Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

POGO – SSA Not Timely in Revoking Contractor Data Access Privileges

“According to a recent audit report by the Social Security Administration’s (SSA) Inspector General (IG), SSA contractor employees had access to the agency’s information technology (IT) systems even after they stopped working on the contract. The IG found nearly a dozen instances when SSA failed to terminate contractor employees’ privileges to access sensitive data when they left the job. The employees in question worked on an IT support services contract SSA awarded to Northrop Grumman. SSA did not immediately terminate agency data system access for 11 departing contractor and subcontract staff. For 9 of the 11, their access privileges continued for more than 100 days after their departure. One ex-employee’s access was not revoked for more than a year. According to the IG, SSA’s security guidelines make clear the importance of controlling and limiting access to its information systems and resources to ensure “the confidentiality, integrity, and availability” of its data. The report does not specifically identify the data, only that it concerns the agency’s program, administrative, management information, and office automation systems.”

Sorry, comments are closed for this post.