Submitting OIG:
Report Description:
Our audit found that the Oregon Department of Education (Oregon) Consolidated Collection System, Oregon’s Statewide Longitudinal Data System, had a lack of documented internal controls in the system that increases the risk that Oregon will be unable to prevent or detect
unauthorized access and disclosure of personally identifiable information. Specifically, we found that Oregon did not ensure that the Consolidated Collection System met the minimum requirements in Oregon’s Department of Administrative Services State Standards, which require the system controls and documentation of those controls. Since Oregon did not meet the minimum State requirements, it was not
in compliance with Statewide Longitudinal Data Systems grant requirements. In addition, Oregon had policies and procedures that address reporting and responding to unauthorized access and disclosure of personally identifiable information in its data system. However, we could not determine whether the procedures were effective because Oregon had not reported any system breaches in the Consolidated Collection
System.
Date Issued:
Tuesday, September 27, 2016
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
A02P0007
Component, if applicable:
Institute of Education Sciences
External entity, if applicable:
Oregon Department of Education
Location(s):
Salem, OR
United StatesType of Report:
Audit
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
3
View Document:
Attachment | Size |
---|---|
a02p0007.pdf | 1013.67 KB |
Additional Details Link: