This week, the Office of Information Security released an updated Security Reporting Scorecard to improve accountability within the state’s information security programs.

Updated quarterly, the scorecard is part of AB 2408 (Chapter 404, Statutes of 2010) that requires executive branch departments and agencies to report on measures taken to comply with security policies, standards and procedures as detailed in the State Administrative Manual. Such measures include a department’s certification of a disaster recovery plan, risk management and privacy compliance certification and telework and remote access security compliance, among other things.

More background on the policy can be found here.