Skip to Main Content

SSA Not Timely in Revoking Contractor Data Access Privileges

Private Sign
Our Tabke Box

According to a recent audit report by the Social Security Administration’s (SSA) Inspector General (IG), SSA contractor employees had access to the agency’s information technology (IT) systems even after they stopped working on the contract. The IG found nearly a dozen instances when SSA failed to terminate contractor employees’ privileges to access sensitive data when they left the job.

The employees in question worked on an IT support services contract SSA awarded to Northrop Grumman. SSA did not immediately terminate agency data system access for 11 departing contractor and subcontract staff. For 9 of the 11, their access privileges continued for more than 100 days after their departure. One ex-employee’s access was not revoked for more than a year.

According to the IG, SSA’s security guidelines make clear the importance of controlling and limiting access to its information systems and resources to ensure “the confidentiality, integrity, and availability” of its data. The report does not specifically identify the data, only that it concerns the agency’s program, administrative, management information, and office automation systems.

The IG found the same problem in 2011 when it audited an IT contract with Lockheed Martin. On that contract, SSA failed to immediately terminate systems access for 4 departing subcontractor employees. Considering that the latest audit found nearly three times as many instances of unauthorized access, SSA’s assurance to the IG (see page 3 of the Northrop audit) that its systems access policies and procedures have improved since 2011 rings hollow.

The problem isn’t limited to SSA. Many federal agencies are falling down in their oversight of contractors’ security classifications and access privileges. Earlier this year, the Pentagon IG issued a report criticizing the defense intelligence agencies’ handling of contractor security clearances. It found that contractor employees investigated for misconduct were inappropriately granted or allowed to retain security clearances, and that those who were involved in misconduct and lost their clearance were allowed to work on other federal contracts.

Image by Flickr user Jason Eppink.

By: Neil Gordon
Investigator, POGO

Neil Gordon, Investigator Neil Gordon is an investigator for the Project On Government Oversight. Neil investigates and maintains POGO's Federal Contractor Misconduct Database.

Topics: Contract Oversight

Related Content: Contractor Accountability, Inspector General Oversight

Authors: Neil Gordon

comments powered by Disqus

Related Posts

Browse POGOBlog by Topic

POGO on Facebook