Audit of NARA's CPIC Process
Report Information
Recommendations
We recommend NARA’s Chief Information Officer (CIO) ensure NARA’s documented CPIC policy is updated and formalized to reflect the current processes in use by NARA. This includes requiring the creation and use of a checklist outlining the IT governance...
We recommend NARA’s Chief Information Officer (CIO) ensure NARA’s documented CPIC policy is updated and formalized to reflect the current processes in use by NARA. This includes ensuring all required CPIC related documentation is completed for all NARA...
We recommend NARA’s Chief Information Officer (CIO) Require NARA’s updated CPIC policies and procedures meet the CPIC process requirements detailed in the Clinger Cohen Act.
We recommend NARA’s Chief Operating Officer (COO) ensure NARA IT investments do not bypass NARA’s CPIC process.
To ensure NARA IT investments do not bypass NARA’s CPIC process we recommend NARA’s Chief Operating Officer ensure that I-P maintain documentation of its approval of IT investments in PRISM and I-P’s PRISM approval of IT investments is tested on an...
To ensure NARA IT investments do not bypass NARA’s CPIC process we recommend NARA’s Chief Operating Officer ensure the training guide for purchase card holders is updated to include a discussion of the requirements of NARA’s CPIC process.
We recommend NARA’s Chief Information Officer ensure NARA’s IT governance process, which includes CPIC, incorporates the lessons learned when Directive 801 was followed to create a more user-friendly, streamlined and transparent policy where CPIC...