Authority for IT policies and standards is now placed under the state's Office of the Chief Information Officer (OCIO).
The OCIO's Information Technology Security Policy No. 141 requires state agencies to have a compliance audit every three years. The audits are verifying agencies' compliance with IT security standards. State agencies can conduct the audits themselves, hire a contractor, or request the State Auditor's Office conduct the audit. The State Auditor's Office will perform these as agreed-upon procedures engagements.
Our Office is currently working with the OCIO to revise the
processes and procedures for completing these audits. If you are interested in having our Office perform one
of these agreed-upon procedures engagements, please call
Pete Donnell at (360)
725-5428 or Tara Lindholm at (360) 725-5425.