through reimbursements and utilization of add-on packages for texting and roaming. The Cellular Telephones policy AG-008-01 states that the cellphone administrator should review cellphone usage to ensure most economical plans are being used, at least three times a year. There is no evidence of these reviews taking place.
On lowering the costs, staff say, billing plans were reviewed in 2010, which resulted in a lower price for long distance, removal of text charges, and move to a corporate pooled billing model. Cellphone bills over $100 per month are now red-flagged and reviewed by managers.
To reduce the long distance and roaming charges, city staff are encouraged to use roaming plans when they need cell access during travel.
The city is not under contract for wireless services, but plans to go to market in 2012 for a new wireless contract, which will include requirements to improve access restrictions and support.
