Report 2015-611 Recommendation 9 Responses

Report 2015-611: High Risk Update—Information Security: Many State Entities' Information Assets Are Potentially Vulnerable to Attack or Disruption (Release Date: August 2015)

Recommendation #9 To: Technology, California Department of

The technology department should develop policies and procedures to define the process and criteria it will use to incentivize entities' compliance with the security standards.

Agency Response*

CDT has engaged an independent consultant to conduct a statewide security program review and to make recommendations for improvement consistent with industry standards and best practices, including recommendations for process and criteria to incentivize entities' compliance with security standards. Work commenced on July 5, 2016, and subsequent recommendations will be provided in November 2016.

  • Response Type†: Annual Follow Up
  • Estimated Completion Date: December 2016
  • Response Date: October 2016

California State Auditor's Assessment of Status: Not Fully Implemented


Agency Response*

CDT has engaged an independent consultant to conduct a statewide security program review and to make recommendations for improvement consistent with industry standards and best practices, including recommendations for process and criteria to incentivize entities' compliance with security standards. Work commenced July 5, 2016 and subsequent recommendations will be provided in November 2016.

  • Response Type†: 1-Year
  • Estimated Completion Date: December 2016
  • Response Date: August 2016

California State Auditor's Assessment of Status: Pending


Agency Response*

The Department of Technology continues to assess its current responsibilities and processes for addressing non-compliance and as such, incentivizing compliance. This assessment and corresponding recommendations are to be completed by June 2016. The Department continues to work with departments through its existing training and oversight processes and on-going monitoring of the PoAM.

  • Response Type†: 6-Month
  • Estimated Completion Date: June 2016
  • Response Date: February 2016

California State Auditor's Assessment of Status: No Action Taken


Agency Response*

The Department of Technology is assessing its current responsibilities and processes for addressing non-compliance and as such, incentivizing compliance. This assessment and corresponding recommendations are to be completed by June 2016. The Department continues to work with departments through its existing training and oversight processes and on-going monitoring of the PoAM.

  • Response Type†: 60-Day
  • Estimated Completion Date: June 2016
  • Response Date: October 2015

California State Auditor's Assessment of Status: No Action Taken


All Recommendations in 2015-611

†Response Type refers to the interval in which the auditee is providing the State Auditor with their status in implementing recommendations made in an audit report. Auditees must submit a response regarding their progress in implementing recommendations from our reports at three intervals from the release of the report: 60 days, six months, and one year or subsequent to one year.

*Agency responses received after June 2013 are posted verbatim.


Report type

Report type
















© 2013, California State Auditor | Privacy Policy | Conditions of Use | Download Adobe PDF Reader