Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
12 | Yes | $0 | $0 | Agency Response Dated July 3, 2025: The NRC will analyze its contingency plans to identify opportunities to integrate metrics for measuring the effectiveness of the associated information system. The analysis will include, but not be limited to, metrics for mean time to recovery, incident response time, and site recovery time. The revised target completion date is the fourth quarter (Q4) of fiscal year (FY) 2025. Target Completion Date: FY 2025, Q4 OIG Analysis: The OIG will close this recommendation after confirming that the agency has integrated metrics for measuring the effectiveness of information system contingency plans with information on the effectiveness of related plans, such as organization and business process continuity, disaster recovery, incident management, insider threat implementation, and occupant emergency plans, as appropriate, to deliver persistent situational awareness across the organization. Agency Response Dated February 14, 2025: The NRC will analyze its contingency plans to identify opportunities to integrate metrics for measuring the effectiveness of the associated information system. The analysis will include, but not be limited to, metrics for mean time to recovery, incident response time, and site recovery time. The new target completion date is the fourth quarter (Q4) of FY 2025. Target Completion Date: FY 2025, Q4 OIG Analysis: The OIG will close this recommendation after reviewing the evidence that demonstrates and confirms the NRC integrated metrics for measuring the effectiveness of information system contingency plans and its relation to other plans such as the organization and business process continuity, disaster recovery, incident management, insider threat implementation, and occupant emergency plans, as appropriate, to deliver persistent situational awareness across the organization. This recommendation remains open and resolved. Status: Open: Resolved. The NRC and the OIG are working to come to an agreement on a sufficient way to complete this recommendation. The OIG will close the recommendation after the NRC integrates metrics for measuring the effectiveness of information system contingency plans with information on the effectiveness of related plans to deliver persistent situational awareness across the organization. Target Completion Date: To be determined. |
|
Integrate metrics for measuring the effectiveness of information system contingency plans with information on the effectiveness of related plans, such as organization and business process continuity, disaster recovery, incident management, insider threat implementation, and occupant emergency plans, as appropriate, to deliver persistent situational awareness across the organization. |