Date Issued
Report Number
2011-13721
Report Type
Audit
Description
The OIG audited the handling and processing of personally identifiable information (PII) provided to Cartus Corporation, a contractor for TVA. Our audit evaluated the (1) processes used to safeguard data transmitted from TVA to Cartus (2) handling, processing, and security of the data at Cartus, and (3) compliance with security-related contract terms. Generally, we found TVA controls for transmission of data to Cartus and its security controls for TVA data stored on its systems were effective in protecting the data. However, we identified control improvements that, if implemented, would strengthen Cartus' controls over data protection. Summary Only
Joint Report
Yes
Participating OIG
Tennessee Valley Authority OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0