GAO posted a review of IRS security in March of 2013. It says the following:
...A business impact analysis is an analysis of information technology system requirements, processes, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption. Moreover, it correlates the system with the critical mission/business processes and services provided and, based on that information, characterizes the
consequences of a disruption. The Internal Revenue Manual requires the
agency to develop, test, and maintain information system contingency
plans for all systems, and to review and update these plans. The manual
also requires a business impact analysis for each system, and includes
steps for completing this process. In addition, according to the manual,
IRS shall implement and enforce backup procedures for all systems and
information.
The report recognizes the IRS has some problems identified the year before, and was making progress on them. It would be impossible to believe that GAO did not look at backup and recovery procedures because they tested some of them during the audit. They also did not call out any area of backup as being deficient.
No comments:
Post a Comment