ENGROSSED SECOND SUBSTITUTE HOUSE BILL 1274

State of Washington
67th Legislature
2021 Regular Session
ByHouse Appropriations (originally sponsored by Representatives Hackney, Stokesbary, Robertson, Bateman, Springer, Walen, Leavitt, Berg, and Slatter)
READ FIRST TIME 02/22/21.
AN ACT Relating to cloud computing solutions; amending RCW 43.105.020 and 43.105.375; creating new sections; and providing an expiration date.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:
NEW SECTION.  Sec. 1. (1) The legislature finds that the advent of the COVID-19 pandemic has increased the needs of the people of Washington for state services. From unemployment benefits to information on the incidence of disease in the state, Washingtonians have increasingly turned to state government for vital services and information.
(2) The legislature further finds that the state's information technology infrastructure is outdated and with insufficient capacity to handle the increased demand and has, in many cases, not been adequate to enable the state to provide the needed services effectively and efficiently.
(3) Therefore, the legislature intends to migrate the state's information technology toward cloud services, which will deliver the capacity, security, resiliency, disaster recovery capability, and data analytics necessary to allow the state to provide Washingtonians the services they require during this pandemic and in the future.
Sec. 2. RCW 43.105.020 and 2017 c 92 s 2 are each amended to read as follows:
The definitions in this section apply throughout this chapter unless the context clearly requires otherwise.
(1) "Agency" means the consolidated technology services agency.
(2) "Board" means the technology services board.
(3) "Cloud computing" has the same meaning as provided by the special publication 800-145 issued by the national institute of standards and technology of the United States department of commerce as of September 2011 or its successor publications.
(4) "Customer agencies" means all entities that purchase or use information technology resources, telecommunications, or services from the consolidated technology services agency.
(((4)))(5) "Director" means the state chief information officer, who is the director of the consolidated technology services agency.
(((5)))(6) "Enterprise architecture" means an ongoing activity for translating business vision and strategy into effective enterprise change. It is a continuous activity. Enterprise architecture creates, communicates, and improves the key principles and models that describe the enterprise's future state and enable its evolution.
(((6)))(7) "Equipment" means the machines, devices, and transmission facilities used in information processing, including but not limited to computers, terminals, telephones, wireless communications system facilities, cables, and any physical facility necessary for the operation of such equipment.
(((7)))(8) "Information" includes, but is not limited to, data, text, voice, and video.
(((8)))(9) "Information security" means the protection of communication and information resources from unauthorized access, use, disclosure, disruption, modification, or destruction in order to:
(a) Prevent improper information modification or destruction;
(b) Preserve authorized restrictions on information access and disclosure;
(c) Ensure timely and reliable access to and use of information; and
(d) Maintain the confidentiality, integrity, and availability of information.
(((9)))(10) "Information technology" includes, but is not limited to, all electronic technology systems and services, automated information handling, system design and analysis, conversion of data, computer programming, information storage and retrieval, telecommunications, requisite system controls, simulation, electronic commerce, radio technologies, and all related interactions between people and machines.
(((10)))(11) "Information technology portfolio" or "portfolio" means a strategic management process documenting relationships between agency missions and information technology and telecommunications investments.
(((11)))(12) "K-20 network" means the network established in RCW 43.41.391.
(((12)))(13) "Local governments" includes all municipal and quasi-municipal corporations and political subdivisions, and all agencies of such corporations and subdivisions authorized to contract separately.
(((13)))(14) "Office" means the office of the state chief information officer within the consolidated technology services agency.
(((14)))(15) "Oversight" means a process of comprehensive risk analysis and management designed to ensure optimum use of information technology resources and telecommunications.
(((15)))(16) "Proprietary software" means that software offered for sale or license.
(((16)))(17) "Public agency" means any agency of this state or another state; any political subdivision or unit of local government of this state or another state including, but not limited to, municipal corporations, quasi-municipal corporations, special purpose districts, and local service districts; any public benefit nonprofit corporation; any agency of the United States; and any Indian tribe recognized as such by the federal government.
(((17)))(18) "Public benefit nonprofit corporation" means a public benefit nonprofit corporation as defined in RCW 24.03.005 that is receiving local, state, or federal funds either directly or through a public agency other than an Indian tribe or political subdivision of another state.
(((18)))(19) "Public record" has the definitions in RCW 42.56.010 and chapter 40.14 RCW and includes legislative records and court records that are available for public inspection.
(((19)))(20) "Public safety" refers to any entity or services that ensure the welfare and protection of the public.
(((20)))(21) "Security incident" means an accidental or deliberative event that results in or constitutes an imminent threat of the unauthorized access, loss, disclosure, modification, disruption, or destruction of communication and information resources.
(((21)))(22) "State agency" means every state office, department, division, bureau, board, commission, or other state agency, including offices headed by a statewide elected official.
(((22)))(23) "Telecommunications" includes, but is not limited to, wireless or wired systems for transport of voice, video, and data communications, network systems, requisite facilities, equipment, system controls, simulation, electronic commerce, and all related interactions between people and machines.
(((23)))(24) "Utility-based infrastructure services" includes personal computer and portable device support, servers and server administration, security administration, network administration, telephony, email, and other information technology services commonly used by state agencies.
Sec. 3. RCW 43.105.375 and 2015 3rd sp.s. c 1 s 219 are each amended to read as follows:
(1) Except as provided by subsection (2) of this section, state agencies shall locate all existing and new ((servers))information or telecommunications investments in the state data center or within third-party, commercial cloud computing services.
(2) State agencies with a service requirement that ((requires servers to be located outside the state data center))precludes them from complying with subsection (1) of this section must receive a waiver from the office. Waivers must be based upon written justification from the requesting state agency citing specific service or performance requirements for locating servers outside the state's common platform.
(3) ((The office, in consultation with the office of financial management, shall continue to develop the business plan and migration schedule for moving all state agencies into the state data center.
(4))) The legislature and the judiciary, which are constitutionally recognized as separate branches of government, may enter into an interagency agreement with the office to migrate its servers into the state data center or third-party, commercial cloud computing services.
(5) This section does not apply to institutions of higher education.
NEW SECTION.  Sec. 4. (1)(a) A task force on cloud transition is established, with members as provided in this subsection.
(i) The state chief information officer;
(ii) The state chief information security officer; and
(iii) The governor shall appoint:
(A) Two representatives from the represented employees' bargaining unit for state employees;
(B) One representative from a company providing third-party cloud computing services;
(C) One representative from a trade association representing cloud computing providers; and
(D) One member from the state board for community and technical colleges.
(b) The task force shall be chaired by the state chief information officer, who shall convene the initial meeting.
(2) The task force shall review the following issues:
(a) The impacts on labor of transitioning to third-party cloud computing services;
(b) The retraining needs that the existing workforce may require to maintain employment in the information technology sector and deliver cloud computing services effectively within state government; and
(c) The optimal method for delivering such training.
(3) Staff support for the task force, including administration of task force meetings, must be provided by the office of the chief information officer.
(4) Members of the task force are not entitled to be reimbursed for travel expenses if they are elected officials or are participating on behalf of an employer, governmental entity, or other organization. Any reimbursement for other members is subject to chapter 43.03 RCW.
(5) The task force shall report its findings and recommendations to the governor and the appropriate committees of the legislature by November 30, 2021.
(6) This section expires December 31, 2021.
--- END ---