The Internal Revenue Service needs to improve the management of its backup and restoration process, according to a new report.
The report, from the Treasury Inspector General for Tax Administration, examined the IRS’s Tier II Environment Backup and Restoration Process, which protects important data saved on its computer systems. TIGTA evaluated the process following an incident in which the IRS discovered that a backup did not exist when needed to restore significant data. In addition to finding that the IRS is not effectively managing the process, TIGTA learned the IRS did not take effective action following this incident.
According to TIGTA, IRS management has not established goals and does not regularly collect sufficient performance metrics to monitor, measure, and report on the effectiveness of the process.
The IRS must provide adequate backup and restoration of this important computer data, called the Tier II Environment, which consists of non-mainframe servers, the report noted. These servers run various operating systems, including versions of Microsoft Server, Linux and UNIX. Some examples of the important data stored within the Tier II environment include e-mails, personal and shared files, and taxpayer information. If the data is not backed up properly, a possibility exists that all taxpayer and management information could be lost and become unrecoverable. The IRS must effectively manage the Tier II backup and restoration environment to ensure that its technology fully serves taxpayers.
As a result, IRS management does not have information to detect if a required backup is not created. Similarly, management does not routinely test restoration of backups to ensure the integrity and reliability of the data.
“If there is a failure in the ability to restore a system containing taxpayer data, it can have serious consequences in the IRS’s ability to administer the tax system,” said TIGTA Inspector General J. Russell George in a statement.
TIGTA recommended that the IRS’ chief technology officer establish goals and performance measures; implement a problem management process; and create and implement a backup strategy that includes tests to restore databases. The IRS should also ensure that a root cause analysis is performed on known vulnerabilities and that corrective actions are properly documented; develop standard operating procedures; and establish procedures to notify support personnel that backups have been completed successfully, according to the report. TIGTA also recommended upgrades to the software and aged hardware infrastructure, and the development of guidelines for actions that should be taken when equipment reaches its end of useful life.
The IRS agreed to establish goals and plans to implement performance measures and to use the measures to address these concerns. “We generally agree with the recommendations,” wrote IRS chief technology officer Terence V. Milholland in response to the report. “However, we would like to point out that significant budget and resource constraints have challenged our efforts to modernize and maintain the computing infrastructures and associated processes that support the IRS’s backup and restore requirements. Notwithstanding this challenge, we remain committed to providing the best backup and restore services possible.”