Reports

The Bureau of Information Services should update their mobile phone policies to include and implement a National Archives and Records Administration-approved records schedule and transfer procedures for electronic records associated with mobile phones.

The Bureau of Information Services should develop and implement a records management and retention system for electronic records.

The Bureau of Information Services should research the capabilities of Railroad Retirement Board's Microsoft Azure Cloud's functionality to determine feasibility of incorporating the automated records management and retention capabilities to govern the mobile phones electronic records.

The Bureau of Information Services should submit a yearly affidavit to confirm electronic records associated with mobile phones have been identified and retained until the full transition into Microsoft Azure Cloud.

The Railroad Retirement Board's Director of Administration should define and communicate 'personal usage' establishing Railroad Retirement Board's core hours of 5:00 am to 7:00 pm. Any usage outside of core hours would be considered personal usage excluding business management purposes.

The Railroad Retirement Board's Bureau of Information Services should 1) continue efforts to update the Telecommuting and Mobile Security Computing Policy with current laws and regulations and 2) develop a periodic monitoring control to assess personal usage and address it according to agency guidance.

The Bureau of Information Services should incorporate the mobile phones in an existing assessable unit and update their mobile phone policies to include documentation regarding the specific roles and responsibilities of each office overseeing the mobile phone program.

The Bureau of Information Services should enforce and execute a review and approval process for application and software download and restrict access to specified applications found in their Railroad Retirement Board G-6 Rules of Behavior.

The Bureau of Information Services should implement procedures to periodically track, log, and monitor iPhone usage and the completion of the G-6 Acknowledgement Statement.

The Bureau of Information Services should periodically review the mobile phone inventory for completeness and accuracy to include a comparison with Railroad Retirement Board's personnel position index.

The Bureau of Information Services should implement the use of unique identifiers between disparate data sets (e.g., mobile phone inventory, personnel position index) to facilitate comparisons and reconcile inconsistent information.