Social Security Administration Office of the Inspector General
Follow-up: The Social Security Administration’s Implementation of Program Operations Manual System Security Requirements for Disability Determination Service
To determine whether the Social Security Administration (SSA) implemented recommendations in prior Office of the Inspector General reports and PricewaterhouseCoopers (PwC) Management Letters. We limited our review to those recommendations that requested modifying the Program Operations Manual System (POMS) privacy and security procedures for disability determination services (DDS).
POMS contains required and recommended privacy and security policies for DDSs. To ensure the information SSA entrusts to the DDSs is protected in accordance with Federal laws and regulations, as well as Agency policies and procedures, it is critical for SSA to keep POMS current and complete and monitor the DDS' compliance with POMS.
To view the full report, visit http://www.ssa.gov/oig/ADOBEPDF/A-14-08-18076.pdf
SSA implemented 32 of the 44 Office of the Inspector General and PwC recommendations in 2 OIG reports and 7 PwC Management Letters that requested modifying the POMS privacy and security procedures for DDSs. The Agency had mitigating controls in place for 11 of the 12 unimplemented recommendations.
To further improve the security program administered by all DDSs, we recommend that SSA modify POMS to