Remote secure access tokens are used by the City to improve security over access to the City’s computer network from a computer that is not directly linked to the network. Remote secure access tokens and related licences are priced on a per user basis and the costs charged back to City divisions as tokens are issued. The licence agreement for individual tokens is for a four-year period.
When staff of the Auditor General’s Office received tokens with only three years remaining in a four-year lifespan, the Auditor General decided to perform a brief review of this area. The objective of this review was to assess the procedures and controls over the acquisition and distribution of remote secure access tokens to ensure the process is being effectively managed. This audit covered the period from January 2009 to April 2011.
This report contains three recommendations along with a management response to each of the recommendations. The implementation of these recommendations will improve the overall cost effectiveness of managing the remote secure access token program and could result in cost savings.