Colorado § 24-37.5-404.7 General assembly - information security plans

Colorado Statutes

§ 24-37.5-404.7 — General assembly - information security plans

Colorado § 24-37.5-404.7

Title 24Government

Art.Office of Information Technology

This text of Colorado § 24-37.5-404.7 (General assembly - information security plans) is published on Counsel Stack Legal Research, covering Colorado primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

Colo. Rev. Stat. § 24-37.5-404.7 (2026).

Text

(1)The general assembly shall develop an information security plan. The information security plan shall provide information security for the communication and information resources that support the operations and assets of the general assembly.

(2)The information security plan shall include:

(a)Periodic assessments of the risk and magnitude of the harm that could result from a security incident;

(b)A process for providing adequate information security for the communication and information resources of the general assembly;

(c)Information security awareness training for regular employees of the general assembly;

(d)Periodic testing and evaluation of the effectiveness of information security for the general assembly, which shall be performed not less than annually;

(e)A

Free access — add to your briefcase to read the full text and ask questions with AI

(1) The
general assembly shall develop an information security plan. The information
security plan shall provide information security for the communication and
information resources that support the operations and assets of the general
assembly.

(2) The information security plan shall include:

(a) Periodic assessments of the risk and magnitude of the harm that could
result from a security incident;

(b) A process for providing adequate information security for the
communication and information resources of the general assembly;

(c) Information security awareness training for regular employees of the
general assembly;

(d) Periodic testing and evaluation of the effectiveness of information
security for the general assembly, which shall be performed not less than annually;

(e) A process for detecting, reporting, and responding to security incidents
consistent with the information security policy of the general assembly. The
general assembly and the chief information security officer shall establish the
terms and conditions by which the general assembly shall report information
security incidents to the chief information security officer.

(f) Plans and procedures to ensure the continuity of operations for
information resources that support the operations and assets of the general
assembly in the event of a security incident.

(3) The legislative service agency directors shall maintain the information
security plan pursuant to this section and keep the joint technology committee
advised of the plan.

(4) Nothing in this section shall be construed to require the general
assembly to adopt policies or standards that conflict with federal law, rules, or
regulations or with contractual arrangements governed by federal laws, rules, or
regulations.

(5) The general assembly shall provide regularized security awareness
training to inform the regular legislative employees, administrators, and users
about the information security risks and the responsibility of employees,
administrators, and users to comply with the general assembly's information
security plan and the policies, standards, and procedures designed to reduce those
risks.

Legislative History

Source: L. 2011: Entire section added, (SB 11-062), ch. 128, p. 431, � 9, effective April 22. L. 2013: (3) amended, (HB 13-1079), ch. 246, p. 1193, � 8, effective May 18.