In a recent government meeting, significant discussions centered around IT security compliance among state agencies and school districts, revealing widespread deficiencies in adherence to established standards. Alex Hagard presented findings from an audit assessing whether selected entities met IT security protocols, with alarming results: nearly half of the evaluated agencies failed to comply with security standards in at least two of three key areas.

The audit, which reviewed 15 entities—including 12 state agencies and three school districts—focused on systems operations, continuity of operations planning, and data center security. The results indicated that nine out of 15 entities did not meet compliance in systems operations, with issues such as inadequate asset inventory and vulnerability scanning. In continuity planning, eight entities were found lacking, with some not having any operational plans in place. Data center security also raised concerns, as seven out of 13 entities failed to comply with necessary controls.

Hagard attributed these shortcomings to a lack of oversight from top management, emphasizing that IT security is ultimately the responsibility of leadership within these organizations. The audit highlighted the need for better monitoring and clearer documentation of contractors' roles in IT security.

In response to the findings, recommendations were made for both the audited entities and the Information Security Office, with a call for legislative consideration to enhance IT security measures across the board. The meeting concluded with a motion to enter a closed session to discuss sensitive security measures further, underscoring the ongoing concerns regarding the protection of state information systems.