U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Prior OIG Reports Relevant to EPA’s Handling of Emergencies and Disasters

List ordered by date updated, descending.

Report: EPA Needs to Improve Its Risk Management and Incident Response Information Security Functions
Report #20-P-0120, March 24, 2020. Further implementation of risk management activities and incident response tools are needed to combat cybersecurity threats intended to steal and destroy confidential and sensitive information.
Report: CSB's Information Security Program Is Defined, but Improvements Needed in Risk Management, Identity and Access Management, and Incident Response
Report #20-P-0077, February 12, 2020. The CSB lacks documented procedures to address information technology risks and threats from cybersecurity incidents.
Report: EPA Needs to Improve Its Emergency Planning to Better Address Air Quality Concerns During Future Disasters
Report #20-P-0062, December 16, 2019. Developing EPA guidance for collecting and communicating air quality data could improve public confidence in the agency during future disaster responses.
Report: EPA Adequately Managed Hurricane Harvey Funding Received from FEMA
Report #20-P-0010, October 23, 2019. The EPA had policies and procedures in place for efficient and effective management of over $11 million in FEMA Disaster Relieve Funding for the Hurricane Harvey response.
Report: Region 4 Quickly Assessed Water Systems After Hurricane Irma but Can Improve Emergency Preparedness
Report #20-P-0001, October 7, 2019. EPA staff training with state partners and development of standard operating procedures could improve emergency response.
Report: EPA Region 6 Quickly Assessed Water Infrastructure after Hurricane Harvey but Can Improve Emergency Outreach to Disadvantaged Communities
Report #19-P-0236, July 16, 2019. Enhancements to environmental justice outreach efforts during emergencies could improve the public health protections of communities impacted by hurricanes or other disasters. The English, Spanish and Vietnamese versions of this report are available below.
Report: Insufficient Practices for Managing Known Security Weaknesses and System Settings Weaken EPA's Ability to Combat Cyber Threats
Report #19-P-0158, May 21, 2019. Missing POA&M data and incorrect security settings limit the EPA's ability to manage enterprise risk and strengthen its security procedures.
Report: CSB Still Needs to Improve Its 'Incident Response' and 'Identity and Access Management' Information Security Functions
Report #19-P-0147, May 9, 2019. The CSB lacks established procedures for automated processes and authentication technologies, which could permit unauthorized access to agency systems.
Report: EPA Consistently Implements Processes Within Its Information Security Program, but Opportunities for Improvement Exist
Report #19-P-0058, January 30, 2019. Further improvements are needed to strengthen internal processes to better protect human health and environmental data from cybersecurity threats.
Report: Management Weaknesses Delayed Response to Flint Water Crisis
Report #18-P-0221, July 19, 2018. What Was Found: The EPA should strengthen its oversight of state drinking water programs to improve the efficiency and effectiveness of the agency's response to drinking water contamination emergencies.
Report: Management Alert - To Minimize Risk of Environmental Harm, the Security Categorization of Electronic Manifest System Data Needs to Be Re-Evaluated
Report #18-P-0217, June 21, 2018. What Was Found: A breach of hazardous material information within e-Manifest may facilitate terrorist or other criminal activities.
Report: EPA’s Information Security Program Is Established, but Improvements Are Needed to Strengthen Its Processes
Report #18-P-0031, October 30, 2017. What Was Found: Although the EPA has an effective information security program, management emphasis is needed to achieve a higher level of maturity for the agency’s information security program.
Report: EPA Has Developed Guidance for Disaster Debris but Has Limited Knowledge of State Preparedness
Report #16-P-0219, June 29, 2016. What Was Found: The EPA can reduce the risk of future unsafe debris disposal practices by improving its understanding and awareness of the quality and completeness of state disaster debris management plans.

Contact Us to ask a question, provide feedback, or report a problem.