Risk, recovery plan
‘Elections office did not have policies that ensure records are secure’
THE Fijian Elections Office (FEO) did not have a risk management policy and disaster recovery plan, both of which ensure that all records are secure from data security breaches and natural disasters, this according to the Auditor-General’s 2019-2020 Audit Report on Statutory Authorities, Independent Body and Commissions that was tabled in Parliament recently.
The OAG said it was imperative that an entity established and maintained an entity-specific risk management policy that, amongst other things, contains an outline of key accountabilities and responsibilities for managing and implementing the entity’s risk management framework and is endorsed by the entity’s accountable authority.
“Disaster recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster,” the report read.
“Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events. It is imperative to have a disaster recovery plan to ensure that all records are secure from data security breaches and natural disasters.”
Fiji noted the recommendation and said the office had only been operational for the past four years and had been continuously building and developing its organisational policies and processes.
“In some areas, the FEO has had to wait for the establishment or creation of the base processes first before devising more comprehensive overlying frameworks. Risk management, aversion and handing policy has been a policy that has been work in progress for the FEO,” he said.
“Being an EMB (electoral management body), the FEO has had to consider additional matters that form the prime basis for consideration and remedial action such as polling operations, decentralisation plan etc.”