Report 2017-302 Recommendation 4 Responses

Report 2017-302: Judicial Council of California: It Needs to Follow Competitive Bidding Processes More Consistently and Establish Clear Guidance for Invoice Processing (Release Date: December 2017)

Recommendation #4 To: Judicial Council of California

By June 2018, the Judicial Council should fully implement the State Auditor's recommendation from 2013 related to controls over its information systems.

1-Year Agency Response

On November 30, 2018, the Judicial Council approved the Judicial Branch Information Security Framework. The meeting minutes will be available in January on the Judicial Council meetings notes page ( The Judicial Council's IT Leadership have also accepted the internal policy manual and disaster recovery plan updates. As mentioned in the previous update, the Judicial Council's information security controls and related framework are by nature confidential documents, but the State Auditor is welcome to review them at any time by visiting the Judicial Council's offices.

  • Completion Date: November 2018
  • Response Date: December 2018

California State Auditor's Assessment of 1-Year Status: Fully Implemented

6-Month Agency Response

The Judicial Council has hired staff who are responsible for developing and monitoring security protocols for key information technology (IT) systems and infrastructure. Updates to the Judicial Branch framework of information systems controls have been completed and are pending presentation to the Judicial Council for ratification. Work is ongoing to address IT security issues, polices are being developed in a manner that involves input from other judicial branch entities, and the Council is actively focused on expanding an information systems security outreach program that was piloted in fiscal year 2017-18.

  • Estimated Completion Date: December 2018
  • Response Date: June 2018

California State Auditor's Assessment of 6-Month Status: Pending

60-Day Agency Response

The Judicial Council's Information Technology (IT) unit anticipates fully correcting the finding by June 2018. Since our previous update, progress has been made on our information technology security program staffing plan with the onboarding of a full time employee to oversee the program in December 2017, and in January 2018, the onboarding of a new manager for the unit the information security program reports to. Remaining steps include ratification of the current revisions of the Judicial Branch Security Framework and Judicial Council Information Technology Policy manual.

  • Estimated Completion Date: June 2018
  • Response Date: February 2018

California State Auditor's Assessment of 60-Day Status: Pending

All Recommendations in 2017-302

Agency responses received are posted verbatim.