Oversee Idaho’s Compliance Program, functioning as an independent and objective body that reviews and evaluates compliance requirements within agencies. This helps agencies, management, and employees follow the rules and regulations of regulatory agencies.
Service Includes
- Act as the liaison between federal/third-party audit teams and ITS technical teams
- Point of contact for supported agencies with compliance mandates
- Perform staff assistance visits to review programs with compliance requirements
- Remain up to date on current regulatory compliance policies and mandates
- Assist with remediating technology related compliance issues
- Review of agency business processes
Prerequisites
- Agency must receive, store, process and/or transmit federal or state data that is classified as level 2 or higher pursuant to ITA Policy P4130 – Information Systems Classification Policy
- Have documented agency level policies and procedures for business practices that use data that fall under compliance mandates or laws
What Is Excluded
- Perform formal auditing functions
Customer Responsibility
- Agencies can expect to purchase and maintain compliance resource tools and licensing required to track federal requirements
- Provide ITS with a list of all federal partners and audit requirements
- Maintain agency level program policy and process documentation
- Provide a point of contact who is familiar with business processes that use data with compliance requirements and have knowledge of where the data resides
- Notify ITS Compliance Office of changes to business practices that may affect how data is protected, used, and stored
- Identify individuals who are authorized to approve and sign off on risk acceptance when identified risks fall within risk tolerance levels
