What happens when an agency does not submit a Risk Management and Privacy Program Certification? The Office of Information Security (OIS) has enhanced its Risk Management and Privacy Program Certification compliance review process. The Director and Agency Director for... Read MoreRead more about What happens when an agency does not submit a Risk Management and Privacy Program Certification?
Why is the director of an agency required to sign the Risk Management and Privacy Program Certification? The SIMM 5330-B – Information Security and Privacy Program Compliance Certification is a certification of the agency’s compliance with state information security... Read MoreRead more about Why is the director of an agency required to sign the Risk Management and Privacy Program Certification?
Are there sample notices available for use as a template?Yes. State agencies should refer to the appendices in the SIMM 5340-C – Requirements to Respond to Incidents Involving a Breach of Personal Information.Appendix A – Breach Response and Notification Assessment... Read MoreRead more about Are there sample notices available for use as a template?
Won’t the Office of Information Security and approval process unduly delay the notification process?
Won’t the Office of Information Security review and approval process unduly delay the notification process? No. The Office of Information Security is usually able to turn a notice around within a couple of hours, and definitely within one business day. Through... Read MoreRead more about Won’t the Office of Information Security and approval process unduly delay the notification process?
What is the Office of Information Security? The Office of Information Security (OIS) is an office within the California Department of Technology. The OIS is the primary state government authority charged with ensuring the confidentiality, integrity, and availability... Read MoreRead more about What is the Office of Information Security?