How to view the Excel (XLS), Word (DOC), and Adobe Reader (PDF) file formats provided on this webpage.
editable document – Templates, Forms, and Transmittal Letters: documents can be modified and saved to your local drive(s.)
uneditable document – Instructions: documents are unmodifiable, but can be printed.
Required Use
The Statewide Information Management Manual (SIMM) Sections 05 through 80 and Sections 5300 et seq. contain standards, instructions, forms and templates that State agencies must use to comply with Information Technology (IT) policy. If there are questions about any of this material, please contact your assigned Office of Statewide Project Delivery, Project Approval and Oversight Manager who is assigned to your Agency/state entity.
Schedules and Reporting Requirements
05 Reporting Schedules
- A Summary of Required IT Reports and Activities (HTML) – Updated March 2022
10 IT Project Reporting Process Flow
- IT Project Reporting Process Flow (PDF) – Updated August 2016
15 Project Cost Delegation
Project Cost Delegation
- A Project Cost Delegation Instructions (PDF) – Updated March 2021
- B Project Cost Delegation Accreditation Template (DOCX) – Updated March 2021
- C Project Cost Delegation Historical Projects Worksheet (XLSM) – Updated March 2021
- D Project Cost Delegation Executive Transmittal (PDF) – Updated March 2021
Procedures, Instructions, Standards, Forms, Transmittals, and Certifications
17 California Project Management Framework (CA-PMF)
- California Project Management Framework (CA-PMF) website replaces SIMM 17 and the California Project Management Methodology (CA-PMM) – Updated
18 IT Exemptions
- A IT Contract Exemptions Associated with Executive Order S-09-09
- B Cloud Computing Policy Exemption Instructions – Updated October 2023
19 Project Approval Lifecycle
- Project Approval Lifecycle – Updated March 2022
22 COTS/SaaS Acquisition
- A COTS/SaaS Acquisition Information Preparation Instructions (PDF) – Updated February 2015
- B COTS/SaaS Acquisition Information Form (PDF) – Updated February 2016
25 IT Accessibility Resource Guide
- A Information Technology Accessibility Resource Guide (PDF) – Updated December 2023
- B Website Accessibility Certificate Template (PDF) – Updated December 2023
30 Special Project Report (SPR)
- Special Project Report Preparation Instructions (SPR) (PDF) – Updated June 2014
- A SPR Executive Approval Transmittal (PDF) – Updated July 2021
- B Project Summary Package (DOCX) – Updated January 2022
- C SPR Economic Analysis Workbook (EAW) Package Instructions (PDF) – Updated June 2014
40 Internet Domain Name Taxonomy
- A Internet Domain Name Taxonomy Instructions – Updated August 2024
- B Frequently Asked Questions – Updated May 2023
45 Information Technology Project Oversight Framework
- Information Technology Project Oversight Framework (PDF) – Updated April 2017
- A Independent Verification & Validation (IV&V) Statement of Work (SOW) Template (DOCX) – Updated August 2017
- Appendix A Project Management Risk Assessment Template (XLSX) – Updated May 2016
- Appendix B Project Management Risk Assessment Preparation Instructions (PDF) – Updated July 2016
- Appendix C Complexity Assessment (XLSX)
- Appendix D Complexity Assessment Instructions (PDF) – Updated July 2016
- Appendix E Project Status Reports Template (DOCX) – Updated February 2023
- Appendix F Project Status Reports Preparation Instructions (PDF) – Updated December 2017
- Appendix G Independent Project Oversight Report Template (DOCX) – Updated September 2023
50 Post Implementation Evaluation Report (PIER)
55 Information Technology Cost Report
- A – Information Technology Cost Report Instructions – Updated September 2024
- B – Information Technology Cost Report Template (XLSX) – Updated September 2024
- C –Information Technology Cost Report Transmittal (PDF) – Updated December 2020
- D – Information Technology Cost Report FAQs – Updated September 2022
58 Statewide Enterprise Architecture
60 Agency Information Management Strategy (AIMS)
- A AIMS Transmittal Letter (PDF) – Updated October 2019
- B AIMS Annual Certification Letter (PDF) – Updated October 2019
66 Social Media Standards
- B Social Media Standard (PDF) – Updated April 2011
71 Certification of Compliance with IT Policies
- A Certification of Compliance with IT Policies Preparation Instructions (PDF) – Updated July 2024
- B Certification of Compliance with IT Policies Template (PDF) – Updated July 2024
80 California Software Management Policy Annual Statement of Compliance
- California Software Management Policy Annual Statement of Compliance (PDF) – Updated April 2011
5300 Information Security
Statewide Information Management Manual (SIMM) Forms
- SIMM 5300-A – State-Defined Security Parameters for NIST SP 800-53. Contains detailed security control content and classified as confidential and therefore it is available to designated personnel listed on SIMM 5330-A at OIS Extranet (Agency.Net). Vendor access will only be provided under Non-Disclosure Agreement during state entity procurement processes. Reach out to your CDT Account Lead for assistance with accessing ServiceNow or submit request through ServiceNow.
- SIMM 5300-B – Foundational Framework (PDF)
- SIMM 5300-B – Foundational Framework (XLSM)
- SIMM 5300-C – Cybersecurity Maturity Metrics (XLSX) – Updated October 2023
- SIMM 5305 – Risk Register and Plan of Action and Milestones FAQ (HTML) – Updated March 2022
- SIMM 5305-A – Information Security Program Management Standard (PDF) – Updated December 2023
- SIMM 5305-B – Risk Register and Plan of Action and Milestones Instructions (HTML) – Updated March 2022
- SIMM 5305-C – Risk Register and Plan of Action and Milestones Worksheet (XLSX) – Updated October 2022
- SIMM 5305-C- Risk Register and Plan of Action and Milestones Certification (DOCX) – New October 2022
- SIMM 5305-F Generative Artificial Intelligence Risk Assessment (PDF) – June 2024
- SIMM 5310-A – Privacy Statement and Notices Standard (PDF) – Updated September 2022
- SIMM 5310-B – Privacy Individual Access Standard (PDF) – Updated January 2018
- SIMM 5310-C – Privacy Threshold Assessment and Privacy Impact Assessments (DOCX) – Updated July 2024
- SIMM 5315-A – Email Threat Protections Standard – (PDF) – New October 2018
- SIMM 5315-B – Cloud Security Standard – (PDF) – New August 2020
- SIMM 5320-A – Phishing Exercise Standard (PDF) – Updated November 2021
- SIMM 5325-A – Technology Recovery Plan Instructions (PDF) – Updated March 2023
- SIMM 5325-B – Technology Recovery Program Certification (PDF) – Updated March 2023
- SIMM 5330-A – Designation Letter (PDF) – Updated October 2024
- SIMM-5330-B – Information Security and Privacy Program Compliance Certification (PDF) – New October 2023
- SIMM 5330-C – Information Security Compliance Reporting Schedule (PDF) – Updated April 2024
- SIMM 5330-D – Designation Letter Instructions (PDF) – Updated January 2020
- SIMM 5330-E – Host/Hosted Self-Certification (PDF) – New March 2023
- SIMM 5330-F – Information Security and Privacy Program Compliance Certification – New January 2024
- SIMM 5330-G – Supported Program Agreement – Updated October 2024
- SIMM 5330-H Office of Information Security Information Security Policy Compliance and Enforcement Standard – New November 2024
- SIMM 5335-A – Security Event Notification and Response Standard (PDF) – New May 2023
- SIMM 5340-A – Incident Reporting and Response Instructions (PDF) – Updated June 2018
- SIMM 5340-C – Requirements to Respond to Incidents Involving a Breach of Personal Information (PDF) – Updated June 2022
- SIMM 5345-A – Vulnerability Management Standard (PDF) – Updated April 2021
- SIMM 5355-A – Endpoint Protection Standard (PDF) – New January 2019
- SIMM 5355-B –Server Hardening Standard – New October 2024
- SIMM 5360-A – Telework and Remote Access Security Standard – Updated December 2024
- SIMM 5360-B – Remote Access Agreement (PDF) – Updated January 2018
- SIMM 5360-C – Multi-Factor Authentication (PDF) – New May 2023
- SIMM 5360-D – Multi-Factor Authentication Supplemental – New May 2023
Office of Information Security (OIS) Documents
- SAM 5300 – People, Process and Technology: A Navigational Guide for Agency/State Entities to Achieve Effective Information Security (PDF) – Updated September 2022
- California Compliance and Security Incident Reporting System (CAL-CSIRS)
- Cal-CSIRS Designee Request Form (DOCX) – Updated February 2020
- Cal-CSIRS Designee Request Form Instructions – Updated July 2019
- Cal-CSIRS Reset Instructions (PDF) – New July 2019
- Cal-CSIRS FAQs (PDF) – Updated January 2018
- SAFE Designee Request Form (DOCX) – Updated July 2019
Guidelines (Optional Use)
SIMM Sections 110 through 180 contain guidelines, models, forms and templates that State agencies will find useful in the management of their IT programs. Use of any of these guidelines is not mandatory, but agencies are encouraged to make use of them if they need help or guidance in a particular area. If there are questions about any of this material, please contact the California Department of Technology IT Project Oversight Division (ITPOD) manager who is assigned to your Agency/state entity.
110 AIMS Documentation Guidelines
120 Software Management Plan Guidelines
130 Workgroup Collaboration Platform Guidelines
140 Cloud Security Guide
- SIMM 140 – Cloud Security Guide (DOCX) – Updated December 2023
141 California Cloud Services Assessment Guide
- SIMM 141 – California Cloud Services Assessment Guide (PDF) – Updated December, 2023
158 Enterprise Architecture Practices
160 Maintenance & Operations Plan Guidelines
170 Requirements Guideline Set
180 Statement of Work (SOW) Guidelines
- Statement of Work (SOW) Guidelines (PDF) – Updated March 2024