While the Department of Insurance (Department) has implemented certain processes and controls to secure its confidential data,
it should strengthen those processes and controls to help prevent unauthorized disclosure of its confidential data.
To minimize security risks, auditors communicated details about the audit findings separately to the Department in writing. One finding was rated Priority,
because of issues that could critically affect the Department’s ability to effectively administer its information security function. Immediate action should be taken to reduce the risk.
Jump to Letter