• Office of the Comptroller

NOW AVAILABLE: Statewide Contract ITS78 for Data and Cybersecurity Services

ITS78: Statewide Contract for Data, Cybersecurity, and Related Audit, Compliance, and Incident Responses Services User Guide is now available.


This is a Statewide Contract for Data, Cybersecurity, and Related Audit, Compliance, and Incident Response Services. Services include a full range of audit, penetration tests, reviews, and validation of compliance with legal, regulatory and policy requirements, and related services in areas such as data breach investigation, remediation, and security of confidential information.


As part of financial internal controls and fiscal responsibility, state agencies are required to comply with the cybersecurity and data security standards. These standards apply to all Executive Department offices and agencies and are the default standard for non-Executive Departments who have not adopted comparable cyber and data security standards as part of their internal control plan.


Budgets should now routinely include dedicated funding for cybersecurity risk assessments, prevention, and mitigation. As the the new budget cycle approaches, we recommend that you work with your fiscal staff to create a plan to ensure compliance with the Enterprise Security Standards as part of your organization’s Internal Control Plan.


See our Cyber Center for additional resources and links for cyber alerts, and contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks.


cybersecurity tip header image

17 views0 comments