If an agency finds it is not in full compliance with the state information security and privacy policy as specified in the State Administrative Manual Chapter 5300 by the submission deadline, will the Office of Information Security grant an extension?

No. To meet the filing requirement, the agency must submit a SIMM 5330-B РInformation Security and Privacy Program Compliance Certification (DOCX) and remediation plan, if they are not in full compliance. The remediation plan identifies the noncompliant components along with the timeline(s) indicating when the agency will be compliant. The Office of Information Security will follow-up with agencies on their remediation activities to ensure they are completed within the identified timeframes.