Section 40-110 - [Effective 7/1/2024] Assistants and employees; salaries; oaths; authority of assistants; responsibility(a) The commissioner of insurance is hereby authorized to appoint an assistant commissioner of insurance, actuaries, two special attorneys who shall have been regularly admitted to practice, an executive secretary, policy examiners, two field representatives, and a secretary to the commissioner. Such appointees shall each receive an annual salary to be determined by the commissioner of insurance, within the limits of available appropriations. The commissioner is also authorized to appoint, within the provisions of the civil service law, and available appropriations, other employees as necessary to administer the provisions of this act. The field representatives authorized by this section may be empowered to conduct inquiries, investigations or to receive complaints. Such field representatives shall not be empowered to make, or direct to be made, an examination of the affairs and financial condition of any insurance company in the process of organization, or applying for admission or doing business in this state.(b) The appointees authorized by this section shall take the proper official oath and shall be in no way interested, except as policyholders, in any insurance company. In the absence of the commissioner of insurance the assistant commissioner shall perform the duties of the commissioner of insurance, but shall in all cases execute papers in the name of the commissioner of insurance, as assistant. The commissioner of insurance shall be responsible for all acts of an official nature done and performed by the commissioner's assistant or any person employed in such office. All the appointees authorized by this section shall hold their office at the will and pleasure of the commissioner of insurance.(c)[Expires 7/1/2026](1) The commissioner shall appoint a chief information security officer who shall be responsible for establishing security standards and policies to protect the department's information technology systems and infrastructure. The chief information security officer shall: (A) Develop a cybersecurity program for the department that complies with the national institute of standards and technology cybersecurity framework (CSF) 2.0, as in effect on July 1, 2024. The chief information security officer shall ensure that such programs achieve a CSF tier of 3.0 prior to July 1, 2028, and a CSF tier of 4.0 prior to July 1, 2030;(B) ensure that the commissioner and all employees complete cybersecurity awareness training annually and that if an employee does not complete the required training, such employee's access to any state-issued hardware or the state network is revoked; and(C)(i)(a) coordinate with the United States cybersecurity and infrastructure security agency to perform annual audits of the department for compliance with applicable state and federal laws, rules and regulations and department policies and standards; and(b) make an audit request to such agency annually, regardless of whether or not such agency has the capacity to perform the requested audit.(ii) Results of audits conducted pursuant to this paragraph shall be confidential and shall not be subject to discovery or disclosure pursuant to the open records act, K.S.A. 45-215 et seq., and amendments thereto.(2) The provisions of this subsection shall expire on July 1, 2026.Amended by L. 2024, ch. 95,§ 9, eff. 7/1/2024.L. 1927, ch. 231, 40-110; L. 1931, ch. 8, § 5; L. 1933, ch. 286, § 12; L. 1937, ch. 329, § 4; L. 1939, ch. 207, § 1; L. 1941, ch. 255, § 1; L. 1943, ch. 277, § 1; L. 1945, ch. 323, § 1; L. 1947, ch. 416, § 1; L. 1949, ch. 423, § 2; L. 1955, ch. 240, § 1; L. 1959, ch. 208, § 1; L. 1963, ch. 257, § 1; L. 1965, ch. 294, § 1; L. 1998, ch. 174, § 31; L. 2007, ch. 141, § 1; July 1.This section is set out more than once due to postponed, multiple, or conflicting amendments.