Report 2015-611 Recommendation 5 Responses
Report 2015-611: High Risk Update—Information Security: Many State Entities' Information Assets Are Potentially Vulnerable to Attack or Disruption (Release Date: August 2015)
Recommendation #5 To: Technology, California Department of
To assist reporting entities in reaching full compliance with the security standards, the technology department should take the following actions: Develop internal policies and procedures to ensure that it reviews all reporting entities' self assessments and self certifications, including requiring supporting evidence of compliance when feasible.
6-Month Agency Response
The Department of Technology has updated its internal procedures and process to include the review of self-assessment submissions along with the review of annual self-certifications. Staff are using the updated procedures.
- Completion Date: February 2016
- Response Date: February 2016
California State Auditor's Assessment of 6-Month Status: Fully Implemented
60-Day Agency Response
The Department of Technology is in the process of updating its internal procedures and process to include the review of self-assessment submissions along with the review of annual self-certifications. Staff will be trained to use the new self-assessment procedures prior to the submission of department's annual certification reporting. The annual self-certifications are due each January 31st. Department of Technology will begin using its updated procedures in February 2016.
- Estimated Completion Date: February 2016
- Response Date: October 2015
California State Auditor's Assessment of 60-Day Status: No Action Taken
Agency responses received are posted verbatim.