Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

CFPB Report: 2014-IT-C-016 September 30, 2014

Audit of the CFPBs Acquisition and Contract Management of Select Cloud Computing Services

available formats

Memorandum

OFFICE OF INSPECTOR GENERAL
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
CONSUMER FINANCIAL PROTECTION BUREAU

September 30, 2014

Memorandum

TO:

Ashwin Vasan
Chief Information Officer
Consumer Financial Protection Bureau

FROM:

Andrew Patchan Jr.  /signed/
Associate Inspector General for Information Technology

SUBJECT:

OIG Report No. 2014-IT-C-016: Audit of the CFPB's Acquisition and Contract Management of Select Cloud Computing Services

The Office of Inspector General (OIG) has completed its report on the subject audit. In January 2014, the Council of the Inspectors General on Integrity and Efficiency (CIGIE) initiated a government-wide review of select agencies' efforts to adopt cloud computing technologies. The CIGIE initiative focused on reviewing cloud computing contracts for inclusion of specific clauses and the agencies' efforts to monitor the performance of cloud service providers. In support of the CIGIE initiative, our objective was to review the Consumer Financial Protection Bureau's (CFPB) acquisition and contract management for Amazon.com's Amazon Web Services and Deloitte's Compliance Analysis Toolkit to determine whether requirements for security, service levels, and access to records were appropriately planned for, defined in contracts, and being monitored. We provided CIGIE with responses to a questionnaire it issued to the select agencies' OIGs under a separate cover. This report includes specific findings and recommendations designed to assist the CFPB in improving its acquisition and contract management processes associated with cloud service providers.

We provided a draft of our report to you for review and comment. In your response, included as appendix B, you concurred with our recommendations and outlined actions that have been taken, are underway, and are planned to address our recommendations.

We appreciate the cooperation that we received from CFPB personnel during our review. Please contact me if you would like to discuss this report or any related issues.

cc:

Sartaj Alag, Chief Operating Officer
Stephen Agostini, Chief Financial Officer
Zachary Brown, Chief Information Security Officer
J. Anthony Ogden, Deputy Inspector General
Matthew Simber, OIG Manager for Policy, Planning, and Quality Assurance