In accordance with Utah Code 63F-1-104(5)(a) and (b), DTS is required to “evaluate the adequacy of the department’s and the executive branch agencies’ data and information technology system security standards through an independent third party assessment; and communicate the results of the independent third party assessment to the appropriate executive branch agencies” every two years. The last information security risk assessment was completed in 2015.
With the approval of the Governor’s Office and the State Security Council, the required 2017 information security assessment will be completed by DTS security and internal audit personnel. The results of the assessment will then be validated by an independent, external third party. Individual reports will be issued to appropriate executive branch agencies when the third-party validation is complete.
DTS anticipates the 2017 information security assessment will provide executive branch agencies a more complete assessment of their information security maturity level; however, for this assessment to be successful each agency needs to:
- have appropriate personnel available to answer questions during assigned assessment;
- review assessment questions before the assessment begins; and,
- provide all requested documents to the assessment team before the assessment begins.