2014 -- H 7533 | |
======== | |
LC004438 | |
======== | |
STATE OF RHODE ISLAND | |
IN GENERAL ASSEMBLY | |
JANUARY SESSION, A.D. 2014 | |
____________ | |
A N A C T | |
RELATING TO PUBLIC FINANCE - POST AUDIT OF ACCOUNTS | |
| |
Introduced By: Representatives Phillips, Casey, Abney, Tomasso, and Shekarchi | |
Date Introduced: February 26, 2014 | |
Referred To: House Corporations | |
(Administration) | |
It is enacted by the General Assembly as follows: | |
1 | SECTION 1. Chapter 35-7 of the General Laws entitled “Post Audit of Accounts” is |
2 | hereby amended by adding thereto the following section: |
3 | 35-7-15. Audit of information security systems. – (a) The general assembly recognizes |
4 | that the security of government computer systems is essential to ensuring the stability and |
5 | integrity of vital information gathered and stored by the government for the benefit of the |
6 | citizenry and the breach of security over computer systems presents a risk to the health, safety, |
7 | and welfare of the public. It is the intent of the legislature to insure that government computer |
8 | systems and information residing on these systems are protected from unauthorized access, |
9 | compromise, sabotage, hacking, viruses, destruction, illegal use, cyber attack or any other act |
10 | which might jeopardize or harm the computer systems and the information stored on them. |
11 | (b) In conjunction with the powers and duties outlined in this chapter, the bureau of |
12 | audits may conduct reviews and assessments of the various government computer systems and |
13 | the security systems established to safeguard these computer systems. Computer systems subject |
14 | to this section shall include systems which pertain to federal, state, or local programs, and quasi- |
15 | governmental bodies, and the computer systems of any entity or program which is subject to audit |
16 | by the bureau of audits. The bureau of audit’s review may include an assessment of system |
17 | vulnerability, network penetration, potential security breaches, and susceptibility to cyber attack |
18 | and cyber fraud. |
19 | (c) In the event the review by the bureau of audits indicates a computer system is |
| |
1 | vulnerable, or security over the system is lacking, those findings shall not be disclosed publicly |
2 | and shall not be considered public records. Notwithstanding any other provision of law to the |
3 | contrary, the work papers developed in connection with the review of the computer system and |
4 | the security over the system shall not be deemed public records and are not subject to disclosure. |
5 | The bureau of audit’s findings may be disclosed at the discretion of the bureau of audits to the |
6 | chief information officer and the director of administration. Unless the bureau of audits authorizes |
7 | the release of information or findings gathered in the conduct of a review of computer system |
8 | security, all such information shall be deemed classified, confidential, secret, and non-public. |
9 | (d) In order to maintain the integrity of the computer system, the bureau of audits may |
10 | procure the services of specialists in information security systems or other contractors deemed |
11 | necessary in conducting reviews under this section, and in procuring those services shall be |
12 | exempt from the requirements of the state purchasing law or regulation. |
13 | (e) Any outside contractor or vendor hired to provide services in the review of the |
14 | security of a computer system shall be bound by the confidentiality provisions of this section. |
15 | SECTION 2. This act shall take effect upon passage. |
======== | |
LC004438 | |
======== | |
| LC004438 - Page 2 of 3 |
EXPLANATION | |
BY THE LEGISLATIVE COUNCIL | |
OF | |
A N A C T | |
RELATING TO PUBLIC FINANCE - POST AUDIT OF ACCOUNTS | |
*** | |
1 | This act would provide that the bureau of audits may conduct reviews and assessments of |
2 | government computer systems and the security systems that safeguard the computer systems. |
3 | This act would further provide that in the event the bureau of audits determines a system to be |
4 | vulnerable or lacking such findings shall not be publicly disclosed or considered a public record. |
5 | This act would take effect upon passage. |
======== | |
LC004438 | |
======== | |
| LC004438 - Page 3 of 3 |