§27-43.5 Additional duties of the chief information officer relating to security of government information. (a) The chief information officer shall provide for periodic security audits of all executive branch departments and agencies regarding the protection of government information and data communication infrastructure.
(b) Security audits may include on-site audits as well as reviews of all written security procedures and documented practices. The chief information officer may contract with a private firm or firms that specialize in conducting security audits; provided that information protected from disclosure by federal or state law, including confidential tax information, shall not be disclosed. All executive branch departments, agencies, boards, or commissions subject to the security audits authorized by this section shall fully cooperate with the entity designated to perform the audit. The chief information officer may direct specific remedial actions to mitigate findings of insufficient administrative, technical, and physical controls necessary to protect state government information or data communication infrastructure.
(c) This section shall not infringe upon responsibilities assigned to the comptroller or the auditor by any state or federal law. [L 2013, c 265, §2]