The Office of Inspector General (OIG) contracted with the independent certified public accounting firm of Harper, Rains, Knight & Company, P.A. (HRK) to conduct a performance audit of EEOC’s information security program and practices in accordance with the Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2025. The objective of this performance audit was to assess the effectiveness of the EEOC’s information security program and practices for the period October 1, 2024, through September 30, 2025. HRK identified areas of improvement in the form of findings and recommendations. EEOC’s management was given the opportunity to review the notifications of findings and recommendations, and their responses are included in the report.