Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I skip having an information security program in place in Illinois? What are the requirements?

Information Security Program Requirements in Illinois

Illinois has established the Illinois Information Security Improvement Act [2.2](#[2.2]), which requires all state agencies to develop and maintain an Information Security Program [1.1](#[1.1]). The purpose of this Act is to provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support State agency operations and assets [2.1](#[2.1]).

Requirements for State Agencies

State agencies are required to develop and maintain an Information Security Program that includes the following:

  • Minimum security controls required to protect State of Illinois information and information systems [2.1](#[2.1])
  • Information security risk management program [2.5](#[2.5])
  • Information security policies, standards, procedures, and guidelines [2.5](#[2.5])
  • Information security awareness training for State agency personnel [2.5](#[2.5])
  • Pre-deployment information security assessments for critical information systems [2.3](#[2.3])
  • Rapid and effective identification of threats, risks, and vulnerabilities to State information systems [2.5](#[2.5])
  • Capabilities and procedures for detecting, reporting, and responding to information security incidents [2.5](#[2.5])
  • Compliance with State information security policies, standards, and procedures [2.3](#[2.3])
  • Coordination with the Office of the Statewide Chief Information Security Officer [2.3](#[2.3])

Consequences of Non-Compliance

State agencies that fail to comply with the requirements of the Illinois Information Security Improvement Act may be subject to disciplinary action, including termination of employment [2.1](#[2.1]).

Can I skip having an information security program in place in Illinois?

No, state agencies in Illinois are required to develop and maintain an Information Security Program [1.1](#[1.1]). Failure to comply with this requirement may result in disciplinary action [2.1](#[2.1]).

Therefore, it is highly recommended that state agencies in Illinois comply with the requirements of the Illinois Information Security Improvement Act to ensure the effectiveness of information security controls over information resources that support State agency operations and assets.

Source(s):
Jurisdiction

Illinois