Report Summary

Social Security Administration Office of the Inspector General

May 2009

Follow-up:  The Social Security Administration’s Implementation of Program Operations Manual System Security Requirements for Disability Determination Service

(A-14-08-18076)

Objective

To determine whether the Social Security Administration (SSA) implemented recommendations in prior Office of the Inspector General reports and PricewaterhouseCoopers (PwC) Management Letters. We limited our review to those recommendations that requested modifying the Program Operations Manual System (POMS) privacy and security procedures for disability determination services (DDS).

Background

POMS contains required and recommended privacy and security policies for DDSs.  To ensure the information SSA entrusts to the DDSs is protected in accordance with Federal laws and regulations, as well as Agency policies and procedures, it is critical for SSA to keep POMS current and complete and monitor the DDS' compliance with POMS.

To view the full report, visit http://www.ssa.gov/oig/ADOBEPDF/A-14-08-18076.pdf

Our Findings

SSA implemented 32 of the 44 Office of the Inspector General and PwC recommendations in 2 OIG reports and 7 PwC Management Letters that requested modifying the POMS privacy and security procedures for DDSs.  The Agency had mitigating controls in place for 11 of the 12 unimplemented recommendations.

Our Recommendations

To further improve the security program administered by all DDSs, we recommend that SSA modify POMS to

1. Require that Regional Office staff annually review DDS security plans and submit approvals or modification requests to the DDSs.
2. Implement the prior recommendation to provide guidance for DDS security management to document and follow formal procedures for checking vehicles prior to allowing them entrance into the DDS parking garage. The door to the parking garage should remain closed until the person or vehicle attempting to enter the garage is verified by the guards.