This post was originally published on this site
The Legislative Analyst’s Office has just published the following report:
Nonreporting Entities’ Information Security Compliance
The Legislative Analyst’s Office has just released a report—Nonreporting Entities’ Information Security Compliance. The report identifies each nonreporting entity based on one statutory interpretation of the California Department of Technology’s (CDT’s) information security (IS) authority, considers whether some of these entities could benefit from compliance with and reporting on IS policies and procedures similar to those set by CDT, and provides options for the Legislature to consider to improve nonreporting entities’ IS compliance and achieve a certain IS maturity level.
This report is available using the following link: https://lao.ca.gov/Publications/Report/4756