The Office of Congressional Workplace Rights enforces fair employment and occupational safety and health rules in the legislative branch. Congress passed a 2018 law that, among other things, required the office to create a secure online system for discrimination and harassment claims.
We found weaknesses in the office’s project planning, system oversight, and cybersecurity risk management. For example, the office didn’t fully implement key oversight activities—such as establishing security and privacy requirements—for its systems operated by external entities.