Start preparing now for the 2025 Department Head Enterprise Security Review and Approval
The Fiscal Year Memo for the 2025 Department Head Enterprise Security Review and Approval will be posted in early May. Mark your calendars for the due date for the completed DocuSign PowerForm which is currently scheduled for June 11, 2025.
This timeline will avoid interfering with the last two weeks of the fiscal year closing and the opening of the new fiscal year. The annual review process remains the same so completion should be straightforward and familiar. A job aid has been posted to PowerDMS detailing review and submission of the DocuSign PowerForm. We recognize the time commitment required; however, we believe the time and effort spent on security access management is a support for, not a distraction from, your department’s mission.
Department Security Officers (DSOs) are responsible for coordinating the Enterprise Security reviews and assisting the department head and other leadership staff with the completion of the Power Form. Here are some steps DSOs can take now to get ready!
Action Steps:
- Remind staff that the annual review is coming up and to evaluate if the current security roles for staff require any updates. Updates include removing roles that are not used or needed for backup coverage. Reviews include that security roles support segregation of duties to prevent any single person from having too much security access without secondary reviews by another person(s).
- Make sure your Primary DSO and Back-up DSOs are up-to-date on the Statewide Key Contacts Listing.
- If updates are needed, please submit a Key State Finance Law Compliance Responsibilities Contacts Update Form as soon as possible. For resources related to the DocuSign PowerForm, please see: Electronic Signatures page on the CTR Intranet
Bookmark our new CTR Compliance Corner page as your one-stop shop for alerts and success factors to integrate into your system of internal controls and daily operations to keep you safe on your mission.
See our Internal Controls page for more information on internal controls and contact [email protected] if you need support from our Statewide Risk Management Team.