The Office of Information Security (OIS) has responsibility and authority to: > Create, issue, maintain and ensure compliance of IT security and privacy policies, standards, and procedures. > Advise and consult with state entities to effectively manage risks. > Conduct, or require to be conducted, independent security assessments or audits of any entity. The Advisory Services Program offers a variety of services to support the state’s Information Security workforce. These services include consultations, general workshops, pre and post audit workshops, tools, training, and other resources.