FDIC's IT Contingency Planning Program

(Report No. 04-038, September 22, 2004)

Summary

This report presents the results of an audit by International Business Machines (IBM) Business Consulting Services (hereafter referred to as IBM), an independent professional services firm engaged by the Federal Deposit Insurance Corporation (FDIC) Office of Inspector General (OIG) to support its efforts to satisfy reporting requirements related to the Federal Information Security Management Act (FISMA).

The objective of the audit was to determine whether the FDIC has an adequate Information Technology (IT) Contingency Planning Program. The scope of IBM's audit focused on the adequacy of the FDIC's policies, procedures, and tools for contingency planning. IBM concluded that the FDIC had made progress since the OIG's 2003 FISMA evaluation. However, improvements are needed to ensure that FDIC data can be restored in a timely manner.

Recommendations

IBM made three recommendations to the FDIC's Chief Information Officer and Director, Division of Information Resources Management (DIRM), to improve the FDIC's contingency planning program.

Management Response

DIRM has agreed to take corrective actions that adequately address the three recommendations, which are resolved but will remain undispositioned and open for reporting purposes until we have determined that agreed-to corrective actions have been completed and are effective.

This report contains sensitive information regarding information security. Accordingly, we have not made, nor do we intend to make, public release of the specific contents of the report.

Last updated 10/15/2004