November 17, 2019
Print This PagePrint This Page

  *
Session:
Bill #:
Session:
Chamber: View Search Tips
Search Term:
Year: View Search Tips
Search Term:
Select Year:
The Florida Statutes

The 2004 Florida Statutes

Title XIX
PUBLIC BUSINESS
Chapter 282
COMMUNICATIONS AND DATA PROCESSING
View Entire Chapter
Section 282.318, Florida Statutes 2004

282.318  Security of data and information technology resources.--

(1)  This section may be cited as the "Security of Data and Information Technology Resources Act."

(2)(a)  The State Technology Office, in consultation with each agency head, is responsible and accountable for assuring an adequate level of security for all data and information technology resources of each agency and, to carry out this responsibility, shall, at a minimum:

1.  Designate an information security manager who shall administer the security program of each agency for its data and information technology resources.

2.  Conduct, and periodically update, a comprehensive risk analysis to determine the security threats to the data and information technology resources of each agency. The risk analysis information is confidential and exempt from the provisions of s. 119.07(1), except that such information shall be available to the Auditor General in performing his or her postauditing duties.

3.  Develop, and periodically update, written internal policies and procedures to assure the security of the data and information technology resources of each agency. The internal policies and procedures which, if disclosed, could facilitate the unauthorized modification, disclosure, or destruction of data or information technology resources are confidential information and exempt from the provisions of s. 119.07(1), except that such information shall be available to the Auditor General in performing his or her postauditing duties.

4.  Implement appropriate cost-effective safeguards to reduce, eliminate, or recover from the identified risks to the data and information technology resources of each agency.

5.  Ensure that periodic internal audits and evaluations of each security program for the data and information technology resources of the agency are conducted. The results of such internal audits and evaluations are confidential information and exempt from the provisions of s. 119.07(1), except that such information shall be available to the Auditor General in performing his or her postauditing duties.

6.  Include appropriate security requirements, as determined by the State Technology Office, in consultation with each agency head, in the written specifications for the solicitation of information technology resources.

(b)  In those instances in which the State Technology Office develops state contracts for use by state agencies, the office shall include appropriate security requirements in the specifications for the solicitation for state contracts for procuring information technology resources.

History.--ss. 1, 2, 3, ch. 84-236; s. 28, ch. 87-137; s. 1, ch. 89-14; s. 7, ch. 90-160; s. 13, ch. 91-171; s. 234, ch. 92-279; s. 55, ch. 92-326; s. 22, ch. 94-340; s. 863, ch. 95-148; s. 131, ch. 96-406; s. 15, ch. 97-286; s. 25, ch. 2000-164; s. 26, ch. 2001-261.

Site Map
Session:   Bills ·   Calendars ·   Bound Journals ·   Citator ·   Search ·   Appropriations ·   Redistricting ·   Bill Information Reports
Committee Publications
Historical Information
Statutes:   Introduction ·   View Statutes ·   Search Statutes
Flsenate.gov
Disclaimer: The information on this system is unverified. The journals or printed bills of the respective chambers should be consulted for official purposes.    Copyright © 2000-2019 State of Florida.     Privacy Statement     Contact Us     Get Acrobat Reader