The Auditor General’s Department, (AGD) has recommended that Information security management should be enhanced to ensure confidentiality and data integrity. This comes after they conducted an information security audit on the Passport, Immigration, and Citizenship Agency, (PICA) and found that they company was not well equipped to protect citizen data.

Poor access control, risk of security breaches, information security risks, and unmanaged threats, are some concerns coming out of the information security audit conducted by the AGD. PICA is responsible for accepting and processing passport applications, and handling matters relating to Jamaican citizens was found wanting in its management and protecting of sensitive information.

The AGD found that PICA’s management did not establish the needed structures and processes to ensure that Information and Communication Technology (ICT) was properly managed. This leaves the agency at risk for security breaches.

Pica created a five-year plan to invest 13.3 million us dollars to improve its ICT operations. However, of the 12 projects planned between 2018 and 2020, only four have been completed.

The audit found that PICA did not check risks to its information before allowing third parties and employees to access sensitive information. These parties were able to access personal data without completing a confidentiality agreement.

Also, though pica developed an ICT policy document, it bore no evidence of review or approval from management. PICA’s access control systems, like doors and gates, for example, were not able to prevent unauthorized access. This leaves all confidential information within the agency vulnerable.

Since the audit, PICA has established a management committee to steer the agency to meet its project goals. The agency also indicated that all a confidentiality agreement will be implemented for all stakeholders and other findings would be revised.

More in this CVM Live story from Jhanielle Powell: