Citation Edit

General Accounting Office, Computer Security: Contingency Plans and Risk Analyses Needed for IRS Computer Centers (IMTEC-86-10; B-221001) (Mar. 27, 1986) (full-text).

Overview Edit

The GAO reviewed the Internal Revenue Service's (IRS): (1) plans for ensuring the continuity of its computer operations if any of its 12 computer centers were destroyed or significantly disabled for an extended period; and (2) efforts to implement a risk management program to assess and reduce potential threats to computer operations.

The GAO found that IRS draft automatic data processing (ADP) plans are incomplete and its emergency measures are inadequate because: (1) NCC has no designated backup processing site; (2) computer capacity problems may make it impossible for one service center to back up another, as currently proposed; (3) IRS has not identified the most critical work-load functions; (4) IRS does not always maintain backup tape files containing data and programs necessary to continue operations; and (5) testing to ensure the workability of ADP contingency plans has been limited.

The GAO also found that: (1) the IRS has not periodically assessed potential risks to computer operations at its centers, although it has recently started a risk analysis program that it hopes to complete in 1987; (2) several IRS centers had physical security problems, making them susceptible to fire and smoke damage or to unauthorized entry after working hours; and (3) contingency plans at one center lacked adequate detail for emergency procedures.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.