Skip to main content
Find a Lawyer

Indiana Code Title 13. Environment § 13-18-16.5-1

Current as of January 02, 2024 | Updated by Findlaw Staff

Sec. 1. (a) This chapter applies to an entity that:

(1) is:

(A) a community water system (as defined in IC 13-11-2-35.5(b)) with a population of five hundred (500) or more;

(B) a publicly owned treatment works (as defined in IC 13-11-2-177.5);  or

(C) a semipublic facility (as defined in 327 IAC 5-1.5-59) with a classification of Class III or Class IV (as described in 327 IAC 5-23-3(4) and 327 IAC 5-23-3(5));  and

(2) utilizes:

(A) a computerized system to monitor and control the processes of the entity's operation from a central location;  or

(B) another vulnerable monitoring or management system identified by the department.

(b) An entity shall do the following:

(1) Conduct a cybersecurity vulnerability assessment at least once per calendar year.

(2) Before September 1 of each year, provide the office of technology established by IC 4-13.1-2-1 with the name and contact information of any individual who will act as the primary reporter of a cybersecurity incident.

(3) Beginning in 2026, not later than December 31 of each even-numbered year, submit a certification to the department via a secured portal verifying that the entity:

(A) completed the assessment described in subdivision (1);

(B) mitigated or has documented plans to mitigate identified vulnerabilities;  and

(C) updated emergency response plans to account for vulnerabilities and mitigating procedures.

(4) When an actual or reasonably suspected cybersecurity breach occurs, report the cybersecurity incident to the office of technology established by IC 4-13.1-2-1:

(A) either:

(i) not later than twenty-four (24) hours after discovery of the cybersecurity incident, if the cybersecurity incident impacts the operations of the entity;  or

(ii) not later than two (2) business days after discovery of the cybersecurity incident, if the cybersecurity incident does not impact the operations of the entity;  and

(B) in a format prescribed by the chief information officer of the office of technology.

(c) In conducting an assessment under subsection (b)(1), the entity shall utilize an assessment tool or framework approved by the department and the office of technology established by IC 4-13.1-2-1.

(d) An assessment conducted under subsection (b)(1) is confidential under IC 5-14-3-4(b)(19).

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Indiana Code Title 13. Environment § 13-18-16.5-1 - last updated January 02, 2024 | https://codes.findlaw.com/in/title-13-environment/in-code-sect-13-18-16-5-1/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard