HOUSE BILL No. 1156
DIGEST OF INTRODUCED BILL
Citations Affected: IC 4-23-16-13.
Synopsis: State information security management. Requires the state
information technology oversight commission to appoint a group of
individuals to develop a state information security policy. Requires the
commission to appoint a director of information security to implement
the policy. Requires each state agency and branch of state government
to designate an information security liaison. Requires each state agency
and branch of state government to implement the information security
Effective: July 1, 2004.
January 13, 2004, read first time and referred to Committee on Technology, Research and
Second Regular Session 113th General Assembly (2004)
PRINTING CODE. Amendments: Whenever an existing statute (or a section of the Indiana
Constitution) is being amended, the text of the existing provision will appear in this style type,
additions will appear in this style type
, and deletions will appear in
this style type.
Additions: Whenever a new statutory provision is being enacted (or a new constitutional
provision adopted), the text of the new provision will appear in this style type
. Also, the
will appear in that style type in the introductory clause of each SECTION that adds
a new provision to the Indiana Code or the Indiana Constitution.
Conflict reconciliation: Text in a statute in this style type
this style type
between statutes enacted by the 2003 Regular Session of the General Assembly.
HOUSE BILL No. 1156
A BILL FOR AN ACT concerning state offices and administration.
Be it enacted by the General Assembly of the State of Indiana:
SOURCE: IC 4-23-16-13; (04)IN1156.1.1. -->
SECTION 1. IC 4-23-16-13 IS ADDED TO THE INDIANA CODE
AS A NEW
SECTION TO READ AS FOLLOWS [EFFECTIVE JULY
1, 2004]: Sec. 13. (a) As used in this section, "director" refers to the
director of information security designated under subsection (c).
(b) The commission shall appoint a group to develop a state
information security policy. The group appointed under this
subsection must include the following:
(1) A designee of the commissioner of the Indiana department
(2) A designee of the director of the state personnel
(3) A designee of the commission on public records.
(4) An individual representing the separately elected state
(5) An individual representing state agencies.
(6) The executive director of the legislative services agency.
(7) An individual representing the judicial branch of state
(8) The director.
The commission may appoint individuals to the group to represent
other interests that the commission considers necessary for the
development of the information security policy.
(c) The commission shall designate a member of the
commission's staff as the director of information security for the
state. The director shall do the following:
(1) Direct the implementation of the information security
(2) Coordinate the information security policy with the
information security liaisons.
(3) Obtain resources and expertise relating to information
security from state educational institutions.
(4) Work with private sector telecommunications and
technology companies to enhance the information security
(5) With the assistance of the state personnel department,
develop and implement an education and awareness program
to educate state employees about the state information
security policy and how to implement the policy.
(6) Apply for grants and other financial assistance relating to
implementation of the information security policy.
(7) Perform other duties relating to information security
assigned by the commission.
(d) Each state agency, the legislative branch of state
government, and the judicial branch of state government shall
appoint an employee to be the agency's or branch's information
security liaison. The information security liaison is responsible for
implementing the information security policy for the state agency
or branch of government.
(e) The information security policy must provide for the
(1) Encryption of confidential information maintained by
(2) Specifications for software to provide daily audits and
reports for each state agency and branch of state government
to monitor compliance with the information security policy.
(3) Requiring the purchase of information security products
on a statewide basis rather than on an agency basis.
(4) Recruiting to state employment individuals who have
education in information security.
(5) Contracting for professional services relating to
(6) Sharing information security expertise and resources with
The information security policy must recognize the independence
of each of the three (3) branches of state government.
(f) Notwithstanding any other law, the information security
policy developed under this section applies to the executive,
including the administrative, the legislative, and the judicial
branches of state government.