View PDF Document

Summary

On August 1, we issued a final report on the review of Volpe Center’s IT security and resource management. While Volpe has established adequate firewall security to protect its IT infrastructure from intrusion or unauthorized access from the Internet, its computers remained vulnerable to attacks by insiders––employees, contractor staff, etc. Also, Volpe did not test its capability to resume system operations at its designated recovery site. In case of disruptions, both Volpe and its customer systems might be affected. Finally, Volpe has made good progress in leveraging departmental resources for more efficient operations. We identified two additional opportunities that could enable Volpe to further reduce costs by using departmental resources. Volpe management has concurred with our conclusions and stated that the majority of the recommendations have already been either fully or partially addressed. It is developing comprehensive plans to implement all remaining recommendations.