Key facts
The Swiss Federal Audit Office (SFAO) conducted a follow-up audit of Parliamentary Services (PS) on the implementation of key recommendations made in 2021–2023.
As part of this follow-up audit, eleven recommendations from two different audits were checked.
Four of the recommendations were from audit mandate 21310: “CuriaPlus project”. The recommendations
related to the creation of an information and communication technology (ICT) strategy and governance. In addition, the SFAO had recommended that a target architecture, an overarching quality and risk management, and sourcing and operating concepts be set up. Moreover, the following missing deliverables were to be provided: a test infrastructure, operating and maintenance contracts, a review of security requirements, and concepts for information protection and data protection.
A further seven recommendations were issued by the SFAO as part of audit mandate 23702: “CuriaPlus security”. They concern the definition of a uniform security procedure, the establishment of centralised risk management, an extended security review of CuriaPlus and its peripheral systems, and the implementation of centralised vulnerability management. The SFAO also recommended that the responsibilities of the various suppliers during fault remediation be contractually defined, and that business continuity management be updated and tested accordingly. A further recommendation was that a remote data backup location be set up and a georedundant server infrastructure be examined.
The SFAO finds that all eleven recommendations have been implemented.