Rule 36-1-1.7 - Auditing and Compliance; State Auditor's Role Compliance with security policies is the responsibility of all state agencies. Any agency that fails to comply with security policies endangers everyone else in state government. Thus the following policy is established to clarify the role of the State Auditor and the Department of Information Technology Services, Information Security Division in auditing compliance:
A. The State Auditor will review how well agencies comply with security policies as part of their normal agency information systems auditing activities.B. As a component of their standard Information Systems audit process, the State Auditor will consider the Enterprise Security Policy in the review of the systems, processes, and procedures that they will examine.C. The State Auditor may request the assistance of the ITS Information Security Division in the performance of this normal audit function.D. The State Auditor may request and review copies of an agency's IT Security Risk Assessment separately or in conjunction with the normal agency audit process.E. Upon determination of any non-compliance, the State Auditor may instruct the agency and/or the ITS Information Security Division to take necessary steps to become compliant.F. Agencies should understand that failure to comply with the Enterprise Security Policy could result in a finding in the agency's audit report from the State Auditor. Miss. Code Ann. § 25-53-1 to § 25-53-25.