Information Security Services

Security Standards Exception Reporting

Exceptions to the Statewide Information Security Manual may be reported using an Exception Request Form.

Vendor Readiness Assessment Report

This template should be used when engaging vendors for solutions that are both hosted on the State's infrastructure (e.g. EDC or WDC) and those that are not hosted on the state's infrastructure, such as Infrastructure as a Service, Platform as a Service and Software as a Service. The document captures the “baseline” security requirements that MUST be addressed by vendors to ensure the security of the State’s data. Agencies may add additional requirements due to Federal or other statutory mandates.

Incident Management

North Carolina government agencies handle security breaches and other incidents involving information technology under the terms and conditions of the Memorandum of Understanding for Information Security Threat Responsibilities.

Organizations that provide information on the development and operation of incident management plans are listed below:

Information Security Incident Reporting

Emergency Alerts

The following links provide a clearinghouse of information on new and existing vulnerabilities:

Antivirus Tools & Updates

The latest vendor patches, virus alerts, updates and hoax information:

Security Documentation

Online Security Documentation

Organizations