Enterprise Risk Management Governance

The Enterprise Risk Management Office (ERM) maintains oversight of the governing bodies related to risk management

Table of Contents

Risk Committee

Members of the committee are either selected or nominated by business unit leaders and members of Senior and Executive Leadership. Its purpose is to ensure the Executive Office of Technology Services and Security (EOTSS) is properly managing its enterprise risks and complying with all laws and regulations. 

Chief Information Security Officer Council

The Commonwealth Chief Information Security Officer and Chief Risk Officer oversees the Chief Information Security Officer (CISO) Council, which is comprised of CISOs from all of the state’s Executive Branch agencies and other cybersecurity officials.

The purpose of the Council is to provide a forum for effective collaboration, thought leadership, insights and sharing about information security leadership, management, and practices across Commonwealth government. The scope of the Council’s efforts is to advise, recommend, and support Commonwealth government participants regarding best practices to identify, manage and mitigate information security risks within the Commonwealth.

The Council is governed by a charter. The charter sets forth the purpose, membership requirements, and conduct of the CISO Council (the “Council”) for the Commonwealth of Massachusetts. CISO Council Charter

Contact

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov

Address

McCormack Building
1 Ashburton Place, 8th Floor, Boston, MA 02108
Last updated: June 11, 2024

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback