- (a) Not later than December 31 of each odd-numbered year, a public entity shall submit to the office the public entity's cybersecurity policy adopted by the public entity under section 5 of this chapter.
- (b) The office shall establish a procedure for collecting and maintaining a record of cybersecurity policies submitted to the office under subsection (a).
- (c) If a public entity engages a third party to conduct an assessment of the public entity's cybersecurity policy, the public entity shall provide the results of the assessment to the office.
As added by P.L.108-2024, SEC.2. Amended by P.L.142-2025, SEC.4.