ACTION TAKEN ON REPORT OF AUDIT APPRAISAL, HUMAN RESOURCES SYSTEM
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP84-00933R000100290006-6
Release Decision:
RIPPUB
Original Classification:
K
Document Page Count:
5
Document Creation Date:
December 15, 2016
Document Release Date:
August 25, 2003
Sequence Number:
6
Case Number:
Publication Date:
May 11, 1981
Content Type:
MF
File:
Attachment | Size |
---|---|
CIA-RDP84-00933R000100290006-6.pdf | 262.73 KB |
Body:
CONFIDENTIAL
proved For Rele4
se 2003/12/03 : CIA-RDP84-00933f 9001002 0006-6
11 May 1981
MEMORANDUM FOR: Chief, Audit Staff
. Inspector General
I c Ling Director of Personnel
D/Pa $Cc;
SUBJECT - Action Taken on Report of Audit Appraisal,
(^ ij) --
1. I have. reviewed the Report of Audit Appraisal, Human
Resources System (HRS). of 31 March 1981. The HRS represents
the development of a complex computer system and since its
acceptance and activation in March of 1980, it has been used.
successfully, proving to be an accurate integrated centralized
personnel information system responsive to Agency management
requirements. The scope of the audit and the several findings
are reasonable, constructive, and acceptable.
2. Our actions and responses to the audit comments and.
re.co'mmendati,ons are keyed to the report.
Recommendation #1: Formally designate a data base
tanager for the I-IRSS and give him final approval
authority for all changes to the HRS.
The Chief, Information Division is designated as the Data
Base Manager of the HRS with, responsibility for changes,
interfaces, and access to the HRS. (Note: Chief, ID was not
interviewed during the audit.) Supplementing this designation
is the. alignment and utilization of Chief, Automated Data
Resources Branch (ADRB1 as the, Technical Data Base Manager,
participating in the development and servicing of the data
structure relevant to the software, testings, and system
program implementation. This combination is a satisfactory
and practical arrangement since Chief, Information Division,
as DBM, confers and consults daily with Chief, ADRB and Chief,
Information and Analysis Branch (TAB) for purposes of discussing
system. applications, changes, controls, requirements, and
resolution of problems. Chief, ID, by. this routine, is fully
cognizant of HRS activity with complete confidence in actions
proposed and taken by C/ADRB and C/TAB. However, in furtherance
of the audit recommendation, all requests for changes to the
HRS (workorder.s') will be approved and signed by Chief, ID as
25X1
CONFIDENTIAL
Approved For Release 2003/12/03 : CIA-RDP84-0093q
ODP 9 fi4 j
t viiCimi I iML
Approved For ,lease 2003/12/03 : CIA-RDP84-00933iWO0100290006-6
DBM, after impact assessment with C/ADRB. and C/IAB, as appropriate.
In the absence of C/ID, the C/ADRB, as Technical DBM, will insure
system continuity and IAB compatibility for HRS modifications,
and sign workorders as needed.
Recommendation #2: Document in writing ADRB's testing
and approval of software changes. The documentation
should include as a minimum: the name of the individual
testing the changes, the results obtained, the date of
the test, the date of the approval, and the signature
of the individual approving implementation of the change.
Hard copy backup of testing information is maintained
by ADRB and contains the documentation noted in Recommendation
#2, but only a verbal approval to execute the change was given
to ODP, This procedure has been changed to conform to the audit
recommendation with ADRB giving ODP written approval for
implementing software changes,
Recommendation #3: Require prior written approval
from tie -WIT or other designated individuals for
changes to the Common Validation Dictionaries,
Changes to COMM are controlled very closely with review
and assessment of the requested change(s) by C/ADRB. All
requests are documented by ADRB and retained indefinitely
(COMVAD audits are held for at least one year). Changes to
_..-COMVAD will Be made only after C/ADRB or the DBM has placed
signed approval on the documented request.
Recommendation #4: Request the ODP to modify the HRS
sa that se curity violation notices reject the transaction
at time of entry and such notices are recorded for
:suhsequent review and appropriate follow-up.
ODD' Production Division has been requested,'by memorandum
?ta'liave th.e system reject improper requests for data and to
send daily listing of all security code violations issued by
HRS'2, to ADRB for review and follow,up as appropriate. (Copy
attache dl,
Recommendation #5: Periodically review the access
Ti st ancd update- as required.
Operators on HRS data base have been reviewed; adds,
- -.-changes, and deletes have been made to align the data base,
and signed user authorization lists have been sent to each
..'...--branch- having HRS -2 users. A quarterly review will be made to
keep the lists current.
Approved For Release 20 3 1 /
!
R 400933R000100290006-6
w.J i14-00933R0001
.
Approved ForQoease 2003/12/03 : CIA-RDP84-00933i9'00100290006-6
Recommendation #6 (For ODP) : Follow established
procedures to ensure that backup copies of HRS
files are stored offsite in a'timely manner.
ODP Production Division has been requested, by
memorandum, to?conform with this recommendation. (Copy attached).
Recommendation #7: Determine whether MINI-GAP can
be used in lieu of manual posting of Service Record
Cards.
Although the Mini-GAP program contains data which is
applicable to Service Record Cards (SCR/SF-7) purposes, it
is data only from July 1975 forward. Moreover, configuration
.of the Mini-GAP file is not conducive (cost effective) to
automated production of the.SRC. Automated production of the
SRC was planned as a component and function of the General
Archives Program CGAP1 -- a storage and retrieval system of
,history and personnel information from 1968 forward. Time
and resource impasses necessitated the suspension of GAP
development. However, its completion and applications, including
elimination of manual posting of the SRC, remain objectives which
regrettably, at this time, are overtaken by higher priority
commitments.
Comment to Para 14:
Secur?ty has been tested and installed on the race and
handtcap codes and the true name values on the production data
rase. These codes/.values have been protected previously but
ttiet are now. avai l ab le to fewer system users.
3 The appraisal was helpful and balanced, and I am
appTeciatiive of the 'efforts and consideration extended by the
auditors.
Attachment: As stated
25X1
Distribution:
Original E 1. Addressee
1 - AD/OP
1 - C/ADRB
1 - C/ODP V 3
1 C/IAB
1 - ID Chrono Approved For Release QUO Il:JALoo933Roooloo29ooo6-6
UUNHUUN I IAL
Approved For&,lease 2003/12/03 : CIA-RDP84-00933QP00100290006-6
8 May 19 81
25X1
MEMORANDUM FOR:
chief, Production Division, ODP
25X1
FROM
Chief,, n formation Division, OP
SUBJECT
Compliance with the Audit of the Human
Resources System
1. The audit performed on the Human Resources System,
(HRS) by the Information System Audit Division/Audit Staff,
surfaced two areas of weakness in the overall strength of
the HRS production environment. This memorandum will
formalize Office of Personnel request to strengthen these
areas:
A. No record or notice of security violations
is printed by the system, Improper requests
for data from the FIRS are not reported to the
-DBM or other appropriate officials.
REQUESTED ACTION:
The system generates "Security Code Violation" to users
who exceed their authority to extract or update information
on the HRS. The security violation notices should reject
the transaction at the time of entry and I would like to obtain
a listing on a daily basis of all security code violations
issued by HRS2. The listing will be picked up the following
morning-and reviewed by OP/ADRB along with their-review of
the database statistics.
B. Procedures for safeguarding the HRS data file
have not been followed by ODP.
REQUESTED ACTION:
----- -ODP--should- follow- established- procedures -to -insure --that
backup copies of HRS files are stored offsite in a timely manner.
. ---.,...Copies of HRS data files are created every night; a copy of
the cutoff date tapes are stored at GC-47 in case GS-03
-is damaged; and, monthly tapes are sent I would like
25X1
T"tea be "a"ssure~ -that the procedures -will-be o owed.
25X1
Approved For Release /,1/~0O EQIfAflD4OO933R
CONFIULN 1 IAL
Approved For&lease 2003/12/03 : CIA-RDP84-00933 300100290006-6
2. The audit found that the HRS operates efficiently and
is generally satisfying the needs of its users. Additionally,
the personnel involved with the operation of the HRS were
performing their assigned task in an effective manner. The
service and fine performance of your Division certainly are a
contribution to this effort and our accomplishments. Your
assistance and support is greatly appreciated.
25X1
Approved For Release 2003/12/03 : CIA-RDP84-00933R000100290006-6
CONFIDFNTIAI