§5A-6-4a. Duties of the Chief Technology Officer relating to security of government information


Published: 2015

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
WEST VIRGINIA CODE











‹ Back



 |   Print







WVC 5 A- 6 - 4 A

§5A-6-4a. Duties of the Chief Technology Officer relating to

security of government information.

     (a) To ensure the security of state government information and

the data communications infrastructure from unauthorized uses,

intrusions or other security threats, the Chief Technology Officer

is authorized to develop policies, procedures, standards and

legislative rules. At a minimum, these policies, procedures and

standards shall identify and require the adoption of practices to

safeguard information systems, data and communications

infrastructures, as well as define the scope and regularity of

security audits and which bodies are authorized to conduct security

audits. The audits may include reviews of physical security

practices.

     (b) (1) The Chief Technology Officer shall at least annually

perform security audits of all executive branch agencies regarding

the protection of government databases and data communications.

     (2) Security audits may include, but are not limited to, on-

site audits as well as reviews of all written security procedures

and documented practices.

     (c) The Chief Technology Officer may contract with a private

firm or firms that specialize in conducting these audits.

     (d) All public bodies subject to the audits required by this

section shall fully cooperate with the entity designated to perform

the audit.

     (e) The Chief Technology Officer may direct specific remediation actions to mitigate findings of insufficient

administrative, technical and physical controls necessary to

protect state government information or data communication

infrastructures.

     (f) The Chief Technology Officer shall propose rules for

legislative approval in accordance with the provisions of chapter

twenty-nine-a of this code to minimize vulnerability to threats and

to regularly assess security risks, determine appropriate security

measures and perform security audits of government information

systems and data communications infrastructures.

     (g) To ensure compliance with confidentiality restrictions and

other security guidelines applicable to state law-enforcement

agencies, emergency response personnel and emergency management

operations, the provisions of this section do not apply to the West

Virginia State Police, the Division of Protective Services, the

West Virginia Intelligence Fusion Center or the Division of

Homeland Security and Emergency Management.

     (h) The provisions of this section do not infringe upon the

responsibilities assigned to the state Comptroller, the Treasurer,

the Auditor or the Legislative Auditor, or other statutory

requirements.

     (i) In consultation with the Adjutant General, Chairman of the

Public Service Commission, the Superintendent of the State Police

and the Director of the Division of Homeland Security and Emergency

Management, the Chief Technology Officer is responsible for the development and maintenance of an information systems disaster

recovery system for the State of West Virginia with redundant sites

in two or more locations isolated from reasonably perceived threats

to the primary operation of state government. The Chief Technology

Officer shall develop specifications, funding mechanisms and

participation requirements for all executive branch agencies to

protect the state's essential data, information systems and

critical government services in times of emergency, inoperativeness

or disaster. Each executive branch agency shall assist the Chief

Technology Officer in planning for its specific needs and provide

to the Chief Technology Officer any information or access to

information systems or equipment that may be required in carrying

out this purpose. No statewide or executive branch agency

procurement of disaster recovery services may be initiated, let or

extended without the expressed consent of the Chief Technology

Officer.





Note: WV Code updated with legislation passed through the 2015 Regular Session

The WV Code Online is an unofficial copy of the annotated WV Code, provided as a convenience. It has NOT been edited for publication, and is not in any way official or authoritative.