A RESEARCH STUDY Audit Statement of Veterans Affairs' Association

Introduction

The Veterans Affairs (VA) is at the mercy of the Government Security Insurance policy (GSP) and must be sure compliance with the GSP and operational specifications. The VA is accountable for the conduct of any audit to determine the efficiency and effectiveness of its security program. With the need of the VA, we conducted an audit of security to provide management of the VA with a target assessment of it security program. Overall, we discovered that the VA attained certain requirements of the federal government Security Insurance plan (GSP) with respect to conformity, efficiency, and effectiveness. The audit provides an overview of the main security actions we noticed. We also identified areas for improvement.

The office of Veterans Affairs' Investigation

A RESEARCH STUDY Audit Report

Generally, the VA has put in place a security program which complies with the GSP and operational standards. The functions and tasks of Security Management, Workers Security, Physical Security, Information Technology Security as well as Contracting Management Security and Contingency Actions Security are obviously described in the Security Management Composition.

The Departmental security officer (DSO) holds out his obligations by coordinating, handling and updating the security program on a regular basis. The VA has put in place adequate mechanisms to guarantee the protection of sensitive information and belongings. The very sensitive information and investments are classified, selected, declassified or removed, in conformity with the criteria. Emergency and restoration plans are routinely developed, noted and revised, in conformity with certain requirements.

Public Works and Secure Impact (PWSI) happens to be responsible for security verification services that happen to be conducted in conformity with the Security Insurance plan and the Workers Security Standards. Even though the original agreement between your two parties for this service is no longer valid. Additionally, certain functions and responsibilities between the two parties aren't clearly founded and described in the contract. Currently, the VA can determine the security level related to the position requirements and requests the appropriate staff screening. The PWSI serves as the administrative security officer by granting the level of security wanted by the VA.

About the Audit

The Veterans Affairs (VA) is accountable for protecting very sensitive data such as financial, medical, and personal Veteran and employee information under their power. The information must be classified and designated considering the provisions for enough exceptions of the Access to Information Act and the Personal privacy Act. The data appropriate to information systems must be grouped and specifically selected per their confidentiality, integrity, supply and value. Information and delicate data must be guarded per minimal criteria, and related risk and threat examination.

The VA is responsible for the execution of the Security Policy within its institution and must conduct an interior audit on their compliance with the plan and their efficiency in implementing it at least every year. This audit is conducted within the platform of Treasury Panel Secretariat's requirements in this value.

Objectives

The objectives of the audit are to ensure the compliance of most very sensitive information and goods with the Government Security Coverage (GSP) and with the functional criteria and the efficiency and effectiveness of the Security Program of the VA. More specifically, the aims focused on: Security organization, Security Management, Physical Security and Workers Security.

Scope of the Audit

The audit addresses the next

Security Group: the structure of security management at the VA for the overall security program.

Security Management: the security program, the security education and training programs, the classification and designation of delicate data, the measures of security for hypersensitive information, the breaches and violations of security and other security-related happenings, the protection actions taken for external communications.

Physical Security: the location and layout of installations, the id and the application of protection procedures in the installations, the exam and control of physical security options.

Personnel Security: the workers security investigations, the au