North Carolina Office of the State Chief Information Officer

Enterprise Security & Risk Management Office

Chris Estes, State CIO


The Enterprise Security and Risk Management Office (ESRMO) provides leadership in the development, delivery and maintenance of an information security and risk management program that safeguards the state's information assets and the supporting infrastructure against unauthorized use, disclosure, modification, damage or loss. The ESRMO supports a comprehensive statewide program that encompasses information security implementation, monitoring, threat and vulnerability management, cyber incident management, and enterprise business continuity management. The ESRMO works with executive branch agencies to help them comply with legal and regulatory requirements, the statewide technical architecture, policies, industry best practices, and other requirements. Working with state agencies, federal and local governments, citizens and private sector businesses, ESRMO helps to manage risk to support secure and sustainable information technology services to meet the needs of our citizens.


  • Protect confidentiality, integrity and availability of citizen’s data
    • Data is classified and retained according to state law
    • Data is encrypted when appropriate
    • Ensure data is not compromised
    • Data is available when required by citizens, agencies, or application
  • Promote a safe and secure information technology operations environment
    • Coordinate incident response between the interested parties
    • Statewide program of threat and vulnerability management
    • Disseminate information about protective measures for security and business continuity threats
    • Provide training to North Carolina employees in information security, risk, compliance and business continuity
    • Help to create and sustain information security and risk management awareness programs
  • Coordination / Communication
    • Work with agencies to disperse information concerning risks and security incidents
    • Work with state, local, and federal agencies as required
    • Advisor on risk management and security for statewide information technology projects
    • Coordinate statewide security and risk management communication
  • Identify and provide guidance on risk management, business continuity planning, audits and compliance
    • Provide assistance and consultation on IT risk management, and business continuity plans/COOP
    • Facilitate and coordinate audits/assessments of information technology infrastructure
    • Support enterprise business continuity management
    • Provides reasonable assurance that IT security, risk and compliance objectives are being achieved
visit related sites Governor's Office SCIO ITS