Report 2015-611 Recommendation 5 Responses

Report 2015-611: High Risk Update—Information Security: Many State Entities' Information Assets Are Potentially Vulnerable to Attack or Disruption (Release Date: August 2015)

Recommendation #5 To: Technology, California Department of

To assist reporting entities in reaching full compliance with the security standards, the technology department should take the following actions: Develop internal policies and procedures to ensure that it reviews all reporting entities' self assessments and self certifications, including requiring supporting evidence of compliance when feasible.

6-Month Agency Response

The Department of Technology has updated its internal procedures and process to include the review of self-assessment submissions along with the review of annual self-certifications. Staff are using the updated procedures.

  • Completion Date: February 2016
  • Response Date: February 2016

California State Auditor's Assessment of 6-Month Status: Fully Implemented


60-Day Agency Response

The Department of Technology is in the process of updating its internal procedures and process to include the review of self-assessment submissions along with the review of annual self-certifications. Staff will be trained to use the new self-assessment procedures prior to the submission of department's annual certification reporting. The annual self-certifications are due each January 31st. Department of Technology will begin using its updated procedures in February 2016.

  • Estimated Completion Date: February 2016
  • Response Date: October 2015

California State Auditor's Assessment of 60-Day Status: No Action Taken


All Recommendations in 2015-611

Agency responses received are posted verbatim.


Report type

Report type
















© 2013, California State Auditor | Privacy Policy | Conditions of Use | Download Adobe PDF Reader