This site is protected by reCAPTCHA and the Google
Terms of Service apply.
Following a recent audit, Amtrak's Office of Inspector General (OIG) has determined that the railroad's information technology (IT) management has room for improvement if it wants to minimize the possibility and impact of IT service disruptions.The audit evaluated Amtrak's business continuity planning and testing efforts, then compared them to private- and public-sector IT management controls standards issued by the National Institute of Standards and Technology and ISACA, according to the OIG report, which was released this week.Since 2012, Amtrak has spent more than $12 million to minimize the possibility and impact of disruptions to its information technology services, the report said.Amtrak's IT department has developed continuity plans for the applications hosted on its mainframe, which is consistent with IT management control standards. However, the department lacks IT continuity plans for some applications that are "mission-critical," such as those used to sell tickets, maintain train equipment and railroad infrastructure, the audit found."By not fully developing and testing its IT business continuity plans, the [railroad] does not have assurance that it is prepared to restore service after a disruption," the report stated. "It is also accepting a risk that it will experience additional service disruptions similar to those that occurred in recent years."Over the next three years, such service disruptions could result in about $3 million in lost revenue and productivity, OIG officials wrote.The audit determined that Amtrak recorded a greater number of "critical service outages" that the department deemed most severe in 2016 than in 2015. However, the number of disruptions decreased in 2017 and is projected to stabilize this year.Some of the disruptions resulted in revenue and productivity losses. Last year, for example, 50 service disruptions caused an estimated $1 million in lost revenue."These disruptions may have been mitigated or avoided with additional IT business continuity design and testing," according to the report.