There is a newer version of the Oklahoma Statutes
2023
2022
2021
2020
2019
Other previous versions
View our newest version here

2015 Oklahoma Statutes
Title 62. Public Finance
§62-34.32. Standard security risk assessment of state agency information technology systems.

62 OK Stat § 62-34.32 (2015) What's This?

A. The Information Services Division of the Office of Management and Enterprise Services shall create a standard security risk assessment for state agency information technology systems that complies with the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) Information Technology - Code of Practice for Security Management (ISO/IEC 27002).

B. Each state agency that has an information technology system shall obtain an information security risk assessment to identify vulnerabilities associated with the information system. Unless a state agency has internal expertise to conduct the risk assessment and can submit certification of such expertise along with the annual information security risk assessment, the risk assessment shall be conducted by a third party. The Information Services Division of the Office of Management and Enterprise Services shall approve not less than two firms which state agencies may choose from to conduct the information security risk assessment. A state agency with an information technology system that is not consolidated under the Information Technology Consolidation and Coordination Act or that is otherwise retained by the agency shall submit a final report of the information security risk assessment to the Information Services Division by the first day of December of each year. The final information security risk assessment report shall identify, prioritize, and document information security vulnerabilities for each of the state agencies assessed.

C. The Information Services Division shall report the results of the state agency assessments required pursuant to this section to the Governor, the Speaker of the House of Representatives, and the President Pro Tempore of the Senate by the first day of January of each year.

Added by Laws 2006, c. 266, § 15, eff. July 1, 2006. Renumbered from § 41.5v of this title by Laws 2009, c. 441, § 64, eff. July 1, 2009. Amended by Laws 2009, c. 451, § 20, eff. April 5, 2010; Laws 2012, c. 304, § 364; Laws 2014, c. 285, § 1.

NOTE: Laws 2009, c. 451, § 26, provides: "The provisions of Sections 3 through 15, 17 through 20, 22 and 23 of this act shall be effective and shall become operative on the effective date of the appointment of the first Chief Information Officer by the Governor as provided for in Section 2 of this act." The first Chief Information Officer was appointed by the Governor on April 5, 2010.

Disclaimer: These codes may not be the most recent version. Oklahoma may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.