Multiple DOT Operating Administrations Lack Effective Information System Disaster Recovery Plans and Exercises
The Department of Transportation (DOT) relies on more than 450 information systems, many of which provide fundamental capabilities for keeping the Nation’s transportation system safe and operational. Effective disaster recovery planning is critical to maintain information system safety and efficiency for DOT and its Operating Administrations (OA) during an unexpected event.
However, the disaster recovery plans for 4 of the Department’s 12 OAs—the Federal Highway Administration, Federal Railroad Administration (FRA), Federal Motor Carrier Safety Administration (FMCSA), and Pipeline and Hazardous Materials Safety Administration (PHMSA)—were not in compliance with DOT policy. In addition, the Department’s OAs have not all effectively tested their plans to ensure they will work in the event of a disruption. For example, the Federal Aviation Administration (FAA) did not conduct annual contingency plan testing for certain high-impact systems, as required. Furthermore, four OAs—FAA, FMCSA, PHMSA, and FRA—did not conduct required functional disaster recovery testing to ensure that their systems comply with DOT policy and can effectively handle operations during unexpected events.
We made nine recommendations to improve the effectiveness of information systems contingency planning and testing. The Department concurred with all nine of our recommendations, and we consider all resolved but open pending completion of planned actions.