Skip to main content
Find a Lawyer

Colorado Revised Statutes Title 24. Government State § 24-37.5-404.7. General assembly--information security plans

Current as of January 01, 2025 | Updated by Findlaw Staff

(1) The general assembly shall develop an information security plan. The information security plan shall provide information security for the communication and information resources that support the operations and assets of the general assembly.

(2) The information security plan shall include:

(a) Periodic assessments of the risk and magnitude of the harm that could result from a security incident;

(b) A process for providing adequate information security for the communication and information resources of the general assembly;

(c) Information security awareness training for regular employees of the general assembly;

(d) Periodic testing and evaluation of the effectiveness of information security for the general assembly, which shall be performed not less than annually;

(e) A process for detecting, reporting, and responding to security incidents consistent with the information security policy of the general assembly. The general assembly and the chief information security officer shall establish the terms and conditions by which the general assembly shall report information security incidents to the chief information security officer.

(f) Plans and procedures to ensure the continuity of operations for information resources that support the operations and assets of the general assembly in the event of a security incident.

(3) The legislative service agency directors shall maintain the information security plan pursuant to this section and keep the joint technology committee advised of the plan.

(4) Nothing in this section shall be construed to require the general assembly to adopt policies or standards that conflict with federal law, rules, or regulations or with contractual arrangements governed by federal laws, rules, or regulations.

(5) The general assembly shall provide regularized security awareness training to inform the regular legislative employees, administrators, and users about the information security risks and the responsibility of employees, administrators, and users to comply with the general assembly's information security plan and the policies, standards, and procedures designed to reduce those risks.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Colorado Revised Statutes Title 24. Government State § 24-37.5-404.7. General assembly--information security plans - last updated January 01, 2025 | https://codes.findlaw.com/co/title-24-government-state/co-rev-st-sect-24-37-5-404-7/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard