June 29, 2014

There’s been a lot of work going on behind the scenes. The TSP has been quietly beefing up security.

As long-time readers of this forum know, in addition the security breach reported in 2012, the TSP has had a number of open issues related to past security audits.

To work these and other issues related to security, the TSP established and filled the position of the Chief Information Security Officer this spring in addition to the Chief Technology Officer. It also consolidated IT security resources under a newly established Information Assurance Division. (See the “Office of Technology Services Annual Board Report” for more information.)

Separately, the Department of Labor – which has oversight authority of the TSP – and KPMG conducted 11 audits this past year, more than twice the number they normally conduct. This drastically increased scrutiny almost certainly stems from the 2012 security breach (and from the surprisingly large number of still-open audit recommendations at that time).

As of April, 73 audit recommendations that had been made since 2005 were closed, while 54 remained open. Another 7 recommendations from a financial statement audit are also open. The metrics from April can be accessed here.

Interestingly, the DOL audits themselves haven’t been posted to the site as they have been in the past — probably to keep overly inquisitive participants such as myself from publicizing them. But at this point, I’ll just say that administrators are definitely making every effort to improve TSP security.

Related topics: tsp-updates