SEC’s Office of Inspector General Releases Two Audit Reports Critical of the SEC's Data Security

The SEC's Office of Inspector General recently released two audit reports on the SEC's Office of Information Technology ("OIT"). The first report, released on March 25th, analyzed the Commission's control over sensitive, nonpublic information exchanged with the SEC and the Financial Stability Oversight Council ("FSOC") and the Office of Financial Research ("OFR"). The report noted deficiencies in how the SEC marks documents based on sensitivity level that are shared with or received from the FSOC or OFR, and provided recommendations to remediate them.

The second report, released on March 27th, examined the OIT's certification and accreditation process, finding some of them inadequate. The report recommended that the OIT create a centralized repository for managing the certification processes to ensure that all relevant files are maintained solely on SEC servers.