COJ – No IT Policies or Business Continuity/Disaster Recovery Plan

Recommendation

The Auditor General’s Department encouraged Management to strengthen CoJ’s IT general controls environment by ensuring the Agency develops and implements the requisite IT policies and Business Continuity Plan without further delays, to protect its ICT resources.

Management accepted the recommendations and subsequently advised that procurement activities were underway to engage a consultant to develop the required IT policies by March 31, 2025.

JAMP Update

The COJ responded to JAMP on June 10, 2026, advising that a draft Business Continuity and Disaster Recovery Plan has been developed and is available for review (a copy was attached to the response).

Work is also continuing on the development of a comprehensive Information Technology Policy, building upon the Agency’s existing Computer Usage Policy, which was developed and implemented several years ago and addresses, among other things, procedures governing the personal use of CoJ’s computers and network resources, measures for the protection of the Agency’s systems and records, and consequences arising from breaches of the policy.

The COJ anticipates that the IT Policy will be finalized and implemented during the current financial year.

For more detail, see ATI response below.

ATI Responses

• COJ- Resource Management- ATI Response, 2026
• COJ ATI Response-Business Continuity Plan – Draft