Loading chat...
OK HB2669
Bill
Status
5/13/2014
Primary Sponsor
David Derby
Click for details
AI Summary
-
Modifies 62 O.S. 2011, Section 34.32 to change state agency information security risk assessment requirements from annual internal assessments to third-party conducted assessments
-
Requires state agencies with information technology systems to obtain third-party risk assessments complying with ISO/IEC 27002 standards, unless the agency can certify internal expertise and submit documentation
-
Directs the Information Services Division of the Office of Management and Enterprise Services to approve at least two firms that state agencies may select to conduct risk assessments
-
Requires state agencies with non-consolidated information technology systems to submit final risk assessment reports to the Information Services Division by December 1 each year
-
Removes the previous penalty provision for non-compliance and eliminates specific criteria language regarding risk assessment standards
Legislative Description
Information technology; relating to standard risk assessments of state agencies; requiring risk assessment to be conducted by a third party.
Government
Last Action
Approved by Governor 05/13/2014
5/13/2014