Secretary of Veterans Affairs Eric K. Shinseki committed the Department to continuous readiness in information security, which includes unannounced audits, surveys and self-assessments. As of March 2012, the VA has coalesced information security initiatives into the Continuous Readiness in Information Security Program (CRISP) to increase security for information that VA holds about individual Veterans, especially health care records.
A hallmark of CRISP is that all VA employees have a direct, personal responsibility to safeguard the privacy of sensitive information about Veterans. This responsibility extends to VA contractors, volunteers at VA facilities, representatives of major Veterans service organizations, trainees and others who deal with Veterans'information at VA.
CRISP began with a one day "stand-down" between March 12, 2012 and March 23, 2012, to ensure 100 percent compliance among the Department's 334,000 employees with mandatory security and privacy awareness training. Each VA staff office was responsible for scheduling the stand-down for its workers.
CRISP builds upon VA's long-standing security policies, including the provision of consistent, centralized training on IT security, records security and privacy awareness. Most of that training is self-paced on the Internet, in courses that require employees to answer questions correctly before they can proceed. Employees have been required to document that they've taken the training.
The new initiatives continue those traditional features, with the inclusion of innovations such as mandatory signature on "Rules of Behavior," loss of IT privileges and records access for employees who fail to complete the annual training, and tools to help normalize CRISP practices at local offices.
VA is the Nation's second largest cabinet agency, and it has one of the largest consolidated IT organizations in the world. Its Office of Information Technology has a $3.1 billion budget this year and nearly 7,500 employees to maintain operations covering 152 medical centers, nearly 800 community-based outpatient clinics, more than 300,000 desktop computers, 30,000 laptop computers and nearly 450,000 email accounts.