Justification

Justification

Non-substantive change to the ET Handbook No. 336, 18th Edition; Unemployment Insurance (UI) State Quality Service Plan (SQSP) (Office of Management and Budget (OMB) number 1205-0132)

In FY 2008, the Office of Inspector General (OIG) conducted an audit to determine if the Employment & Training Administration (ETA) provides sufficient oversight of the State Workforce Agencies’ (SWAs) Information Technology (IT) contingency planning for the UI program in order to minimize service disruption in the event of a disaster or other situations that may disrupt normal operations. The summary of findings of this OIG audit (OIG Report No. 23-08-004-03-315 issued on September 29, 2008) include: (1) SWAs lack IT contingency plans that can ensure adequate disaster-response capability; (2) ETA has not fully carried out its leadership responsibilities in providing oversight and targeted guidance to the SWAs regarding expectations of an IT disaster-recovery capability.

In response to the OIG Audit, enhancements were made to the "ET Handbook 336, 18th Edition, Chapter I", "Appendix I: Planning Forms and Formats", and "Appendix IV: Information Technology Security Guidelines", respectively, to provide additional IT Contingency Planning and IT Security guidance to the states. The proposed enhancement also includes a minimal change to the structure of the SQSP; however, the change will not increase the estimated burden hours or change the frequency of collection. Additionally, editorial changes were also made to other chapters of the handbook to provide additional clarity to existing reporting instructions.

Below is the summary of proposed changes to ET Handbook 336 as a result of the OIG audit:

• ¹The Disaster Recovery Capability was enhanced to provide guidance for UI Contingency Planning controls, which includes Disaster Recovery. The Assurance was also renamed "Assurance of Contingency Planning".

• ²A new "Information Technology Security Guide" appendix was created to provide an overview on IT Contingency Planning, Risk Assessment, and System Security Planning security controls.

• ³The "Assurance of Automated Information Systems Security" was enhanced to provide guidelines for having adequate UI information security controls. In addition, the State Plan Narrative Outline was modified for State Workforce Agencies (SWAs) to provide the dates when their IT Contingency Plan was implemented, tested, and reviewed/updated; when their Risk Assessment was conducted; and when their System Security Plan was reviewed/updated.

Unemployment Insurance Program Letter (UIPL) No. 15-09⁴ that addressed these proposed changes was issued for review/comment on March 4, 2009 to State Workforce Agencies. No substantive comments were provided by the states in response for these proposed changes. This UIPL has three attachments for which the links have been provided in the footnote.