The Office of the Inspector General of the Securities and Exchange Commission issued a report criticizing handling of information security. Among other things, the OIG said that the SEC’s Office of Information Technology did not “effectively” monitor the risks of system authorizations. According to the OIG, “SEC systems continued to operate without current authorizations; user accounts were not always deactivated in accordance with policy; [and] continuous monitoring review procedures were developed, but not consistently implemented.”