Skip to main content
ADOA-ASET Logo
  • Home
  • About
    • Careers
    • Leadership Team
    • Statutes and Rules
    • Meeting Requests
  • Services
    • Current Rates
  • Strategy
    • ACT Recommendations
    • Digital Government
    • Enterprise Architecture
    • Enterprise Project Management Office
    • Strategic Oversight
    • Statewide Strategic IT Plans
  • Governance
    • IT Authorization Committee (ITAC)
    • Chief Information Officer (CIO) Council
    • Change Advisory Board (CAB)
    • Enterprise Security Program Advisory Council (ESPAC)
  • Programs
    • AZNET II - Arizona Network
    • Archived Programs
  • Resources
    • ASET Billing
    • Glossary
    • Policies, Standards and Procedures
    • Security
      • Incident Reporting
    • Service Desk
    • Training
    • Agency Engagement Manager List
  • Home
  • Strategy

A.R.S. 18-105 - Statewide information security and privacy office

18-105 Statewide information security and privacy office; duties; suspension of budget unit's information infrastructure

A. The statewide information security and privacy office is established in the department.  The statewide information security and privacy office shall serve as the strategic planning, facilitation and coordination office for information technology security in this state.  Individual budget units shall continue to maintain operational responsibility for information technology security.

B. The director shall appoint a statewide chief information security officer to manage the statewide information security and privacy office.  The statewide chief information security officer shall report to the director pursuant to section 18-103.

C. The statewide information security and privacy office shall develop, implement, maintain and ensure compliance by each budget unit with a coordinated statewide assurance plan for information security and privacy. The statewide information security and privacy office shall:

1. Direct information security and privacy protection compliance reviews with each budget unit to ensure compliance with standards and effectiveness of security assurance plans as necessary.

2. Identify information security and privacy protection risks in each budget unit and direct agencies to adopt risk mitigation strategies, methods and procedures to lessen these risks.

3. Monitor and report compliance of each budget unit with state information security and privacy protection policies, standards and procedures.

4. Coordinate statewide information security and privacy protection awareness and training programs.

5. Develop other strategies as necessary to protect this state's information technology infrastructure and the data that is stored on or transmitted by the infrastructure.

D. The statewide information security and privacy office may temporarily suspend operation of information infrastructure that is owned, leased, outsourced or shared in order to isolate the source of, or stop the spread of, an information security breach or other similar incident. A budget unit shall comply with directives to temporarily discontinue or suspend operations of information infrastructure.

E. Each budget unit and its contractors shall identify and report security incidents to the statewide information security and privacy office immediately on discovery and deploy mitigation strategies as directed.

tigation strategies as directed.
Statutes & Rules Category: 
Statewide information security and privacy office; duties; suspension of budget unit's information infrastructure
LinkedIn Twitter YouTube This site (RSS)
Arizona State Seal
Contact Us
ADOA-ASET
100 N. 15th Avenue, Suite 400
Phoenix, AZ 85007
Find in Google Maps
Phone: 602.542.2250
Map Image

Footer Utility

  • Statewide Website Policies
  • Site Map
  • Meeting Requests