(1) Require an annual independent audit of each part of
the SURE system, supporting architecture and connected
systems using a comprehensive framework of security standards
which includes a test of the information technology's general
controls, tests of cyber-security controls, vulnerability
assessments and penetration testing. The following shall
apply:
(i) Require that auditors have full and confidential
access to all information and documents.
(ii) Require sufficient and appropriate evidence to
back up assertions that the disclosure of certain
information to auditing agencies is legally impossible.
(iii) Require counties, the Department of
Transportation and other related agencies involved in
voter registration to cooperate with future audits.
(iv) Require results of audits be provided to those
in charge of the governance of the SURE system.
(2) After conducting cleansing procedures in preparation
for migrating to the replacement system for SURE, perform
periodic data analysis to ensure that duplicate records
created in error are identified and removed from SURE in a
timely manner.
(3) Evaluate the lists of voter records provided by DAG
with a date of birth listed in SURE as January 1, 1800,
January 1, 1900, or January 1, 1901, and who appear to be 100
years of age or older and instruct the counties to determine
the correct date of birth and ensure the record is still
valid and the voter is not deceased.
(4) Evaluate the lists of potentially deceased voters
provided by the Department of the Auditor General and
20220SB1018PN1331 - 8 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30