Why is the director of an agency required to sign the Risk Management and Privacy Program Certification?

The SIMM 5330-B – Information Security and Privacy Program Compliance Certification (DOCX) is a certification of the agency’s compliance with state information security and privacy policy requirements as specified in the State Administrative Manual Chapter 5300 (PDF).

It also provides an indicator of the state’s security posture and helps ensure that the agency Director is aware of the requirements and the agency’s status in meeting these requirements.

When must the Risk Management and Privacy Program Certification be submitted to the Office of Information Security?

This SIMM 5330-B – Information Security and Privacy Program Compliance Certification (DOCX) must be submitted by the last business day of the state entity’s scheduled reporting month.