Information Security

Safeguarding of Data in Excessed Department of Energy Computers Gao ID: GAO-01-469 March 29, 2001

The computer systems that support the Department of Energy's (DOE) civilian research and development programs house enormous amounts of data. Although unclassified, some of the information in these systems is nevertheless sensitive and must be protected from inappropriate access or disclosure. For this reason, DOE property management regulations require the agency to clear the hard drives of all computers before they are transferred into the excess category for reuse or disposal. GAO found that DOE lacks standardized instructions, verification procedures, and training for agency and contract employees on how to properly clear excessed computers. DOE also does not ensure that procedures used to remove all software, information, and data from systems are effective. As a result, some of the excessed computers GAO inspected at DOE headquarters had information still stored on the hard drives.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.