Colorado Cybersecurity Audit Information Request

To Whom It May Concern:

Pursuant to the Colorado Open Records Act, I hereby request the following records:

Any results of the most recent cybersecurity audit or risk assessment conducted by the Governor's Office of Information Technology, or by a third party on behalf of the office.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

I recognize that these types of documents contain sensitive information about the state's networks, and could be subject to an exemption to protect public safety. However, I'm not looking for specific details on the networks or their vulnerabilities, merely any summaries or aggregated data produced for the state to get an overall picture of cybersecurity concerns.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 3 business days, as the statute requires.

Sincerely,

Alex Koma