Information security (IS) compliance of nonreporting entities that identifies each of the nonreporting entities, considers whether some nonreporting entities could benefit from compliance with and reporting on IS polices and procedures similar to those set by the California Department of Technology, and provides options for the Legislature to consider to improve nonreporting entities’ IS compliance so as to be at least comparable to reporting entities and to achieve a maturity level that reflects the development and implementation of foundational IS program practices and procedures
