What happens when an agency is not in full compliance with the state information security and privacy policy as specified in the State Administrative Manual Chapter 5300?

The agency has an option of certifying whether or not they are in full compliance with all State Administrative Manual Chapter 5300. When the agency finds it has NOT yet implemented all required components, the agency must check the second box on the SIMM 5330-B РInformation Security and Privacy Program Compliance Certification (DOCX) and attach a remediation plan with the certification when it is submitted to Office of Information Security. The remediation plan identifies the noncompliant components along with the timeline(s) indicating when the agency will be compliant.