The Information Technology (IT) Audit group of the OIG conducts independent audits of SEPTA’s IT systems and processes. This includes assessing SEPTA’s ability to protect its information assets and ensure data integrity, confidentiality, and availability. IT audits use best practice benchmarks for compliance with cybersecurity frameworks and guidance from federal regulators. The OIG is committed to continuous improvement. This means that the IT audit process is ongoing and not just a one-time event. The goal is to identify areas for improvement and implement changes to enhance SEPTA’s IT operations and cybersecurity posture.
Because IT audit reports may contain sensitive details about security vulnerabilities and areas of risk, they are not published here. Below is a list of the completed IT audits, in accordance with the annual Audit Plan.
Information Technology Audits
| OIG # | Date | Comments |
|---|---|---|
| A-22-06 | 20230301000000Mar 2023 | Action Plan in response to 8 OIG recommendations in progress. |
| A-22-07 | 20230601120000Jun 2023 | Action Plan in response to 5 OIG recommendations in progress. |
| A-22-12 | 20230601000000Jun 2023 | Action Plan in response to 5 OIG recommendations in progress. |
| A-22-11 | 20230501000000May 2023 | Action Plan in response to 6 OIG recommendations in progress. |
| IT-23-01 | 20231201000000Dec 2023 | Action Plan in response to 7 OIG recommendations in progress. |
| IT-23-03 | 20231001000000Oct 2023 | Action Plan in response to 4 OIG recommendations in progress. |
| IT-23-04 | 20240601000000Jun 2024 | Action Plan in response to 6 OIG recommendations in progress. |
| IT-23-02 | 20240301000000Mar 2024 | No recommendations were made. |
| IT-24-01 | 20241112000000Nov 2024 | Action Plan in response to 3 OIG recommendations in progress. |
| IT-24-02 | 20241201000000Dec 2024 | Action Plan in response to 2 OIG recommendations in progress. |
| IT-24-03 | 20241201120000Dec 2024 | Action Plan in response to 2 OIG recommendations in progress. |