Information about http://www.si.edu/oig/AuditReports/IBA-05-05.pdf
Smithsonian Institution Office of the Inspector…
Tags: access control systems, clearance procedures, collections, electronic access control, electronic access control systems, id badges, office of the inspector general, ops, proximity cards, public areas, security issues, smithsonian facilities, smithsonian institution, smithsonian institution office, storage areas,Pages: 1
Language: english
Created: Mon Oct 2 10:28:56 2006
Display cached document
Page 1
Smithsonian Institution
Office of the Inspector General
In Brief Access Controls
Report Number M-05-05, July 25, 2006
Why We Did This Audit What We Found
This is the first of three reports Employees who left the Institution generally returned their ID badges and
covering security issues at the proximity cards; however, the Smithsonian's Office of Protection Services (OPS)
Smithsonian. To protect property was not always vigilant in removing programmed access to facilities. Of the 118
and collections and provide a safe, terminated employees we sampled, we found that 8 employees, or 7 percent, did
secure environment for its not return their ID badges/proximity cards. All but one retained electronic access
employees and visitors, the to non-public areas in various Smithsonian buildings, including collections
Smithsonian relies in part on its storage areas. These employees did not submit properly completed exit clearance
electronic access control systems. forms, and department heads did not ensure that exit clearance procedures were
We initiated this review to assess followed. In addition, 18 employees, or 15 percent, who had promptly returned
the effectiveness of these access their ID badge/proximity cards did not have their electronic access completely
controls, which are critical to removed.
ensure that employees and
contractors who have left the We found that, according to access control records, a significant number of
Institution no longer have access terminated contractors still had access to Smithsonian facilities. Of the 73
to non-public areas of contractors reviewed, 21, or 29 percent, had unexpired badges, of which 8, or 11
Smithsonian facilities. percent, also had active proximity cards providing electronic access to
Smithsonian facilities after their departure date. The Institution has no
What We Recommended standardized process for returning contractor ID badges and proximity cards and
relied on department heads and Contracting Officer's Technical Representatives
We recommended that OPS revise (COTRs) to terminate contractors' access.
written policies and procedures to
clarify where to surrender In addition to the weaknesses in the exit clearance process, we found that OPS did
employee and contractor badges not provide adequate oversight to ensure access was promptly terminated for
and proximity cards and specify separated employees and contractors. OPS also generally did not periodically
responsibility for returning review system records to ensure access was removed when individuals left the
contractor badges and proximity Institution. Moreover, OPS did not maintain historical information on badges
cards. We also recommended and building access issued to separated individuals, information that would be
that OPS provide department needed for law enforcement action should a theft occur.
heads with access system reports
to identify separated employees
and contractors and ensure that
records for separated employees
and contractors are disabled
instead of deleted from access
control systems.
Management agreed with our
analyses and recommendations
and proposed an implementation
plan that responds to our For additional information, contact the Office of the Inspector General at
recommendations. (202) 275-2244 or visit http://www.si.edu/oig.