UNCLASSIFIED

UNCLASSIFIED

May 2016 OFFICE OF EVALUATIONS AND SPECIAL PROJECTS Office of the Secretary: Evaluat ion of E mail Records M an a e m e nt an d C be r se c ur it R e ui r em en ts

What OIG Found

The Federal Records Act requires appropriate manageme nt and preservation of Federal Government records, regardless of physical form or characterist ics, that document the organization, functions, policies, decisions, procedures, and essential transactions of an agency. For the last two decades, both Department of State (Department) policy and Federal regulations have explicitly stated that emails may qualify as Federal records. As is the case throughout the Federal Government, management weaknesses at the Department have contributed to the loss or removal of email records, particularly records created by the Office of the Secretary. These weaknesses include a limited ability to retrieve email records, inaccessibilit y of electronic files, failure to comply with requirements for departing employees, and a general lack of oversight. OIG’s ability to evaluate the Office of the Secretary’s compliance with policies regarding records preservation and use of non- Departmental communications systems was, at times, hampered by these weaknesses. However, based on its review of records, questionnaires, and interviews, OIG determined that email usage and preservation practices varied across the tenures of the five most recent Secretaries and that, accordingly, compliance with statutory, regulatory, and internal requirements varied as well. OIG also examined Department cybersecurity regulations and policies that apply to the use of non-Departmental systems to conduct official business. Although there were few such requirements 20 years ago, over time the Department has implemente d numerous policies directing the use of authorized systems for day-to-day operations. In assessing these policies, OIG examined the facts and circumstances surrounding three cases where individuals exclusively used non-Departmental systems to conduct official business.

ESP-16-03

What OIG Evaluated

As part of ongoing efforts to respond to requests from the current Secretary of State and several Members of Congress, the Office of Inspector General (OIG) reviewed records management requirements and policies regarding the use of non-Departmental communicat ions systems. The scope of this evaluation covers the Office of the Secretary, specificall y the tenures of Secretaries of State Madeleine Albright, Colin Powell, Condoleezza Rice, Hillary Clinton, and John Kerry. This report (1) provides an overview of laws, regulations, and policies related to the management of email records; (2) assesses the effectiveness of electronic records management practice s involving the Office of the Secretary; (3) evaluates complianc e with records management requirements; and (4) examines information security requirements related to the use of non-Departmental systems.

What OIG Recommends