Oregon Department of Revenue


“The VIE Taxpayer Self-Sufficiency security assessment has provided valuable insight into current best practices, industry standards and specific risk levels of our security approach.”

Cleve Bench

Chief Information Officer

VIE IT Security Assessment puts taxpayer self-sufficiency on the path to security!

Department of Revenue (DOR) engaged VIE to perform a security assessment to identify critical issues with its Taxpayer Self-Sufficiency (TPSS) Initiative. VIE recommendations have created the foundation to ensure secure online taxpayer services at DOR.


DOR did not know whether TPSS security was, at one extreme, inadequate or, at the other, overly burdensome for taxpayers and wasteful. DOR could not afford to discourage adoption, but could not put taxpayer information at risk. Leadership was in a quandary and needed answers quickly.

Critical Issues

Some DOR personnel were anxious that sensitive taxpayer information was too vulnerable to compromise on the Internet. Others saw existing security measures as burdensome enough to impede adoption of this key initiative for the department. No DOR personnel possessed the specialized experience to compare TPSS to similar systems with regards to industry best practices. Moreover, DOR staff lacked tools, support, and direction.


VIE was engaged to provide a qualitative security assessment and to chart a path for TPSS. Two security consultants performed the assessment.


The VIE security consultants provided a simple, clear, and definitive snapshot of TPSS security and reconciled it with industry best practices. The team also made recommendations to ensure that DOR would efficiently apply its best resources to ensure that security would be at the core of future initiatives.

Key recommendations of the security assessment included leveraging DOR’s enterprise architecture to develop a TPSS security architecture. It included specific technical recommendations as well as recommendations for key processes and organizational structure. DOR agreed to implement the recommendations and, in so doing, ensured user adoption and the security of those users’ sensitive data.