Whether all the computer operating software and application licenses governing all end-user workstations and servers installed and maintained by the State Information Technology Agency include regular updates to address the system flaws to prevent malicious attacks; if not, why not; if so, (a) what operational protocols have been put in place to ensure these changes are implemented and (b) how are these updates audited?