TxDOT Internal Audit Report Disaster Recovery - IT

Size: px
Start display at page:

Download "TxDOT Internal Audit Report Disaster Recovery - IT"

Transcription

1 TxDOT Internal Audit Report Disaster Recovery - IT Objective Determine if adequate plans and the ability to ensure critical TxDOT operations are not impacted by business interruptions to IT infrastructure. Determine whether testing, debriefs, and remediation plans have been developed and implemented. Opinion Based on the audit scope areas reviewed, control mechanisms require improvement and only partially address risk factors and exposures considered significant relative to impacting operational execution, and regulatory compliance. The organization's system of internal controls requires improvement in order to provide reasonable assurance that key goals and objectives will be achieved. Significant improvements are required to correct control gaps and mitigate residual risk that may result in potentially significant negative impacts to the organization including the achievement of the organization's business/control objectives. Overall Engagement Assessment Needs Improvement Finding 1 Finding 2 Title Disaster Recovery Plan (April 1, 2013) does not Include Sufficient Recovery Instructions for all IT Systems Outdated Technical Recovery Instructions Findings Control Design x Operating Effectiveness x Rating Needs Improvement Needs Improvement Management concurs with the above findings and prepared management action plans to address deficiencies. Internal Environment Since July 2012 services in the Texas Data Center Services (DCS) program, including disaster recovery, have been delivered through a multi-source integrated contract. Taking over provisions of services from previous service provider was completed on December 31, TxDOT IT staff was heavily involved during the transition of services. In addition, recent focus of the TxDOT IT function has been on updating and aligning internal business processes. Current management is aware of the need to re-assess IT System recovery priorities and plans for a comprehensive evaluation have been discussed. Current management is also aware that existing Disaster Recovery Plan (DRP) does not include sufficient recovery instructions for all IT Systems and is working on a solution.

2 Summary Results Finding Scope Area Evidence Audit work identified 318 of 397 (80%) division managed IT systems without sufficient recovery instructions in the current DRP [52 of 397 (13%) mission critical; 345 (87%) are non- critical]. 1 Disaster Recovery Planning IT Systems: 30 of 52 (58%) systems do not include sufficient recovery instructions in the existing DRP documentation. Non-critical IT Systems: 287 of 345 (83%) non-critical IT systems do not include sufficient recovery instructions in the existing DRP documentation. 2 Disaster Recovery Plan Execution and Testing Disaster Recovery Activities 4 of 4 (100%) of the Run Book updates associated with action items identified in the 2012 DR Test Exercise remain incomplete. Audit Scope The audit coverage included: Disaster recovery planning, testing and sustaining activities for TxDOT IT production systems both in and out-of-scope of the statewide data center services contracts (DCS). Limited testing was performed for systems administered by third party vendors. The audit was performed by Patti Drummer, Dennis Frazier, Justan Lopez (Co-Lead) and Karin Faltynek (Engagement Lead). The audit was conducted during the period from April 22, 2013 to July 19, Methodology The methodology(s) used to complete the objectives of this audit included the following: Multiple sources of documented information for TxDOT production servers and applications provided by the client were analyzed and compared to existing Disaster Recovery Plan documentation. The Data Application Inventory System (DAIS) was used as a primary source. Additional information was obtained through interviews with knowledgeable internal and service provider staff. 2 of 12 August 28, 2013

3 Records of the two most recent disaster recovery tests were reviewed and the status of identified action items was determined through the review of applicable documentation. Additional information was obtained through Interviews with knowledgeable internal staff. Data center and remote site walk-throughs and observation of on-going activities were followed up with documentation review and interviews with knowledgeable staff. These procedures were applied as necessary to perform the audit fieldwork. Background This report is prepared for the Transportation Commission, TxDOT Administration, and Management. The report presents the results of the Disaster Recovery IT Audit which was conducted as part of the Fiscal Year 2013 Audit Plan. Disaster recovery is a sub-set of business continuity. Disaster recovery is the process, policies and procedures related to pre-disaster planning. It is essential for recovery and continuation of technology infrastructure that is vital to an organization after a natural or human-induced disaster. Established key metrics for various business data recovery point objectives (RPO) and data recovery time objectives (RTO) are essential elements in disaster recovery planning. The RTOs and RPOs are generally found in the business continuity plan. Incomplete RTOs and RPOs can quickly derail a disaster recovery plan, leading to significant problems that can extend the disaster s impact. Once the recovery point and time are known, the underlying IT systems (applications and infrastructure supporting those systems) are identified and prioritized for recovery. Technical information related to the infrastructure and application interdependencies is recorded in Run Books. IT system metrics are documented in a Disaster Recovery Plan (DRP). The DRP is periodically updated and validated through DRP test exercises. DRP test exercise results are recorded in a disaster recovery test exercise issue log. Technical documentation related to issues discovered is updated to correct the deficiencies found during testing. Technical documentation is also updated on an on-going basis as a result of infrastructure changes or other related technical updates. As required by the Texas Government Code, TxDOT participates in the Texas Data Center Services (DCS) program. In 2006, TxDOT executed a 10 year interagency contract with DIR for the majority of existing IT Systems. TxDOT received permission to exclude some IT systems from DCS services. Those IT systems are referred to as outof-scope. The data in two of the out-of-scope IT systems is managed by third party service providers, the remaining are managed by TxDOT. The DCS and other third party service providers manage the IT Systems, including disaster recovery planning based on information provided by TxDOT. This information must include data, like RPO, RTO, and IT System interdependencies. While this information is generally based on comprehensive business analysis, current TxDOT IT System classification is primarily based on input from the IT System OPR. 3 of 12 August 28, 2013

4 We conducted this performance audit in accordance with Generally Accepted Government Auditing Standards and in conformance with the International Standards for the Professional Practice of Internal Auditing. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. A defined set of control objectives was utilized to focus on operational and regulatory goals for the identified scope areas. Our audit opinion is an assessment of the health of the overall control environment based on (1) the effectiveness of the enterprise risk management activities throughout the audit period and (2) the degree to which the defined control objectives were being met. Our audit opinion is not a guarantee against operational sub-optimization or regulatory non-compliance, particularly in areas not included in the scope of this audit. 4 of 12 August 28, 2013

5 Detailed Findings and Management Action Plans (MAP) Finding No. 1: Disaster Recovery Plan (April 1, 2013) does not Include Sufficient Recovery Instructions for all IT Systems Condition 318 of 397 (80%) of TxDOT s division Office of Primary Responsibility (OPR) managed IT systems do not have sufficient recovery instructions in the current disaster recovery plan. IT Systems The disaster recovery plan does not include sufficient recovery instructions for 30 of 52 (58%) IT systems previously identified as agency/mission critical by the IT system s OPR. While the Data Center Services (DCS) contract includes recovery priorities for servers; the interdependencies for specific IT Systems located on those servers is not included in the Disaster Recovery Plan. Technical recovery documentation for IT systems associated with the existing DCS disaster recovery plan includes Run Books with date/time stamps 1 year or older. Third Party data center service providers were able to provide disaster recovery documentation for the Toll Operation Management and Electronic Bidding Systems. However, the disaster recovery plan for the Toll Operation Management IT System was outdated due to recent infrastructure updates. Non-critical IT Systems The existing DCS disaster recovery plan does not include 287 of 345 (83%) IT systems identified as non-critical by the IT system s OPR. Technical recovery documentation for IT systems includes Run Books with date/time stamps 1 year or older. Effect/Potential Impact TxDOT operations would be impacted by business interruptions to IT infrastructure. After a disaster, the agency would not be able to continue its essential operations. Criteria & Cause Exhibit 16 of the Data Center Services Multi-sourcing Service Integrator Master Services Agreement IT Service Continuity Management states: Service Provider shall develop, maintain and implement a comprehensive Disaster Recovery Plan (DRP) for Services provided to DIR Customers and in relation to any DIR Customer-specific DRP s in each case subject to the DIR Customer s prior review and approval. Texas Administrative Code 202, Title 1, Part 10, Subchapter B, Rule states, State agencies shall maintain written Business Continuity Plans that address information resources so that the effects of a disaster will be minimized, and the state agency will be able either to maintain or quickly resume missioncritical functions. 5 of 12 August 28, 2013

6 Disaster Recovery Plans should include information that reflect IT system interdependencies, business priorities, recovery time objectives (RTO) and recovery point objectives (RPO). This information is used by the service provider to assign appropriate server service tiers, including disaster recovery priority. A process for the development and continuous update of a comprehensive disaster recovery plan is not in place. Although the DCS service provider has been provided information for non-critical systems in the past, TxDOT has not validated that this information has been included in the Disaster Recovery Plan in accordance with the contract. Efforts to create a critical systems list have been made by TxDOT staff, but a business analysis to establish IT System RTO has not yet been performed. Establishing RTO is a critical task in developing and documenting a disaster recovery plan and for transformation of servers to a consolidated data center environment. Evidence Not all existing IT systems are documented in the existing disaster recovery plan. The evidence obtained in the review included: IT Systems: Review of the Data Application Inventory System (DAIS) identified 397 production systems managed by division OPRs. Fifty-two (13%) of those systems are classified by the IT system s OPR as critical. The existing disaster recovery plan only provides information for 21 of 52 critical systems. 30 critical IT systems are not included in the existing DRP. 1 of the 52 critical IT systems, Toll Operations Management, is excluded from DCS and managed by a third party service provider. The review of the disaster recovery plan for the Toll Operations Management IT system indicates that the technical recovery documentation is out-of-date. Separate documented disaster recovery guidance for 30 critical systems does not exist. See Appendix A for a list of the 30 mission/agency critical IT systems at risk that were reviewed. Date/time stamps on existing technical recovery documentation for critical IT Systems are more than 1 year old. A process for on-going validation of existing technical recovery documentation for critical IT systems was not found. In addition, the July 2013 update of the disaster recovery plan indicates that the recovery period for 5 critical applications was downgraded due to TxDOT providing insufficient recovery instructions and description of application dependencies. Non-critical IT Systems Review of the Data Application Inventory System (DAIS) identified 397 IT systems managed by division OPRs. Three hundred forty-five (87%) of those IT systems are classified by the IT system s OPR as non-critical. The current disaster recovery plan only covers and discusses 58 (17%) of the non-critical IT systems. 6 of 12 August 28, 2013

7 Separate documented disaster recovery guidance for 287 non-critical IT systems does not exist. Date/time stamps on existing technical recovery documentation for non-critical IT systems are more than 1 year old. A process for on-going validation of existing technical recovery documentation for non-critical IT systems was not found. In addition, the July 2013 update of the Disaster Recovery Plan indicates that the recovery period for 20 non-critical IT applications was downgraded due to insufficient recovery instructions and description of application dependencies. Management Action Plans (MAPs): MAP Owners: Margaret Dixon, Risk & Security Strategy Manager; Jamie Hahn, Risk Analyst The following MAP activities will address the deficiencies by ensuring disaster recovery guidance, processes, and documentation are created and maintained for TxDOT s IT systems, and included in the disaster recovery plan document MAP IT has two transformation projects scheduled which will provide: Business evaluation of applications and systems Performance of application rationalization of the list of systems These two projects will provide necessary input to determine current system criticality. Expected outcomes of these projects include: An updated list of critical applications. The service provider, NTT DATA, was provided a preliminary list of 46 critical applications Recovery time objectives (RTO) for critical applications Priority tiers for applications Completion Date: December 15, 2013 MAP TxDOT will implement an on-going process to establish a quarterly review of critical Run Books: A quarterly review process of TxDOT s DR plan is currently in place. This review is conducted by Capgemini/Xerox. TxDOT will direct NTT DATA to inform Capgemini/Xerox. TxDOT will be using the same updating cycle to update the Run Books on a quarterly basis. TxDOT will review the list of critical applications upon completion of the above transformation project. TxDOT will then develop a process to update or create outstanding critical Run Books on a quarterly schedule. TxDOT will give the quarterly list to NTT who will then direct Capgemini/ Xerox to update the portion of the application s list to be updated or created. At the end of the quarter, TxDOT will review the portal on the TxDOT Department of Information Resources website to ensure the critical application s Run Books have been updated or created. 7 of 12 August 28, 2013

8 The contract between Capgemini and Xerox has a schedule for the creation and updating of Run Books based on Tier Service Groups listed in the Capgemini/Xerox DR Program Overview, page 22. TxDOT will conform to the contract agreement. Completion Date: June 15, 2014 MAP TxDOT will create and implement a process to recover non-critical applications. Completion Date: March 15, of 12 August 28, 2013

9 Finding No. 2: Outdated Technical Recovery Instructions Condition Run Books are out of date and do not reflect current disaster recovery operations. Effect/Potential Impact Continuation of business processes reliant on IT system components required to be functional would be delayed or result in an unsuccessful recovery of the targeted IT systems. Criteria & Cause Exhibit 16 of the Data Center Services Multi-sourcing Service Integrator Master Services Agreement Disaster Recovery Testing states: Service Provider will implement and track corrective actions until resolved. An on-going process to validate Run Books is not in place. Evidence 4 of 4 (100%) required updates to associated Run Books were not completed. A review of Run Books for the mainframe applications testing during the Oct 2012 Disaster Recovery (DR) exercise indicates that issues identified during this test have not been updated in the Run Books. Management Action Plan (MAP): MAP Owners: Margaret Dixon, Risk & Security Strategy Manager Jamie Hahn, Risk Analyst MAP The MAP owners agree the run books need to be updated and kept current. Creating and maintaining the Run Books is performed by Capgemini/Xerox with TxDOT s input. There are four application s Run Books which require updating: TPX, ADABAS, Enterprise Extender and CTC Adaptors. The fifth application, Websphere, is a Dept. of Motor Vehicle issue, and is not the responsibility of TxDOT as noted in the Issue column of the document. o TxDOT will direct NTT DATA to contact Capgemini/Xerox to affect the necessary updates identified during the 2012 DR test. The updates will be reflected in the datacenter portal documentation. o TxDOT will request version control and the name or title be added to the Run Book documentation. o TxDOT will notify TxDMV of their potential risk regarding Websphere. Completion Date: November 15, of 12 August 28, 2013

10 Summary Results Based on Enterprise Risk Management Framework Closing Comments The results of this audit were discussed with Information Technology Division management and staff. We appreciate the assistance and cooperation received from the TxDOT IT Organization contacted during this audit. 10 of 12 August 28, 2013

11 Appendix Table 1 System Name Active Directory Non-Mainframe Agency/ Systems as of May 2013 System Description An implementation of LDAP directory services by Microsoft for use in Windows environments. Assigned Priority Agency Advanced Traffic Management System Provides the ability to manage traffic through the use of cameras and automated signs. BAMS - Decision Support System Used for the analysis of transportation construction project data. BAMS-DSS BAMS client-server Central Authorization and Authentication System (CAAS) is a front-end system that manages access to TxDOT applications. Agency Comprehensive Occupational Safety Management Optimized System Crash Records Information System Crash Reporting and Analysis for Safer Highways Document Tracking System Electronic Bidding System Electronic Grants HR Online Intelligent Transportation System Tracks claims, produces reports, letters, payment vouchers, contracts, releases, and spreadsheets. Collects and disseminates crash information for the Department of Public Safety (DPS) and the Texas Department of Transportation (TxDOT). Used to transfer of motor vehicle crash data from law enforcement agencies to the Crash Records Information System (CRIS). Internal and External TxDOT Document/ /Phone Request Tracking System from any source, used daily by DDOR''s The Electronic Bidding System (EBS) permits electronic submission of digitally signed bids by qualified vendors. Processes and stores all transactions related to processing and accounting for federal/state grants available through TxDOT. (HR Online) is an application that uses PeopleSoft software to manage TxDOT employee information. Used to monitor traffic flows on major freeways. Agency LoadRunner Used for examining system behavior and performance. Lonestar Statewide Advanced Traffic Management System (ATMS) Memorial Sign Project MicroStrategy Intelligence Server Application for crash survivors to purchase memorial signs placed by districts. Texas Register Required. Production since 2/18/2004. Provides the core analytical processing and job management for all reporting, analysis and monitoring applications. 11 of 12 August 28, 2013

12 System Name Novell edirectory PONTEX Rail & Bridge Funding Prioritization System Description Centrally manages access to resources on multiple servers and computers within a given network. Stores complete bridge inventory and inspection data Used for prioritizing federal, state, and private fund allocation for bridge construction and highway-rail crossing construction including safety controls. Assigned Priority Agency Rail Hotline SiteManager Used for real time tracking/documentation and on-site action by federal rail inspectors in RRD. The application includes the two subsystems Site Manager Financial Interface (SMFI) and Site Manager Interface Controller (SMIC). Agency SPEEDZONE Used speed zone detail production. State HazMat Call Log Used for tracking and recording all HazMat calls from across the state and how the call was handled. Taskmaster Used to support crash report scan activities for Crash Records Information System (CRIS). Texas Maintenance Assessment Program A computer application used by TxDOT to satisfy the requirements of the Government Accounting Standards Board Texas Rail Information Management System Texas Traffic Operations Assessment Program Toxicology TRF Enterprise Document Management System (GASB) Statement 34. Manage all railroad-related projects and project information including crossing upgrade projects and construction projects that involve the railroad. Assessment of traffic control devices in each district for the purpose of evaluating and enhancing the safety of highways. Stores Medical Examiner/Coroners records, death certificates, cause of death event sequence hierarchy, and integration with state and federal systems. Tracks documents related to Traffic Operations Division business operations, such as consultant contract and administrative documents. 12 of 12 August 28, 2013

Exhibit to Data Center Services Multisourcing Service Integrator Master Services Agreement

Exhibit to Data Center Services Multisourcing Service Integrator Master Services Agreement Exhibit to Data Center Services Multisourcing Service Integrator Master Services Agreement DIR Contract No. DIR-DCS-MSI-MSA-001 Between The State of Texas, acting by and through the Texas Department of

More information

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement DIR Contract No. DIR-DCS-MSI-MSA-001 Between The State of Texas, acting by and through the Texas Department

More information

Internal Audit Report. Right of Way Acquisition TxDOT Office of Internal Audit

Internal Audit Report. Right of Way Acquisition TxDOT Office of Internal Audit Internal Audit Report Right of Way Acquisition TxDOT Office of Internal Audit Objective Evaluate the right of way acquisition process for efficiency and compliance. Opinion Based on the audit scope areas

More information

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University

William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University William Rider Manager Disaster Recovery & Data Security The Johns Hopkins Health System & University Competitive Leadership- Twelve Principles For Success Brian Billick Chapter 3 Be Be Prepared The time

More information

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452 Mecklenburg County Department of Internal Audit PeopleSoft Application Security Audit Report 1452 February 9, 2015 Internal Audit s Mission Through open communication, professionalism, expertise and trust,

More information

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2014-05 July 25, 2014 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope and Testing

More information

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name] PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name] [Date] [Location] 1 Prepared by: [Author] [Title] Date Approved by: [Name] [Title] Date 2

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION MANAGEMENT AUDIT REPORT OF DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION REPORT NO. 13-101 City of Albuquerque Office of Internal Audit

More information

AV Parking System Review

AV Parking System Review Exhibit 1 AV Parking System Review May 6, 2011 Report No. 11-01 Office of the County Auditor Evan A. Lukic, CPA County Auditor Table of Contents Contents EXECUTIVE SUMMARY... 3 OBJECTIVES, SCOPE AND PROCEDURES...

More information

Department of Public Utilities Customer Information System (BANNER)

Department of Public Utilities Customer Information System (BANNER) REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology

More information

February 22, 1995. Dear Ms. Kastrin:

February 22, 1995. Dear Ms. Kastrin: February 22, 1995 Ms. Deborah C. Kastrin Executive Director Texas Department of Commerce Stephen F. Austin State Office Building 1700 North Congress, Suite 100 Austin, Texas 78711 Dear Ms. Kastrin: The

More information

Judiciary Judicial Information Systems

Judiciary Judicial Information Systems Audit Report Judiciary Judicial Information Systems November 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence

More information

OFFICE OF INSPECTOR GENERAL. Audit Report

OFFICE OF INSPECTOR GENERAL. Audit Report OFFICE OF INSPECTOR GENERAL Audit Report Audit of the Data Management Application Controls and Selected General Controls in the Financial Management Integrated System Report No. 14-12 September 30, 2014

More information

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2013-03 August 9, 2013 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope... 5 Testing

More information

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02. IT Backup, Recovery and Disaster Recovery Planning SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT 11-02 IT Backup, Recovery and Disaster Recovery Planning Executive Summary Introduction As part of the 2011/12 Audit Plan and following discussions

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

Internal Audit Report. Toll Operations Contract Management TxDOT Office of Internal Audit

Internal Audit Report. Toll Operations Contract Management TxDOT Office of Internal Audit Internal Audit Report Toll Operations Contract Management TxDOT Office of Internal Audit Objective To determine whether the Toll Operations Division (TOD) contract management structure is designed and

More information

Internal Audit Report. Highway Condition Reporting TxDOT Office of Internal Audit

Internal Audit Report. Highway Condition Reporting TxDOT Office of Internal Audit Internal Audit Report Highway Condition Reporting TxDOT Office of Internal Audit Objective To evaluate data integrity in the Highway Condition Report. Opinion Based on the audit scope areas reviewed, control

More information

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy: Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance

More information

Audit of. District s Information Technology Disaster Recovery Plan

Audit of. District s Information Technology Disaster Recovery Plan Audit of District s Information Technology Disaster Recovery Plan April 11, 2014 Report #2014-03 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education

More information

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Exhibit to Data Center Services Service Component Provider Master Services Agreement Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

November 2009 Report No. 10-016

November 2009 Report No. 10-016 John Keel, CPA State Auditor An Audit Report on The Financial Responsibility Verification Program (TexasSure) Report No. 10-016 An Audit Report on The Financial Responsibility Verification Program (TexasSure)

More information

Review of Document Imaging Railroad Unemployment Insurance Act Programs Report No. 01-01, November 17, 2000

Review of Document Imaging Railroad Unemployment Insurance Act Programs Report No. 01-01, November 17, 2000 Review of Document Imaging Railroad Unemployment Insurance Act Programs Report No. 01-01, November 17, 2000 This report represents the results of the Office of Inspector General s (OIG) review of the Railroad

More information

Internal Audit Report. Receivables Management Statement of Cost TxDOT Office of Internal Audit

Internal Audit Report. Receivables Management Statement of Cost TxDOT Office of Internal Audit Internal Audit Report Receivables Management Statement of Cost TxDOT Office of Internal Audit Objective The audit objective is to evaluate whether monitoring and accounting for outstanding construction

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

FINAL AUDIT REPORT. Audit of the arrangements for business continuity and disaster recovery for non- PeopleSoft applications in UNHCR

FINAL AUDIT REPORT. Audit of the arrangements for business continuity and disaster recovery for non- PeopleSoft applications in UNHCR FINAL AUDIT REPORT Audit of the arrangements for business continuity and disaster recovery for non- PeopleSoft applications in UNHCR BACKGROUND The field offices of the United Nations High Commissioner

More information

The University of Texas at Tyler. Audit of Compliance with Texas Administrative Code 202

The University of Texas at Tyler. Audit of Compliance with Texas Administrative Code 202 Audit of Compliance with Texas Administrative Code 202 August 2015 OFFICE OF AUDIT AND CONSULTING SERVICES 3900 UNIVERSITY BOULEVARD TYLER, TEXAS 75799 BACKGROUND Texas Administrative Code (TAC) Title

More information

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International BCP Definitions Business Continuity Plan: An ongoing process supported by senior management

More information

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal

More information

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR Web Portal Security Review Page 2 Audit Report 03-11 Web Portal Security Review INDEX SECTION I EXECUTIVE SUMMARY

More information

Parcel Readiness Product Tracking and Reporting System Controls

Parcel Readiness Product Tracking and Reporting System Controls Parcel Readiness Product Tracking and Reporting System Controls Audit Report Report Number IT-AR-5-002 December 6, 204 The Postal Service needs to improve its process for managing and securing the PTR

More information

INFORMATION SYSTEMS SPECIALIST 8 1488

INFORMATION SYSTEMS SPECIALIST 8 1488 INFORMATION SYSTEMS SPECIALIST 8 1488 SERIES DESCRIPTION The INFORMATION SYSTEMS SPECIALIST (ISS) classification series has eight levels that describe technical and professional non-supervisory positions

More information

INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES

INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES INSPECTION U.S. DEPARTMENT OF THE INTERIOR WEB HOSTING SERVICES Report No.: ISD-IS-OCIO-0001-2014 June 2014 OFFICE OF INSPECTOR GENERAL U.S.DEPARTMENT OF THE INTERIOR Memorandum JUN 0 4 2014 To: From:

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

Audit of the Disaster Recovery Plan

Audit of the Disaster Recovery Plan Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE

More information

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including

More information

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

Management Advisory Postal Service Transformation Plan (Report Number OE-MA-03-001)

Management Advisory Postal Service Transformation Plan (Report Number OE-MA-03-001) October 29, 2002 RALPH J. MODEN VICE PRESIDENT, STRATEGIC PLANNING SUBJECT: Management Advisory Postal Service Transformation Plan (Report Number ) This management advisory presents the results of our

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General INFORMATION TECHNOLOGY: Final Obstacles Removed To Eliminate Customs Disaster Recovery Material Weakness Office of Information Technology OIG-IT-03-01

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

Hong Kong Baptist University

Hong Kong Baptist University Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012

More information

Outsource Operations Review 1/22/07 Status Report

Outsource Operations Review 1/22/07 Status Report Outsource Operations Review 1 Contract Recommendations City needs to establish metrics beyond the service level agreements (SLAs) to evaluate Unisys against the contractual obligations on no less than

More information

City of Houston Citywide ARC Project. Finance Department. Budget & Fiscal Affairs Committee

City of Houston Citywide ARC Project. Finance Department. Budget & Fiscal Affairs Committee City of Houston Citywide ARC Project Budget & Fiscal Affairs Committee July 2, 2012 Finance Department Kelly Dowe, Finance Director Bruce Haupt, Deputy Assistant Director Project Timeline We are in the

More information

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12 Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General

More information

STATE OF NORTH CAROLINA

STATE OF NORTH CAROLINA STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR

More information

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938

More information

VIRGINIA STATE UNIVERSITY RISK ANALYSIS SURVEY INFORMATION TECHNOLOGY

VIRGINIA STATE UNIVERSITY RISK ANALYSIS SURVEY INFORMATION TECHNOLOGY ASSESSABLE UNIT: ENTER THE NAME OF YOUR ASSESSABLE UNIT HERE BUSINESS PROCESS: ENTER YOUR BUSINESS PROCESS HERE BANNER INDEX CODE: ENTER YOUR BANNER INDEX CODE HERE Risk: If you monitor the activity and

More information

WHITE PAPER Third-Party Risk Management Lifecycle Guide

WHITE PAPER Third-Party Risk Management Lifecycle Guide WHITE PAPER Third-Party Risk Management Lifecycle Guide Develop and maintain compliant third-party relationships by following these foundational components of a best-practice assessment program. Third

More information

AUDIT REPORT. The Energy Information Administration s Information Technology Program

AUDIT REPORT. The Energy Information Administration s Information Technology Program U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Energy Information Administration s Information Technology Program DOE-OIG-16-04 November 2015 Department

More information

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all

More information

IT Services Management Service Brief

IT Services Management Service Brief IT Services Management Service Brief Service Continuity (Disaster Recovery Planning) Prepared by: Rick Leopoldi May 25, 2002 Copyright 2002. All rights reserved. Duplication of this document or extraction

More information

Configuring and Administering Microsoft SharePoint 2010

Configuring and Administering Microsoft SharePoint 2010 Course Code: M10174 Vendor: Microsoft Course Overview Duration: 5 RRP: 1,980 Configuring and Administering Microsoft SharePoint 2010 Overview This five day course teaches delegates how to install, configure

More information

Taking a Proactive Approach to Crisis Management while Maintaining Business Continuity in a Tiered Environment

Taking a Proactive Approach to Crisis Management while Maintaining Business Continuity in a Tiered Environment Taking a Proactive Approach to Crisis Management while Maintaining Business Continuity in a Tiered Environment John Linse Director of Business Continuity Services, EMC 1 Setting the Stage Taking a Proactive

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001

FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No. 11-001 SUBJECT: Review of Emergency Plans DATE: September 24, 2010 for Critical Information Technology Operations and Financial Systems

More information

Final Audit Report -- CAUTION --

Final Audit Report -- CAUTION -- U.S. OFFICE OF PERSONNEL MANAGEMENT OFFICE OF THE INSPECTOR GENERAL OFFICE OF AUDITS Final Audit Report Audit of the Information Technology Security Controls of the U.S. Office of Personnel Management

More information

OFFICIAL USE ONLY. Department of Energy. DATE: January 31, 2007 Audit Report Number: OAS-L-07-06

OFFICIAL USE ONLY. Department of Energy. DATE: January 31, 2007 Audit Report Number: OAS-L-07-06 DOE F 1325.8 (08-93) United States Government Memorandum Department of Energy DATE: January 31, 2007 Audit Report Number: OAS-L-07-06 REPLY TO ATTN OF: SUBJECT: TO: IG-34 (A06TG041) Evaluation of the "Office

More information

Financial Systems Integration

Financial Systems Integration Finance & Administration Committee Action Item III-A May 13, 2010 Financial Systems Integration Washington Metropolitan Area Transit Authority Board Action/Information Summary Action Information MEAD Number:

More information

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Management of Western Area Power Administration's Cyber Security Program DOE/IG-0873 October 2012 Department

More information

Memorandum. Audit Report No.: OAS-L-08-04 REPLY TO ATTN OF: Chief Financial Officer, CF-1 TO: INTRODUCTION AND OBJECTIVE

Memorandum. Audit Report No.: OAS-L-08-04 REPLY TO ATTN OF: Chief Financial Officer, CF-1 TO: INTRODUCTION AND OBJECTIVE '. 01/29/08 15:22 FAX 301 903 4656 CAPITAL REGION Q002 DOE F 1325.8 (s.9 3 25 United States Government Memorandum DATE: January 28, 2008 REPLY TO ATTN OF: SUBJECT: TO: IG-34 (A07TG029) Department of Energy

More information

CISM ITEM DEVELOPMENT GUIDE

CISM ITEM DEVELOPMENT GUIDE CISM ITEM DEVELOPMENT GUIDE Updated January 2015 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps

More information

June 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers

June 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers John Keel, CPA State Auditor An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers Report No. 08-038 An Audit Report on The Department of Information

More information

Server Consolidation. Report to the Joint Legislative Oversight Committee on Information Technology

Server Consolidation. Report to the Joint Legislative Oversight Committee on Information Technology Server Consolidation Report to the Joint Legislative Oversight Committee on Information Technology Chris Estes State Chief Information Officer December 2013 This page left blank intentionally Contents

More information

CLASS SPECIFICATION Systems Support Analyst II

CLASS SPECIFICATION Systems Support Analyst II San Diego Unified Port District Class Code: B211-UE03 CLASS SPECIFICATION Systems Support Analyst II FLSA Status: EEOC Job Category: Classified: Union Representation: Exempt Professionals No Unrepresented

More information

SMITHSONIAN INSTITUTION

SMITHSONIAN INSTITUTION SMITHSONIAN INSTITUTION FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA) 2012 INDEPENDENT EVALUATION REPORT TABLE OF CONTENTS PURPOSE 1 BACKGROUND 1 OBJECTIVES, SCOPE, AND METHODOLOGY 2 SUMMARY OF RESULTS

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co.

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ 0844 586 0040 intouch@digitalpathways.co.uk Security Services Menu has a full range of Security Services, some of which are also offered as a fully

More information

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of

More information

Technical Considerations in a Windows Server Environment

Technical Considerations in a Windows Server Environment Technical Considerations in a Windows Server Environment INTRODUCTION Cloud computing has changed the economics of disaster recovery and business continuity options. Accordingly, it is time many organizations

More information

Appendix D to DIR Contract No. DIR-SDD-2102. SYNNEX Corporation STATEMENT OF WORK / SUPPLEMENTAL AGREEMENT for END USER SERVICES

Appendix D to DIR Contract No. DIR-SDD-2102. SYNNEX Corporation STATEMENT OF WORK / SUPPLEMENTAL AGREEMENT for <DIR CUSTOMER> END USER SERVICES Appendix D to DIR Contract No. DIR-SDD-2102 SYNNEX Corporation STATEMENT OF WORK / SUPPLEMENTAL AGREEMENT for END USER SERVICES TABLE OF CONTENTS 1. Introduction... 3 2. Term of SOW...

More information

Checklist For Business Recovery

Checklist For Business Recovery Checklist For Business Recovery Completed By: Name: Company: Room: Street: City, State, Zip: Phone #: Business Recovery Plan for: Business Recovery Plan (BRP)--LEVEL 1 (Executive Awareness/Authority) 1.

More information

Business Continuity Planning Preparing Your Organization

Business Continuity Planning Preparing Your Organization Business Continuity Planning Preparing Your Organization Nicholas De Laurentis, CRM, IGP nick.delaurentis.gmkj@statefarm.com 1 Objectives Understand the importance of Business Continuity Planning Know

More information

Disaster Recovery Journal Spring World 2014

Disaster Recovery Journal Spring World 2014 Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.

More information

Student Assessment Administrative Review Phase 1

Student Assessment Administrative Review Phase 1 Internal Audit Student Assessment Administrative Review Phase 1 Issue Date: March 2015 Report Number: FY2015-02 Executive Summary AUDIT OF: Student Assessment DATE: Fieldwork performed January 2015 February

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

OFFICE OF THE STATE AUDITOR General Controls Review Questionnaire

OFFICE OF THE STATE AUDITOR General Controls Review Questionnaire OFFICE OF THE STATE AUDITOR Agency: * University Please answer all of the following questions. Where we ask for copies of policies and procedures and other documentation, we would prefer this in electronic

More information

Recovery Management. Release Data: March 18, 2012. Prepared by: Thomas Bronack

Recovery Management. Release Data: March 18, 2012. Prepared by: Thomas Bronack Recovery Management Release Data: March 18, 2012 Prepared by: Thomas Bronack Section Table of Contents 8. RECOVERY MANAGEMENT... 4 8.1. INTRODUCTION TO RECOVERY MANAGEMENT... 4 8.1.1. DEFINITION... 4 8.1.2.

More information

Internal Control Evaluation Progress Report for Frisco Independent School District. March 7, 2011

Internal Control Evaluation Progress Report for Frisco Independent School District. March 7, 2011 Internal Control Evaluation Progress Report for Frisco Independent School District March 7, 2011 Topics 2010 Internal Control Evaluation Activities - Phases III and IV 2010 Actual Hours and Fees Phases

More information

SRA International Managed Information Systems Internal Audit Report

SRA International Managed Information Systems Internal Audit Report SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...

More information

REVIEW OF NASA S MANAGEMENT AND OVERSIGHT

REVIEW OF NASA S MANAGEMENT AND OVERSIGHT SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration

More information

Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program

Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Information Technology Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program Report.

More information

Hardware Inventory Management Greater Boston District

Hardware Inventory Management Greater Boston District Hardware Inventory Management Greater Boston District Audit Report Report Number IT-AR-15-004 March 25, 2015 Highlights Management does not have an accurate inventory of hardware assets connected to the

More information

Texas Freight Advisory Committee A PRIMER ON PUBLIC SECTOR FREIGHT PERFORMANCE MEASURES

Texas Freight Advisory Committee A PRIMER ON PUBLIC SECTOR FREIGHT PERFORMANCE MEASURES Texas Freight Advisory Committee A PRIMER ON PUBLIC SECTOR FREIGHT PERFORMANCE MEASURES October 1, 2013 A PRIMER ON PUBLIC SECTOR FREIGHT PERFORMANCE MEASURES How Do Performance Measures Assist the Public

More information

Technology Resource Planning

Technology Resource Planning Technology Resource Planning Part 1: Technology Assessment Summary The Department is dedicated to modernizing and expanding its current information technology function. An independent assessment of the

More information

Tailored Technologies LLC

Tailored Technologies LLC 685 Third Avenue New York, NY 10017 Tel: (212) 503-6300 Fax: (212) 503-6312 Date: January 9, 2014 To: The Audit File of the Hugh L. Carey Battery Park City Authority From: Tailored Technology Observations

More information

U.S. Department of Justice Office of the Inspector General Audit Division

U.S. Department of Justice Office of the Inspector General Audit Division AUDIT OF THE OFFICE OF COMMUNITY ORIENTED POLICING SERVICES TECHNOLOGY PROGRAM AND SECURE OUR SCHOOLS GRANTS AWARDED TO THE WESTLAND POLICE DEPARTMENT WESTLAND, MICHIGAN U.S. Department of Justice Office

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Disaster Recovery Testing Is Being Adequately Performed, but Problem Reporting and Tracking Can Be Improved May 3, 2012 Reference Number: 2012-20-041 This

More information

EFFORTS ACCOMPLISHED TO DATE

EFFORTS ACCOMPLISHED TO DATE 12. Intelligent Transportation Systems The Dallas-Fort Worth (DFW) Metropolitan Area is currently involved in the planning, programming, and implementation of Intelligent Transportation System (ITS) programs

More information

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010

IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-34 October 13, 2010 IT DISASTER RECOVERY CALIFORNIA STATE UNIVERSITY, EAST BAY Audit Report 10-34 October 13, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret

More information

MSP Service Matrix. Servers

MSP Service Matrix. Servers Servers MSP Service Matrix Microsoft Windows O/S Patching - Patches automatically updated on a regular basis to the customer's servers and desktops. MS Baseline Analyzer and MS WSUS Server used Server

More information

WFT - SAP Disaster Recovery Solution Brief Planning and Automating an SAP Landscape Remote Recovery Procedure

WFT - SAP Disaster Recovery Solution Brief Planning and Automating an SAP Landscape Remote Recovery Procedure WFT - SAP Disaster Recovery Solution Brief Planning and Automating an SAP Landscape Remote Recovery Procedure Abstract This Solution Brief discusses how WFT Disaster Recovery Services helps a customer

More information

Department of Transportation Chief Information Officer Federal Motor Carrier Safety Administrator

Department of Transportation Chief Information Officer Federal Motor Carrier Safety Administrator U.S. Department of Transportation Office of the Secretary of Transportation Office of Inspector General Memorandum Subject: ACTION: Report on Investment Review Board Deliberations on the Motor Carrier

More information

INTERNAL AUDIT REPORT. Review of Software Change Management. Fairfax County Internal Audit Office

INTERNAL AUDIT REPORT. Review of Software Change Management. Fairfax County Internal Audit Office INTERNAL AUDIT REPORT Review of Software Change Management FAIRFAX COUNTY, VIRGINIA INTERNAL AUDIT OFFICE M E M O R A N D U M TO: Anthony H. Griffin DATE: May 2, 2002 County Executive FROM: SUBJECT: Ronald

More information