The Office of Information Security (OIS) plays a critical role in ensuring the State’s Information Technology (IT) infrastructure is capable of delivering vital services in a secure, reliable, and trustworthy manner.



The mission of the Information Security Program Audit team is to provide expertise to evaluate compliance with state security and privacy policies, by validating security systems, procedures and practices are in place and working as intended.

State security and privacy policies, and corresponding standards and procedures are accessible online in the State Administrative Manual (SAM), Chapter 5300  and NIST 800-53 Rev. 5.

Information security program audits are authorized pursuant to Government Code Section, 11549.3 (d).

More information on the program, rates, how to request the service and FAQs are available on the Information Security Program Audits page.