DOD OIG – Contingency Planning for DoD Mission-Critical Information Systems

by Sabrina I. Pacifici on February 6, 2008

DOD Office of the Deputy Inspector General for Auditing, Contingency Planning for DoD Mission-Critical Information Systems, February 5, 2008 (117 pages, PDF).

  • “The information in DoD Information Technology Portfolio Repository (DITPR) on contingency planning is not reliable on the basis of sample results. We projected that, of 436 mission-critical information systems requiring information assurance certification and accreditation, 264 systems (61 percent) lacked a contingency plan or their owners could not provide evidence of a plan, 358 systems
    (82 percent) had contingency plans that had not been tested or for which their owners could not provide evidence of testing, 410 systems (94 percent) had incorrect testing information reported in DITPR, and 37 systems (8 percent) had incorrect contingency plan information reported in DITPR. As a result, DoD mission-critical systems may not be able to sustain warfighter operations during a disruptive or catastrophic event. Further, DoD provided erroneous information to Congress and the Office of Management and Budget on whether DoD had contingency planning procedures in place and periodically tested the
    procedures necessary to recover the systems from an unforeseen, and possibly devastating, event.”
  • Previous post:

    Next post: