Requires political subdivisions, state agencies, school corporations, and state educational institutions (public entities), with the exception of specified categories of hospitals and the Indianapolis department of public utilities (department), to adopt not later than December 31, 2027, a: (1) technology resources policy; and (2) cybersecurity policy; that meet specified requirements. Provides the department is not required to report a cybersecurity incident to the office of technology (office). Requires the office to develop: (1) standards and guidelines regarding cybersecurity for use by political subdivisions and state educational institutions; and (2) a uniform cybersecurity policy for use by state agencies. Requires the office to develop, in collaboration with the department of education: (1) a uniform technology resources policy governing use of technology resources by the employees of school corporations; and (2) a uniform cybersecurity policy for use by school corporations. Requires: (1) a public entity to biennially submit to the office the cybersecurity policy adopted by the public entity; and (2) the office to establish a procedure for collecting and maintaining a record of submitted cybersecurity policies. Requires a public entity that engages a third party to conduct an assessment of the public entity's cybersecurity policy to provide the results of the assessment to the office.

Statutes affected:
Introduced Senate Bill (S): 4-13.1-4-5, 4-13.1-4-6, 24-4-23-15, 24-4.9-3-3.5, 24-4.9-4-2, 24-15-10-2
Senate Bill (S): 4-13.1-4-2, 4-13.1-4-5, 4-13.1-4-6, 24-4-23-15, 24-4.9-3-3.5, 24-4.9-4-2, 24-15-10-2
Engrossed Senate Bill (S): 4-13.1-4-2, 4-13.1-4-5, 4-13.1-4-6, 24-4-23-15, 24-4.9-3-3.5, 24-4.9-4-2, 24-15-10-2
Senate Bill (H): 4-13.1-2-9, 4-13.1-4-2, 4-13.1-4-5, 4-13.1-4-6, 24-4-23-15, 24-4.9-3-3.5, 24-4.9-4-2, 24-15-10-2