At Mindef, the Auditor-General found that a number of IT vendor staff were granted unrestricted access to read personnel and payroll information in the ministry’s human resource system. The report also noted that since 2014, Mindef had not reviewed the logs of access made by the vendor’s staff to information types that required controlled access.
SINGAPORE (July 22): The Auditor-General has found significant lapses in controls over access to personal and confidential data by IT vendors at the ministries of manpower and defence, as well as Singapore Customs. In its report, the Auditor-General pointed out that it was not the first time that public sector entities were found to have weak IT controls. “Similar issues were also found across different public sector entities audited by the AGO (Auditor-General’s office) over the last few years, indicating that IT controls remain a key area for improvement.”
At the Manpower Ministry, for instance, administrators of operating systems for the units that supported the processing of work permits and employment passes, who were vendor employees, had unrestricted access to the systems. They could also delete audit trails to remove any trace of unauthorised activities. The report noted that any unauthorised activity could compromise the confidentiality and integrity of the data in the systems.
