Schedule of Required Security Reporting Activities

The following provides a summary schedule of required security reporting activities with corresponding due dates. Unless otherwise noted, all reports are submitted in hard copy with original signature(s) to the California Information Security Office. Compliance reporting requirements are clearly outlined in SAM Section 5330.2.

Report/Activity Instructions
and Forms
Due Date
Designation Letter SIMM 5330-A Annually by January 31 and within ten (10) business days of any change in designee
Risk Management and Privacy Program Compliance Certification SIMM 5330-B Annually by January 31
Technology Recovery Program Certification SIMM 5325-A

SIMM 5325-B
Annually pursuant to the TRP Submission Schedule
Information Security Incident Report SIMM 5340-A

SIMM 5340-B

SIMM 5340-C
Within ten (10) business days from submittal into the California Compliance and Security Incident Reporting System (Cal-CSIRS)


Last Updated: Friday, July 22, 2016