Seal of the Commonwealth of Massachusetts
Massachusetts Audit Explorer - what the State Auditor found

← all audits

Audit of the Suffolk County Registry of Probate and Family Court (SCRPFC)

December 31, 2020 · Suffolk County Registry of Probate and Family Court · Read the full official report on mass.gov ↗

Published December 31, 2020 Audit covers September 1, 2018 – October 31, 2019 Under Suzanne M. Bump · 2011–2023

In plain English
The audit found the Suffolk Probate and Family Court Registry followed the tested e-filing rules, but auditors flagged that staff should get regular cybersecurity awareness training.
source
“Our audit revealed no significant instances of noncompliance by SCRPFC that must be reported under generally accepted government auditing standards.”
Read the plain-English breakdown
What is this?

This is a Massachusetts State Auditor performance audit of how the Suffolk County Registry of Probate and Family Court handled e-filed court documents during the audit period.

“In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the eFileMA system at the Suffolk County Registry of Probate and Family Court (SCRPFC) for the period September 1, 2018 through October 31, 2019.”
Why was it audited?

Auditors checked whether the registry processed electronic court filings according to specific Supreme Judicial Court rules.

“Does SCRPFC process documents in compliance with Sections 3(a)(1)(2), 3(b)(1), 4(d), and 8(c) of Supreme Judicial Court (SJC) Rule 1.25?”
Why it matters

The registry handles sensitive family and probate matters, so reliable document filing and cybersecurity practices affect people using the court system.

“Section 1 of Chapter 211B of the Massachusetts General Laws established the Probate and Family Court Department (PFCD), which has jurisdiction over probate and family matters such as divorce, paternity, child support, custody, visitation, adoption, termination of parental rights, and abuse prevention.”
What's in it for me?

If you file probate or family court documents electronically in Suffolk County, this audit says the tested e-filing process complied with the rules auditors reviewed.

“Below is our audit objective, indicating the question we intended our audit to answer and the conclusion we reached regarding the objective.”
The bottom line

The main audit result was clean for the tested e-filing rules, with a separate concern about cybersecurity training.

“In addition to concluding on our audit objective, we identified an issue we believe warrants SCRPFC’s attention, which we have disclosed in the “Other Matters” section of this report.”
What happens next

The registry had already held a cybersecurity training, and auditors said it should consider making that training required for all staff when hired and every year after.

“While we believe that action was prudent, we also believe SCRPFC should consider adopting a policy that requires all of its staff members to receive cybersecurity awareness training upon hire and annually thereafter, which would bring it into line with the requirements for executive department agencies.”
Why it's significant

Auditors warned that without regular cybersecurity training, the registry faces higher risk from cyberattacks and possible financial or reputational harm.

“In the Office of the State Auditor’s opinion, because SCRPFC does not require its employees, particularly those who have access to the Trial Court’s systems, to complete cybersecurity awareness training, there is an increased risk of cybersecurity attacks and financial and/or reputation losses.”
Jargon, unpacked

“eFileMA” is the online system people can use to open cases, file documents, get notices, and pay filing fees electronically.

“Eligible parties can use eFileMA to electronically send and receive specific case information, court documents, and court notices and to pay any applicable filing fees.”

What the Auditor checked

What the Auditor found

SCRPFC staff members did not receive cybersecurity awareness training.
cybersecurity

Why it matters: This increases the risk of cybersecurity attacks and financial or reputational losses.

Standard: Executive Office of Technology Services and Security Information Security Risk Management Standard IS.010, Sections 6.2.3 and 6.2.4; National Institute of Standards and Technology Special Publication 800-53, Revision 4, Section AT-2. ( Sections 6.2.3 and 6.2.4 of the Executive Office of Technology Services and Security’s Information Security Risk Management Standard IS.010; Section AT-2 of Revision 4 of the National Institute of Standards and Technology Special Publication 800-53 )

1 recommendation
  • SCRPFC should consider adopting a policy requiring cybersecurity awareness training upon hire and annually thereafter.
Agency response & Auditor reply
Agency: "We brought this matter to the attention of SCRPFC officials, who told us that on March 3, 2020, SCRPFC conducted a cybersecurity awareness training for its staff."
Auditor: "While we believe that action was prudent, we also believe SCRPFC should consider adopting a policy that requires all of its staff members to receive cybersecurity awareness training upon hire and annually thereafter, which would bring it into line with the requirements for executive department agencies."

More audits of this entity

Other Office of the State Auditor reports on Suffolk County Registry of Probate and Family Court .

See this entity's page with all 2 audits →