Skip to Main Content

SSA Not Timely in Revoking Contractor Data Access Privileges

Private Sign
Our Tabke Box

According to a recent audit report by the Social Security Administration’s (SSA) Inspector General (IG), SSA contractor employees had access to the agency’s information technology (IT) systems even after they stopped working on the contract. The IG found nearly a dozen instances when SSA failed to terminate contractor employees’ privileges to access sensitive data when they left the job.

The employees in question worked on an IT support services contract SSA awarded to Northrop Grumman. SSA did not immediately terminate agency data system access for 11 departing contractor and subcontract staff. For 9 of the 11, their access privileges continued for more than 100 days after their departure. One ex-employee’s access was not revoked for more than a year.

According to the IG, SSA’s security guidelines make clear the importance of controlling and limiting access to its information systems and resources to ensure “the confidentiality, integrity, and availability” of its data. The report does not specifically identify the data, only that it concerns the agency’s program, administrative, management information, and office automation systems.

The IG found the same problem in 2011 when it audited an IT contract with Lockheed Martin. On that contract, SSA failed to immediately terminate systems access for 4 departing subcontractor employees. Considering that the latest audit found nearly three times as many instances of unauthorized access, SSA’s assurance to the IG (see page 3 of the Northrop audit) that its systems access policies and procedures have improved since 2011 rings hollow.

The problem isn’t limited to SSA. Many federal agencies are falling down in their oversight of contractors’ security classifications and access privileges. Earlier this year, the Pentagon IG issued a report criticizing the defense intelligence agencies’ handling of contractor security clearances. It found that contractor employees investigated for misconduct were inappropriately granted or allowed to retain security clearances, and that those who were involved in misconduct and lost their clearance were allowed to work on other federal contracts.

Image by Flickr user Jason Eppink.

By: Neil Gordon
Investigator, POGO

Neil Gordon, Investigator Neil Gordon is an investigator for the Project On Government Oversight. Neil investigates and maintains POGO's Federal Contractor Misconduct Database.

Topics: Contract Oversight

Related Content: Contractor Accountability, Inspector General Oversight

Authors: Neil Gordon

Submitted by Linda Joy Adams at: June 29, 2014
We know my records were hacked into and deleted at SSA and the Deputy comm of It could not get OIG to do anything. and that;s the way it is throughout the govt with govt contractors having immunity from crimes and no internal oversoversit either. There is also a lot of money missing in some areas and my hearing file on this went missing right out of the McAlester Hearing office and never digitized into the system and many have suffered hardship form that one things, too. Appeals get deleted off the system if it might point to corruptions, also on SSA claims and my own personnel file that shows my employment with SSa and transfer to federal workers comp jurisdiction went missing several years ago and no one knows where it is and in it is our signed agreement with SSA, ther copy. Na d ACS, another contractor has run around lying as that I got a workers comp settlement and retired when he has blocked my file from being posted at federal workers comp and even ,multiple judges orders to post a process and pay on an established case with permanent medical benefits already but no permanent disability as no one at the US Dept Of labor is allowed to see the file ( shredded twice) or the judges orders to act on them. I was injured 1/10/89 and one of the surviving original 90 blacklisted HHS-SSA workers before we even got to the hospitals in Jersey City. and even life sustaining medical care that has has almost cost me my life and may soon from CEO Blodgett's personal actions in the matter.More on my own sites, but when those in power are not subject to the laws of the land that is a real coup d'etat and we are all almost totally under one now since 9/11/01 while we wre discussing or loss of personal rights under the patriot act, the real coup took place over n the agencies. Linda Joy Adams

Leave A Comment

Nickname
Comment
Enter this word: Change

Related Posts

Browse POGOBlog by Topic

POGO on Facebook

Latest Podcast

Podcast; Social Media, Internet Provides Opportunities, Challenges for Lawmakers

The Congressional Management Foundation offers the Gold Mouse Awards annually to members of Congress who make the most of the opportunity the digital world offers them. POGO spoke with members of Rep. Mike Honda's communications team about their award.