(a) (1) On or before July 1, 2018, the department shall, in consultation with the office and compliance with Section 11549.3, update the Technology Recovery Plan element of the State Administrative Manual to ensure the inclusion of cybersecurity strategy incident response standards for each state agency to secure its critical infrastructure controls and critical infrastructure information.
(2) In updating the standards in paragraph (1), the department shall consider, but not be limited to considering, all of the following:
(A) Costs to implement the standards.
(B) Security of critical infrastructure information.
(C) Centralized management of risk.
(D) Industry best practices.
(E) Continuity of operations.
(F) Protection of personal information.
(b) Each state agency shall provide the department with a copy of its updated Technology Recovery Plan.
(c) Each state agency shall, as part of its Technology Recovery Plan, provide the department with an inventory of all critical infrastructure controls, and their associated assets, in the possession of the agency.
(Amended by Stats. 2017, Ch. 790, Sec. 1. (AB 1022) Effective January 1, 2018.)
Last modified: October 25, 2018