Information Technology Audit Report on the Management of IT Security of Select Public Bodies (RGD & JUTC)
Despite the significant benefits to be derived from the use of information technology (IT), IT environments are characterized by a variety of risks including accidental loss of information, technological failures, compromise of data integrity, unauthorized access and misuse of information and system resources. With the increased use of information and communication technology (ICT) by public sector agencies, it has become necessary to respond to these risks in order to safeguard the confidentiality, integrity and availability of information and information systems from technology related threats.
Two major public sector agencies that have significantly increased their reliance on IT are the Registrar General’s Department (RGD) and the Jamaica Urban Transit Company (JUTe). The RGD has increasingly incorporated technology in its operations, especially in the recording of Births, Deaths and Marriages while the JUTC has increased its reliance on technology in the collection and accounting for revenue through its Electronic Fare Collection System. Going forward it is anticipated that the RGD will have responsibility for civil registration and other civil identification functions under the National Identification System (NIDS) while the JUTC has targeted greater technological integration in its fleet maintenance, vehicle location and monitoring, and cashless fare collection. Given their reliance on technology in current and future operations, there is a need to have appropriate systems in place to safeguard their IT assets and maintain data integrity in order to achieve their strategic objectives. This will require the implementation of an appropriate IT security management system.