Inspector general flags security weaknesses at Public Safety intelligence unit.

By THE STAR STAFF

An intervention by the Office of the Inspector General (OIG) has prompted corrective actions to address multiple weaknesses in procedures and control mechanisms governing both physical and logical access to surveillance and monitoring areas operated by the Auxiliary Secretariat for Security Information Management and Analysis (SAMISA), an entity within the island Department of Public Safety (DSP).

SAMISA consists of the Fusion Center Division, the Security Information Management Division, and the Operational Coordination and Logistics Division. The Security Information Management Division is responsible for collecting, evaluating, analyzing, and disseminating criminal intelligence related to drug trafficking, organized crime, illegal weapons and other criminal activities. The information handled by this division is classified as highly sensitive and requires strict access controls to ensure its proper use.

However, the OIG examination revealed that access to surveillance and monitoring areas -- managed through an electromagnetic card system -- lacked formal authorization procedures for creating user profiles. Investigators found no official forms to request or approve access, noting instead that access instructions were frequently communicated verbally or through informal messages. The report also identified discrepancies between active access permissions recorded in the system and the official roster of authorized personnel, revealing that a significant number of users had access to surveillance areas despite not appearing on the approved personnel list.

The review further determined that there were no formal designations for staff responsible for the custody and management of assigned electromagnetic access cards. In addition, auditors found no documented regulations or formal procedures governing the issuance, use, return or replacement of these cards. The OIG warned that creating access privileges without formal documentation increases the risk of unauthorized entry into surveillance areas and may compromise the integrity of sensitive data.

The report also highlighted deficiencies in physical security at the location housing servers related to the surveillance system. During an onsite inspection, investigators observed that the server area remained open and was shared with other equipment unrelated to the surveillance system. The space lacked controls to ensure access traceability, raising concerns about unauthorized access.

In addition, the OIG identified weaknesses in access controls for surveillance systems themselves. The DSP had not conducted periodic monitoring of employee searches within surveillance systems and databases, limiting management’s ability to effectively supervise system use and detect irregularities or misuse in a timely manner. Investigators also observed that some employees entered the surveillance room with personal mobile phones, creating the potential for unauthorized recording of images, video or audio in an area where sensitive information is handled.

The examination also uncovered deficiencies in the planning and execution of a project aimed at restoring the department’s camera surveillance system. Despite procurement efforts and other actions taken, the report noted that the cameras included in the project were not fully installed or operational at the time of the evaluation, potentially affecting system availability and its ability to support public safety operations.

In response to the findings, DSP management reported that it has taken steps to address the identified issues, including measures to strengthen access controls and system security. The OIG will continue to monitor the agency’s compliance through the implementation of a corrective action plan.