California Releases Scorecard on State Agency Security Compliance

State Technology Update - November 30, 2010

The Office of Information Security (OIS) today released the first Security Reporting

Scorecard in accordance with a new policy issued last month to improve accountability within the state's information security programs.  Consistent with Chapter 404, Statutes of 2010 (AB 2408), the policy requires Executive Branch departments and agencies to report on measures taken to comply with security policies, standards and procedures as detailed in the State Administrative Manual.

Now online, the Scorecard is published on the Office of the Chief Information Officer (OCIO) Web site under OIS's Policy Compliance page at:   It will be updated quarterly on an ongoing basis.

"This accomplishment is a continuation of transparency and accountability in achieving state security compliance goals and objectives," said Keith Parker, Acting Director and Chief Information Security Officer for the State of California.

Last month, the Office of the State Chief Information Officer issued ITPL 10-13 to:

  1. Establish the Security Reporting Scorecard process for reporting on state Agency and department participation in required security reporting activities.

  2. Remind Department Directors, Agency Chief Information Officers (Agency CIOs), Department Chief Information Officers (CIOs), Agency Information Security Officers (AISO) and Information Security Officers (ISOs) of their reporting responsibilities.

When the OCIO was established in January 2008, it was the intent of the Legislature and Governor to create an agency that, among other things, establishes policies and standards to ensure that state information technology systems run effectively. Through changes to the State Administrative Manual and the Statewide Information Management Manual, the OCIO creates statewide policy for the Executive Branch to ensure coordination as the agency works to oversee IT activities with a common direction and vision.

Beginning January 1, 2011, the OCIO will be renamed the California Technology Agency in accordance with Chapter 404, Statutes of 2010 (AB 2408).

Questions concerning this policy should be directed to the Office of Information Security at (916) 445-5239 or via email to

Contact: Bill Maile (916) 549-2845