Date Issued
Report Number
20Z-315
Report Type
Audit
Description
We initiated a special project to determine if (1) TVA's policies, procedures, and practices for handling lost or stolen computer equipment were adequate; (2) those policies, procedures, and practices were followed; and (3) the lost or stolen computers contained sensitive or restricted information. We found:TVA's policies, practices, and procedures for maintaining an accurate inventory of computer equipment were not adequate. Since the August 2004 implementation of the HP Service Desk (HPSD), which contains an inventory of TVA computers, TVA has been unable to track over 5,550 computers. The inability to adequately track, as well as the lack of encryption, on these computers increases the risk for the disclosure of sensitive or restricted information.The policies for handling/reporting stolen computers were not consistently followed. At least one of the stolen computers contained personally identifiable information-employee social security numbers. We have not been able to confirm whether the remaining stolen computers contained sensitive or restricted information, although we believe the risk is moderate.
Joint Report
Yes
Participating OIG
Tennessee Valley Authority OIG
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0