A Performance Audit
An Audit Report on Confidential Data Management at the Department of Insurance
May 2022
Summary Analysis
While the Department of Insurance (Department) has implemented certain processes and controls to secure its confidential data, it should strengthen those processes and controls to help prevent unauthorized disclosure of its confidential data.
To minimize security risks, auditors communicated details about the audit findings separately to the Department in writing. One finding was rated Priority, because of issues that could critically affect the Department’s ability to effectively administer its information security function. Immediate action should be taken to reduce the risk. One finding was rated High, because the issues could substantially affect the Department’s information security function; two other findings were rated Medium, indicating moderate risk. The Department’s management agreed with the recommendations related to the audit findings.
In March 2022, after audit fieldwork was completed, the Department issued a notice that it had in January 2022 become aware of a data security issue with a Department web application that manages workers’ compensation information.
While the Department of Insurance (Department) has implemented certain processes and controls to secure its confidential data, it should strengthen those processes and controls to help prevent unauthorized disclosure of its confidential data.
To minimize security risks, auditors communicated details about the audit findings separately to the Department in writing. One finding was rated High, because the issues could substantially affect the Department’s information security function.
While the Department of Insurance (Department) has implemented certain processes and controls to secure its confidential data, it should strengthen those processes and controls to help prevent unauthorized disclosure of its confidential data.
To minimize security risks, auditors communicated details about the audit findings separately to the Department in writing. One finding was rated Priority, because of issues that could critically affect the Department’s ability to effectively administer its information security function. Immediate action should be taken to reduce the risk.
While the Department of Insurance (Department) has implemented certain processes and controls to secure its confidential data, it should strengthen those processes and controls to help prevent unauthorized disclosure of its confidential data.
To minimize security risks, auditors communicated details about the audit findings separately to the Department in writing. Two findings were rated Medium, indicating moderate risk.
Graphics, Media, Supporting documents