The Information Technology (IT) Audit group of the OIG conducts independent audits of SEPTA’s IT systems and processes. This includes assessing SEPTA’s ability to protect its information assets and ensure data integrity, confidentiality, and availability. IT audits use best practice benchmarks for compliance with cybersecurity frameworks and guidance from federal regulators. The OIG is committed to continuous improvement. This means that the IT audit process is ongoing and not just a one-time event. The goal is to identify areas for improvement and implement changes to enhance SEPTA’s IT operations and cybersecurity posture.

Because IT Audit reports may contain sensitive details about security vulnerabilities and areas of risk, they are not published here. Below is a list of the completed IT audits, in accordance with the annual Audit Plan.

OIG #TitleDateComments
IT-23-04Public-Facing Internet Servers and Services Audit2024-06-01Action Plan in response to 6 OIG recommendations in progress.
IT-23-02Enterprise Application Suite Review2024-03-01No recommendations were made.
IT-24-01Cloud-Based Human Resources Management Software Suite Audit2024-11-12Action Plan in response to 3 OIG recommendations in progress.
IT-24-02File Transfer Services Audit2024-12-01Action Plan in response to 2 OIG recommendations in progress.
IT-24-03Third Party and Vendor Management Audit2024-12-01Action Plan in response to 2 OIG recommendations in progress.
A-22-06Identity and Access Management System2023-03-01Action Plan in response to 8 OIG recommendations in progress.
A-22-07Communications and Signals Audit2023-06-01Action Plan in response to 5 OIG recommendations in progress.
A-22-12Security Operations Center Audit2023-06-01Action Plan in response to 5 OIG recommendations in progress.
A-22-11Enterprise Application Upgrades2023-05-01Action Plan in response to 6 OIG recommendations in progress.
IT-23-01Information, Communication, and Collaboration Software Suite2023-12-01Action Plan in response to 7 OIG recommendations in progress.
IT-23-03Physical Access2023-10-01Action Plan in response to 4 OIG recommendations in progress.