Submitting OIG:
Report Description:
We identified internal control weaknesses in the system that increase the risk that Virginia will be unable to prevent or detect unauthorized access and disclosure of personally identifiable information. Specifically, we found that although Virginia classified the Single Sign-on Web System as a sensitive system, it did not ensure that it met the minimum State requirements for a system classified as sensitive. This meant that
Virginia also was not in compliance with the Statewide Longitudinal Data Systems grant requirements. We determined that Virginia has policies and procedures that address reporting and responding to unauthorized access and disclosure of data, but we could not determine whether Virginia effectively implemented the procedures because Virginia has not reported any system breaches in the Virginia Longitudinal Data System or the Single Sign-on Web System.
Date Issued:
Tuesday, July 12, 2016
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
A02P0006
Component, if applicable:
Institute of Education Sciences
External entity, if applicable:
Virginia Department of Education
Location(s):
Richmond, VA
United StatesType of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
3
View Document:
Attachment | Size |
---|---|
a02p0006.pdf | 806.32 KB |
Additional Details Link: