Plain English Breakdown
Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.
Enhance Security of Office of Information Technology
The act allows the joint technology committee (JTC), within 90 days after the day that the chief information security officer of the office of information technology (security officer) files a written information technology security compliance report (compliance report) with the JTC as required by the act, to vote to request that the legislative audit committee direct the state auditor to conduct a special information technology security audit (IT security audit) of the office of information technology (OIT) if the compliance report indicates that one or more audit recommendations made by the state auditor is unresolved 2 or more years past the implementation date for the audit recommendation or if a material discrepancy exists between a representation in the compliance report and a previous audit finding.
What This Bill Does
- The act allows the joint technology committee (JTC), within 90 days after the day that the chief information security officer of the office of information technology (security officer) files a written information technology security compliance report (compliance report) with the JTC as required by the act, to vote to request that the legislative audit committee direct the state auditor to conduct a special information technology security audit (IT security audit) of the office of information technology (OIT) if the compliance report indicates that one or more audit recommendations made by the state auditor is unresolved 2 or more years past the implementation date for the audit recommendation or if a material discrepancy exists between a representation in the compliance report and a previous audit finding.
- If the JTC votes to request an IT security audit and if the legislative audit committee votes to direct the audit, the act requires: The state auditor to conduct the IT security audit; The state auditor to obtain input from OIT when the state auditor determines the scope and boundaries of the audit; The state auditor to submit the IT security audit report to the legislative audit committee, the JTC, the joint budget committee, and the governor; and OIT to reimburse the state auditor for the auditor's costs incurred in completing the IT security audit.
- The act requires OIT to establish, maintain, keep, update, and make available to state agency information technology leadership and the members of the JTC a list of all active information technology vendor contracts for state agencies.
- The act specifies that, except in the case of an information technology security emergency, OIT shall not publish or implement a technical information technology standard, and that the standard is void, unless the standard: Was publicly posted; and Received approval from the security officer if the standard relates to security, access controls, or the handling of data.
Limits and Unknowns
- This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.