Sec. 5. (a) The office shall: (1) develop: (A) standards and guidelines regarding cybersecurity for use by political subdivisions and state educational institutions; and (B) a uniform cybersecurity policy for use by state agencies; and (2) develop, in collaboration with the department of education: (A) a uniform technology resources policy governing use of technology resources by the employees of a school corporation; and (B) a uniform cybersecurity policy for use by school corporations. (b) Not later than December 31, 2027, each public entity shall adopt the following: (1) A policy governing use of technology resources by the public entity's employees. If the public entity is a school corporation, the public entity shall adopt the uniform technology resources policy developed under subsection (a)(2)(A). (2) A cybersecurity policy as follows: (A) If the public entity is a political subdivision or state educational institution, the public entity shall adopt a cybersecurity policy based on standards and guidelines developed under subsection (a)(1)(A). (B) If the public entity is a school corporation, the public entity shall adopt the uniform cybersecurity policy developed under subsection (a)(2)(B). (C) If the public entity is a state agency, the public entity shall adopt the uniform cybersecurity policy developed under subsection (a)(1)(B). (3) A training program regarding the public entity's technology resources policy adopted under subdivision (1) and cybersecurity policy adopted under subdivision (2), completion of which is mandatory for the public entity's employees. (c) The uniform technology resources policy developed under subsection (a)(2)(A) and a technology resources policy adopted by a public entity other than a school corporation under subsection (b)(1) must: (1) prohibit an employee of the public entity from using the public entity's technology resources to: (A) engage in lobbying (as defined in IC 2-7-1-9 ) that is outside the scope of the employee's duties; (B) engage in illegal activity; or (C) violate the public entity's cybersecurity policy; and (2) include disciplinary procedures for violation of the technology resources policy.
‹ Prev All Indiana sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.