§ 35-7-15. Audit of information security systems. (a) The general assembly recognizes that the security of government computer systems is essential to ensuring the stability and integrity of vital information gathered and stored by the government for the benefit of the citizenry and the breach of security over computer systems presents a risk to the health, safety, and welfare of the public. It is the intent of the legislature to ensure that government computer systems and information residing on these systems are protected from unauthorized access, compromise, sabotage, hacking, viruses, destruction, illegal use, cyber attack, or any other act that might jeopardize or harm the computer systems and the information stored on them.
(b) In conjunction with the powers and duties outlined in this chapter, the office of internal audit may conduct reviews and assessments of the various government computer systems and the security systems established to safeguard these computer systems. Computer systems subject to this section shall include systems that pertain to federal, state, or local programs, and quasi-governmental bodies, and the computer systems of any entity or program that is subject to audit by the office of internal audit. The office of internal audit's review may include an assessment of system vulnerability, network penetration, potential security breaches, and susceptibility to cyber attack and cyber fraud.
(c) The office of internal audit's findings shall be deemed public records and available for public inspection; provided, however, in the event the review indicates a computer system is vulnerable, or security over the system is otherwise deficient, reasonably segregable portions of the findings shall be subject to public inspection after the redaction of any information, the disclosure of which, would endanger the security of the system or reveal the specific nature of the vulnerabilities found. Notwithstanding any other provision of law to the contrary, the work papers developed in connection with the review of computer systems and the security over those systems authorized by this section shall not be deemed public records and are not subject to disclosure.
(d) In order to maintain the integrity of the computer system, the office of internal audit may procure the services of specialists in information security systems or other contractors deemed necessary in conducting reviews under this section, and in procuring those services shall be exempt from the requirements of the state purchasing law or regulation.
(e) Any outside contractor or vendor hired to provide services in the review of the security of a computer system shall be bound by the confidentiality provisions of this section.
History of Section. (P.L. 2014, ch. 259, § 1; P.L. 2014, ch. 317, § 1; P.L. 2016, ch. 142, art. 4, § 9.)
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal plans you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with easy access to affordable legal services through a network of independent law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our network law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your network law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal plans, and access to the LegalFix networks of law firms are subject to the LegalFix Terms of Service and Privacy Policy.