This audit was a follow-on to Audit Report No.21 1997-98 Protective Security, which reviewed, among other things, information security other than computer and communications security, against the policy and procedures outlined in the 1991 PSM. That audit found inconsistencies in the identification and marking of classified information and weaknesses in the handling and storage of classified information, as well as other breakdowns impacting on information security.