Report 2018-611 Recommendations

When an audit is completed and a report is issued, auditees must provide the State Auditor with information regarding their progress in implementing recommendations from our reports at three intervals from the release of the report: 60 days, six months, and one year. Additionally, Senate Bill 1452 (Chapter 452, Statutes of 2006), requires auditees who have not implemented recommendations after one year, to report to us and to the Legislature why they have not implemented them or to state when they intend to implement them. Below, is a listing of each recommendation the State Auditor made in the report referenced and a link to the most recent response from the auditee addressing their progress in implementing the recommendation and the State Auditor's assessment of auditee's response based on our review of the supporting documentation.

Recommendations in Report 2018-611: Gaps in Oversight Contribute to Weaknesses in the State's Information Security (Release Date: July 2019)

:
Recommendations to Legislature
Number Recommendation Status
1

To strengthen the information security practices of nonreporting entities, the Legislature should amend state law to require all nonreporting entities to adopt information security standards comparable to SAM 5300.

2

To strengthen the information security practices of nonreporting entities, the Legislature should amend state law to require all nonreporting entities to obtain or perform comprehensive information security assessments no less frequently than every three years to determine compliance with the entirety of their adopted information security standards.

3

To strengthen the information security practices of nonreporting entities, the Legislature should amend state law to require all nonreporting entities to confidentially submit certifications of their compliance with their adopted standards to the Assembly Privacy and Consumer Protection Committee and, if applicable, to confidentially submit corrective action plans to address any outstanding deficiencies.



Print all recommendations and responses.