An audit of the City of Norwich performed by State Comptroller Thomas DiNapoli's Office found that the information technology and computer servers are not placed in secure locations.

Further, the system's users were granted administrative privileges that they did not need to perform their jobs.

The audit also found that City Council has not adopted a disaster recovery plan and, as a result, there is an increased risk that computerized data could be lost or compromised and city operations could be seriously disrupted.

DiNapoli's office recommends moving the city's servers so only authorized staff members can gain access, limiting the assignment of administrative privileges and adopting a disaster recovery plan.