Employment Development: Recurring Material Internal Control Deficiencies
||First Year Reported
||EDD had weak general controls over its information systems for 2010?11. Specifically, EDD's entity-wide information security policy was outdated, risk management program was insufficient, and there was no incident response plan prior to January 2012.
|Partially Corrected. Since January 2012, EDD has released thirteen Information Security policies that reflect changes in the direction of the EDD Information Security program that more closely aligns our program with federal and State guidelines. EDD is in the process of fully implementing all policies released. The following policies are currently in executive clearance: Data Handling Policy, Security Incident Management Policy, and Security System Maintenance Policy. Policies mentioned above do not include current and still relevant Information Security Policies.