State Government : IT Security Audits

Authority for IT policies and standards is now placed under the state's Office of the Chief Information Officer (OCIO).

The OCIO's Information Technology Security Policy No. 141 requires state agencies to have a compliance audit every three years. The audits are verifying agencies' compliance with IT security standards. State agencies can conduct the audits themselves, hire a contractor, or request the State Auditor's Office conduct the audit. The State Auditor's Office will perform these as agreed-upon procedures engagements.

If you are interested in having our Office perform one of these agreed-upon procedures engagements, please call
Tara Lindholm at (360) 725-5425 or Diana Evans at (360) 725-5426

  • Search Reports