We recommend that the Chief Information Officer require the Information Technology Division (ITD) to perform an annual validation of the ITD Authorized Access List, in accordance with ITD Authorized Data Center Proxy Card Access List Maintenance standard operating procedure.