Bill Text: IL HB5547 | 2017-2018 | 100th General Assembly | Chaptered
Bill Title: Amends the Illinois State Auditing Act. Provides that on a biennial basis, the Auditor General shall conduct a performance audit of State agencies and their cybersecurity programs and practices, with a particular focus on agencies holding large volumes of personal information. Provides for the subjects to be assessed by the audit. Provides for the issuance of an audit report.
Spectrum: Partisan Bill (Democrat 8-0)
Status: (Passed) 2018-08-17 - Public Act . . . . . . . . . 100-0914 [HB5547 Detail]
Download: Illinois-2017-HB5547-Chaptered.html
| ||||
Public Act 100-0914 | ||||
| ||||
| ||||
AN ACT concerning finance.
| ||||
Be it enacted by the People of the State of Illinois,
| ||||
represented in the General Assembly:
| ||||
Section 5. The Illinois State Auditing Act is amended by | ||||
adding Section 3-2.4 as follows:
| ||||
(30 ILCS 5/3-2.4 new) | ||||
Sec. 3-2.4. Cybersecurity audit. | ||||
(a) In conjunction with its annual compliance examination | ||||
program, the Auditor General shall review State agencies and | ||||
their cybersecurity programs and practices, with a particular | ||||
focus on agencies holding large volumes of personal | ||||
information. | ||||
(b) The review required under this Section shall, at a | ||||
minimum, assess the following: | ||||
(1) the effectiveness of State agency cybersecurity | ||||
practices; | ||||
(2) the risks or vulnerabilities of the cybersecurity | ||||
systems used by State agencies; | ||||
(3) the types of information that are most susceptible | ||||
to attack; | ||||
(4) ways to improve cybersecurity and eliminate | ||||
vulnerabilities to State cybersecurity systems; and | ||||
(5) any other information concerning the cybersecurity |
of State agencies that the Auditor General deems necessary | ||
and proper. | ||
(c) Any findings resulting from the testing conducted under | ||
this Section shall be included within the applicable State | ||
agency's compliance examination report. Each compliance | ||
examination report shall be issued in accordance with the | ||
provisions of Section 3-14. A copy of the report shall also be | ||
delivered to the head of the applicable State agency and posted | ||
on the Auditor General's website.
|