Who is eligible?
- State of California departments, agencies, or entities
- Systems identified as critical on Technology Recovery Plans (TRPs) or systems that support CA-ESF (essential state functions)
- Legacy and modern systems that are unstable or not meeting the critical needs of users
- Small, medium, and large systems that need stabilization, modernization, or transformation
Does Critical Services charge for services?
- There is no cost to you and you are not obligated or mandated to accept the recommendations we make
What if you are already working with another team or vendor on stabilizing, modernizing or transforming your system?
- Critical Services can partner with you to facilitate cross-agency collaboration
What is a Critical Service?
- If it’s on your Technology Recovery Plan (TRP) or a California Emergency Support Functions (CA-ESFs), then it’s most likely a critical application
- We consider a service delivered or supported by the state that is essential to the health, safety, economic security, or well-being of Californians as critical. These services support the health and safety of the public, either directly or through enabling state operations, and are often most relied upon during moments of personal or societal crisis.
- A critical service is one whose end-to-end experience must remain stable, accessible, equitable, and usable to avoid compounding harm, particularly for vulnerable populations. Disruption, degradation, or complexity in the resident experience of these services can result in disproportionate impacts on individuals and cascading effects on economic participation, public trust, and state operations.
Is this a security assessment?
- No, this is not a security assessment. The assessment objectives and recommendations will not add items to the departmental Plan of Action and Milestones (POAM).
What do you do with the information I provide?
- Our team has signed Non-Disclosure and Confidentiality Agreements to ensure that the data we receive is kept confidential, secure, and accessible only by authorized personnel.
- The reports are not publicly distributed and are generally treated as exempt from disclosure
- Critical Services is required to report data in aggregate to the legislature twice annually, however system identifying information is not shown.
- Full system data is only shared with the respective system owner CIO. High level insights are shared with the respective AIO. Any additional sharing is determined by the State Entity.