The bill addresses significant compliance and operational issues identified in the performance audit of the Massachusetts State College Building Authority (MSCBA) for the period from July 1, 2022, to June 30, 2024. It highlights MSCBA's failure to meet the Supplier Diversity Office's (SDO) annual spending benchmarks for minority- and women-owned businesses, with spending on minority-owned businesses at only 0.2% of the discretionary budget, far below the required 8%, and women-owned businesses at 1.2% and 2.1% for fiscal years 2023 and 2024, compared to a 14% benchmark. The bill mandates that MSCBA develop and implement policies to monitor and achieve these benchmarks, including those for LGBTQ and disability-owned businesses, effective July 1, 2024. Additionally, it emphasizes the need for a comprehensive Business Continuity Plan (BCP) and an internal control plan (ICP) based on an agency-wide risk assessment.

Furthermore, the bill outlines specific measures to enhance MSCBA's internal controls and cybersecurity practices. It requires the implementation of protocols for timely revocation of access rights for former employees, session lock mechanisms after five minutes of inactivity, and the establishment of a documented configuration management policy. The bill also calls for regular reviews of audit logs to improve security monitoring. These measures aim to strengthen MSCBA's operational resilience and safeguard sensitive information, addressing the audit's findings while promoting adherence to best practices in governance and risk management.