Report 2015-611 Recommendation 9 Responses

Report 2015-611: High Risk Update—Information Security: Many State Entities' Information Assets Are Potentially Vulnerable to Attack or Disruption (Release Date: August 2015)

Recommendation #9 To: Technology, California Department of

The technology department should develop policies and procedures to define the process and criteria it will use to incentivize entities' compliance with the security standards.

Annual Follow-Up Agency Response From November 2017

CDT is currently drafting internal policies and procedures to define the process and criteria it will use to promote entities' compliance with the security standards. Expected completion date is June 2018.

  • Estimated Completion Date: June 2018

California State Auditor's Assessment of Annual Follow-Up Status: Pending


Annual Follow-Up Agency Response From October 2016

CDT has engaged an independent consultant to conduct a statewide security program review and to make recommendations for improvement consistent with industry standards and best practices, including recommendations for process and criteria to incentivize entities' compliance with security standards. Work commenced on July 5, 2016, and subsequent recommendations will be provided in November 2016.

  • Estimated Completion Date: December 2016

California State Auditor's Assessment of Annual Follow-Up Status: Not Fully Implemented


1-Year Agency Response

CDT has engaged an independent consultant to conduct a statewide security program review and to make recommendations for improvement consistent with industry standards and best practices, including recommendations for process and criteria to incentivize entities' compliance with security standards. Work commenced July 5, 2016 and subsequent recommendations will be provided in November 2016.

  • Estimated Completion Date: December 2016
  • Response Date: August 2016

California State Auditor's Assessment of 1-Year Status: Pending


6-Month Agency Response

The Department of Technology continues to assess its current responsibilities and processes for addressing non-compliance and as such, incentivizing compliance. This assessment and corresponding recommendations are to be completed by June 2016. The Department continues to work with departments through its existing training and oversight processes and on-going monitoring of the PoAM.

  • Estimated Completion Date: June 2016
  • Response Date: February 2016

California State Auditor's Assessment of 6-Month Status: No Action Taken


60-Day Agency Response

The Department of Technology is assessing its current responsibilities and processes for addressing non-compliance and as such, incentivizing compliance. This assessment and corresponding recommendations are to be completed by June 2016. The Department continues to work with departments through its existing training and oversight processes and on-going monitoring of the PoAM.

  • Estimated Completion Date: June 2016
  • Response Date: October 2015

California State Auditor's Assessment of 60-Day Status: No Action Taken


All Recommendations in 2015-611

Agency responses received are posted verbatim.


Report type

Report type
















© 2013, California State Auditor | Privacy Policy | Conditions of Use | Download Adobe PDF Reader