Bill Text: IL HB5547 | 2017-2018 | 100th General Assembly | Engrossed
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Amends the Illinois State Auditing Act. Provides that on a biennial basis, the Auditor General shall conduct a performance audit of State agencies and their cybersecurity programs and practices, with a particular focus on agencies holding large volumes of personal information. Provides for the subjects to be assessed by the audit. Provides for the issuance of an audit report.
Spectrum: Partisan Bill (Democrat 8-0)
Status: (Passed) 2018-08-17 - Public Act . . . . . . . . . 100-0914 [HB5547 Detail]
Download: Illinois-2017-HB5547-Engrossed.html
Bill Title: Amends the Illinois State Auditing Act. Provides that on a biennial basis, the Auditor General shall conduct a performance audit of State agencies and their cybersecurity programs and practices, with a particular focus on agencies holding large volumes of personal information. Provides for the subjects to be assessed by the audit. Provides for the issuance of an audit report.
Spectrum: Partisan Bill (Democrat 8-0)
Status: (Passed) 2018-08-17 - Public Act . . . . . . . . . 100-0914 [HB5547 Detail]
Download: Illinois-2017-HB5547-Engrossed.html
| |||||||
| |||||||
| |||||||
| 1 | AN ACT concerning finance.
| ||||||
| 2 | Be it enacted by the People of the State of Illinois,
| ||||||
| 3 | represented in the General Assembly:
| ||||||
| 4 | Section 5. The Illinois State Auditing Act is amended by | ||||||
| 5 | adding Section 3-2.4 as follows:
| ||||||
| 6 | (30 ILCS 5/3-2.4 new) | ||||||
| 7 | Sec. 3-2.4. Cybersecurity audit. | ||||||
| 8 | (a) In conjunction with its annual compliance examination | ||||||
| 9 | program, the Auditor General shall review State agencies and | ||||||
| 10 | their cybersecurity programs and practices, with a particular | ||||||
| 11 | focus on agencies holding large volumes of personal | ||||||
| 12 | information. | ||||||
| 13 | (b) The review required under this Section shall, at a | ||||||
| 14 | minimum, assess the following: | ||||||
| 15 | (1) the effectiveness of State agency cybersecurity | ||||||
| 16 | practices; | ||||||
| 17 | (2) the risks or vulnerabilities of the cybersecurity | ||||||
| 18 | systems used by State agencies; | ||||||
| 19 | (3) the types of information that are most susceptible | ||||||
| 20 | to attack; | ||||||
| 21 | (4) ways to improve cybersecurity and eliminate | ||||||
| 22 | vulnerabilities to State cybersecurity systems; and | ||||||
| 23 | (5) any other information concerning the cybersecurity | ||||||
| |||||||
| |||||||
| 1 | of State agencies that the Auditor General deems necessary | ||||||
| 2 | and proper. | ||||||
| 3 | (c) Any findings resulting from the testing conducted under | ||||||
| 4 | this Section shall be included within the applicable State | ||||||
| 5 | agency's compliance examination report. Each compliance | ||||||
| 6 | examination report shall be issued in accordance with the | ||||||
| 7 | provisions of Section 3-14. A copy of the report shall also be | ||||||
| 8 | delivered to the head of the applicable State agency and posted | ||||||
| 9 | on the Auditor General's website.
| ||||||
