New passport processing system exposed to security gaps, audit finds

Another example, on a smaller scale than Shared Services Canada and the Phoenix pay system problems, of just how difficult it is for government to execute successfully IT projects:

The audit, which was completed in February 2016 and quietly posted to the departmental website a few months later, said IRCC leveraged expertise from industry and other federal departments and established several oversight mechanisms to track key project areas. But identified risks were not consistently monitored and addressed, the report said.

It also found there was no evidence that the information technology security plan was being followed, and that key security measures were missing, including a preliminary threat- and risk-assessment.

One year ago, the department suspended its use of a new system to process passport applications after CBC News reported on widespread glitches with the program.

The department said it was “pausing” the processing of passports through the GCMS in order to incorporate “lessons learned” during the testing phase.

No passports are currently being issued through the GCMS, but the department confirmed that refugee travel documents have been processed through the system since fall 2015.

At least 1,500 Canadian passports had been produced under a flawed new system that opened the door to fraud and tampering, according to documents obtained by CBC/Radio-Canada.

Internal records revealed the processing program was rushed into operation on May 9, despite warnings from senior officials that it was not ready and could present new security risks.

The department insisted that no passports have been issued with security gaps and that at no point had the integrity or security of the passport issuance been compromised.

Since the launch of the new system, officials had been scrambling to fix hundreds of glitches and to seal security gaps. Weeks after the new process was brought on line, there were calls to stop production.

Recommendations ignored

Those recommendations were ignored, and the passports continued to be issued in the first phase of production under the new system, designed to enhance security and integrate with other global programs.

Numerous reports obtained by CBC/Radio Canada showed that during a period of several weeks, it was possible for employees to alter the photo on a passport after it had been approved. There were also numerous reports of discrepancies between information contained in the database and what actually appeared on a passport.

In some cases, information disappeared from the system, making it difficult to verify if the applicant had used questionable guarantors or had made repeated claims of lost or stolen passports in the past.

That information acts as a safeguard to flag potential problems with applications.

Management accepted all six recommendations stemming from the audit, which ranged from medium to high risk. One plank of the “action plan” was to secure spending authorities to advance the project to the next phase.

Source: New passport processing system exposed to security gaps, audit finds – Politics – CBC News

About Andrew
Andrew blogs and tweets public policy issues, particularly the relationship between the political and bureaucratic levels, citizenship and multiculturalism. His latest book, Policy Arrogance or Innocent Bias, recounts his experience as a senior public servant in this area.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: