Audit of the Operational Services Division

This page, Audit of the Operational Services Division, is offered by
Office of the State Auditor

Organization:	Office of the State Auditor
Date published:	April 25, 2024

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the Operational Services Division (OSD) for the period July 1, 2021 through December 31, 2022. In this performance audit, we determined the following:

whether OSD’s Mass.gov website met the accessibility standards established by the Executive Office of Technology Services and Security (EOTSS) and the Web Content Accessibility Guidelines (WCAG) 2.1 for user accessibility, keyboard accessibility, navigation accessibility, language, error identification, and color accessibility;

whether OSD ensured that all contracts posted to its COMMBUYS website complied with EOTSS’s Enterprise Information Technology Accessibility Policy and WCAG 2.1 for user accessibility, keyboard accessibility, navigation accessibility, language, error identification, and color accessibility; and

whether OSD established information technology governance policies and procedures that met the requirements of EOTSS’s Enterprise Information Security Policies and Standards for business continuity plans, disaster recovery plans, information security incident response plans and procedures, and cybersecurity awareness training.

Below is a summary of our findings and recommendations, with links to each page listed.

Finding 1	OSD’s Mass.gov website is not fully accessible for all Massachusetts residents.
Recommendations	OSD should review its Mass.gov webpages to ensure that all hyperlinks lead to related information to provide equitable access to critical information and services offered online by OSD for all Massachusetts residents and state agencies. OSD should ensure that content on its Mass.gov webpages displays clearly, even when zoomed up to 400%, resulting in a user experience that is inclusive of all Massachusetts residents and state agencies.
Finding 2	OSD did not ensure that all of its hyperlinks within contract user guides (CUGs) led to related information.
Recommendation	OSD should regularly review its posted CUGs and ensure that hyperlinks within them are up-to-date and functional.
Finding 3	OSD did not ensure that all contracts posted to COMMBUYS had a language tag.
Recommendations	OSD should ensure that all attached contract forms have a language tag. OSD should establish criteria and user guides that include accessibility requirements for attached contract forms.
Finding 4	OSD did not ensure that its COMMBUYS website provided correction suggestions.
Recommendations	OSD should ensure that all fields on its webpages properly identify errors when a user inputs an incorrect data type into an entry field. OSD should ensure that it provides correction suggestions when a user inputs an incorrect data type into an entry field.
Finding 5	OSD relies on an information security incident response plan and procedures that do not include all required elements.
Recommendation	OSD should establish information security incident response procedures for implementing corrective action or post-incident analysis, criteria for business recovery, data backup processes, and an analysis of legal requirements for reporting information technology system compromises.
Finding 6 Page 32	OSD does not have a business continuity plan or a disaster recovery plan.
Recommendations Page 33	OSD should develop, document, and test a business continuity plan. OSD should develop, document, and test a disaster recovery plan for both onsite and offsite recovery locations.

Downloads

Open PDF file, 3.16 MB, Audit of the Operational Services Division (English, PDF 3.16 MB)

Contact

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Directions

Contact

Office of State Auditor Diana DiZoglio

Phone

Main (617) 727-2075

Online

Auditor@MassAuditor.gov

Fax

(617) 727-3014

Address

Massachusetts State House
Room 230
Boston, MA 02133

Directions

Audit Identifies Barriers to Access in Operational Services Division

Help Us Improve Mass.gov with your feedback

Did you find what you were looking for on this webpage?

Yes

If you have any suggestions for the website, please let us know. How can we improve the page?

Please do not include personal or contact information.

The feedback will only be used for improving the website. If you need assistance, please contact the State Auditor. Please limit your input to 500 characters.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Please let us know how we can improve this page.

Please remove any contact information or personal data from your feedback.

If you need assistance, please contact the State Auditor.

Audit Audit of the Operational Services Division

Executive Summary

Table of Contents

Downloads

Contact

Office of State Auditor Diana DiZoglio

Phone

Online

Fax

Address

Help Us Improve Mass.gov with your feedback