Critical software applications within Mater Dei Hospital should not be run by just one person but by sufficient human resources, the Auditor General recommended in an IT audit on Mater Dei Hospital.

The principal aim of the audit, tabled in Parliament this evening, was to collect and analyse evidence to determine whether the hospital had the necessary controls in place to ensure that its IT and Information Systems maintained data integrity, safeguarded assets, allowed organisational goals to be achieved effectively and assisted in making efficient use of government IT related resources.

The NAO reviewed 14 software applications used by the hospital as well as its website and Facebook page.

It made a number of recommendations including for the decommissioning of one of the servers, the complete extraction of all relevant data from the previous system to the current one, the reactivation of the payroll system’s audit trail functionality and the development of an IT strategy to further promote the integration of applications.

The NAO examined the IT operations at MDH and made recommendations on the need to develop an internal policy for the secure disposal of devices which could contain confidential data, and implement the necessary controls to ensure greater adherence with government password policies in some of the systems.

It also recommended that users were given clear guidelines on the management of offline e-mail boxes.

NAO noted that MDH officials had drafted a number of standard operating and downtime procedures for various software applications. It commended this initiative and recommended that similar procedures should be drafted for the remaining software applications.

The report in full can be downloaded from the link below.