Information Security - Oversight

Information Security Audit Program
The California Information Security Office (CISO) plays a critical role in ensuring the State’s Information Technology (IT) infrastructure is capable of delivering vital services in a secure, reliable, and trustworthy manner.


The mission of the Information Security Program Audit team is to provide expertise to evaluate compliance with state security and privacy policies, by validating security systems, procedures and practices are in place and working as intended.

State security and privacy policies, and corresponding standards and procedures are accessible online in the State Administrative Manual (SAM), Chapter 5300.

Information security program audits are authorized pursuant to Government Code Section, 11549.3 (d).