Summary
Summary
| Report Number: | 2004-054 |
| Report Title: | Dept Highway Safety & Motor Vehicles - Florida Driver License Information System (FDLIS) |
| Report Period: | 03/2003-08/2003 and Selected Actions through 10/2003 |
| Release Date: | 12/10/2003 |
The Department of Highway Safety and Motor Vehicles (DHSMV) maintains the
Florida Driver License Information System (FDLIS) that assists Division of
Driver Licenses personnel in the processing of driver licenses, identification
(ID) cards, and administrative hearing applicants’ information. Our audit
focused on evaluating the management controls and selected Information
Technology (IT) functions applicable to FDLIS for the period March 2003 to
August 2003, and selected Department actions taken through October 2003,
determining the status of the replacement technology project for FDLIS, and
determining management’s awareness of, and actions taken regarding, the Health
Insurance Portability and Accountability Act of 1996 (HIPAA).
As described below, we noted deficiencies related to FDLIS, including deficiencies in the general and application controls.
Finding No. 1: The Department had not implemented a comprehensive entitywide security program to address issues such as IT policy and procedure maintenance and ongoing security awareness training for employees.
Finding No. 2: The Department had not designated key positions with sensitive responsibilities as positions of special trust or performed background checks, including fingerprinting, on persons in those positions.
Finding No. 3: The Department had not included technical procedures for the recovery of critical applications and databases in its formal disaster recovery plan.
Finding No. 4: The Department did not require proof of valid social security numbers. In addition, we noted instances of duplicate social security numbers contained in the driver license database.
Finding No. 5: Department rules and policies, which required documentation to prove the identity of a driver license or identification card applicant, were not aligned with Florida law.
Finding No. 6: Deficiencies were noted in security controls protecting FDLIS information resources.
Finding No. 7: The Department did not adequately document its procurement process for the acquisition of IT services regarding the replacement technology for FDLIS.
The Executive Director's written response to the review findings and recommendations included in report are included on the Auditor General Website.