General assembly - information security plans.

  1. Law
  2. Colorado Revised Statutes
  3. Government - State
  4. Office of Information Technology
  5. General assembly - information security plans.

Checkout our iOS App for a better way to browser and research.

(1) The general assembly shall develop an information security plan. The information security plan shall provide information security for the communication and information resources that support the operations and assets of the general assembly.

(2) The information security plan shall include:

  1. Periodic assessments of the risk and magnitude of the harm that could result from asecurity incident;

  2. A process for providing adequate information security for the communication andinformation resources of the general assembly;

  3. Information security awareness training for regular employees of the general assembly;

  4. Periodic testing and evaluation of the effectiveness of information security for thegeneral assembly, which shall be performed not less than annually;

  5. A process for detecting, reporting, and responding to security incidents consistentwith the information security policy of the general assembly. The general assembly and the chief information security officer shall establish the terms and conditions by which the general assembly shall report information security incidents to the chief information security officer.

  6. Plans and procedures to ensure the continuity of operations for information resourcesthat support the operations and assets of the general assembly in the event of a security incident.

  1. The legislative service agency directors shall maintain the information security planpursuant to this section and keep the joint technology committee advised of the plan.

  2. Nothing in this section shall be construed to require the general assembly to adoptpolicies or standards that conflict with federal law, rules, or regulations or with contractual arrangements governed by federal laws, rules, or regulations.

  3. The general assembly shall provide regularized security awareness training to informthe regular legislative employees, administrators, and users about the information security risks and the responsibility of employees, administrators, and users to comply with the general assembly's information security plan and the policies, standards, and procedures designed to reduce those risks.

Source: L. 2011: Entire section added, (SB 11-062), ch. 128, p. 431, § 9, effective April

22. L. 2013: (3) amended, (HB 13-1079), ch. 246, p. 1193, § 8, effective May 18.


Download our app to see the most-to-date content.