We recommend that the Chief Information Officer require the Information Technology Division (ITD) to create and maintain an ITD Authorized Access List, in accordance with the ITD Authorized Data Center Proxy Card Access List Maintenance standard operating procedure.