FINAL BILL REPORT
SHB 1947
C 54 L 24
Synopsis as Enacted
Brief Description: Concerning the governance of technology services in state government, including eliminating the office of the chief information officer and renaming the consolidated technology services agency.
Sponsors: House Committee on State Government & Tribal Relations (originally sponsored by Representatives Street, Couture, Ryu, Gregerson, Reed, Ormsby and Reeves; by request of Consolidated Technology Services).
House Committee on State Government & Tribal Relations
House Committee on Appropriations
Senate Committee on Environment, Energy & Technology
Background:

Consolidated Technology Services Agency Creation.?
In 2011 the Consolidated Technology Services Agency was created by combining the functions of the Department of Information Services (DIS), Consolidated Technology Services (CTS), and the Office of the State Chief Information Officer (OCIO) into one unified agency.? Prior to their unification, the DIS and CTS were separate agencies and the OCIO was part of the Office of Financial Management (OFM).

?

The Consolidated Technology Services Agency is the centralized provider and procurer of certain information technology services to support the needs of state agencies. ?The Consolidated Technology Services Agency is headed by a director, who is the State Chief Information Officer. ?The State Chief Information Officer is responsible for, among other duties, appointing personnel, including a confidential secretary and deputy and assistant directors, to carry out the duties of the Consolidated Technology Services Agency.?

?

The Office of the State Chief Information Officer.
The OCIO must:?

  • develop statewide standards and policies governing equipment, software, technology-related services, licensing of the radio spectrum, and confidentiality of computerized data;
  • develop statewide and interagency technical policies, standards, and procedures;
  • evaluate major technology projects proposed by agencies and certain education entities;
  • provide direction on strategic planning goals, with input from the Legislature and judiciary;
  • establish policies for the periodic review of state agency performance;
  • implement a process for detecting and responding to security incidents;
  • work with certain agencies to develop a cybersecurity strategy;
  • establish technical standards to facilitate electronic access to government systems;
  • require agencies to evaluate electronic public access needs when altering information systems;
  • prepare a statewide strategic plan for the use of information technology;
  • prepare a biennial performance report on information technology;
  • evaluate and provide guidance for state agency information technology spending;
  • develop an enterprise-based strategy and architecture;
  • provide staff to support the Technology Services Board; and
  • develop a strategy for state agencies to migrate to the?Consolidated Technology Services Agency for utility-based infrastructure support.?

?

The OCIO includes the Office of Privacy and Data Protection, which serves as a central point of contact for state agencies on data privacy and protection policies, and the Office of Cybersecurity, which establishes security standards and policies to protect the state's information technology systems.?

?

Major Information Technology Projects.
State agencies must provide a proposal to the OCIO prior to purchasing, acquiring, or developing a major information technology project or service.? The OFM is responsible for establishing policies and standards to govern the funding of major information technology projects. ?The OFM may require incremental funding of these projects.

?

Agency Compliance.
Each state agency must certify that its information technology security program complies with the Office of Cybersecurity's security standards policies.?

?

State Interoperability Executive Committee.
The State Interoperability Executive Committee (SIEC) develops policies for state wireless radio communications systems, including emergency communication systems.? The SIEC also coordinates licensing and use of state radio frequencies on behalf of the OCIO. ?A representative of the OCIO serves on the SIEC, and the OCIO must provide administrative support to the SIEC.?

?

State Civil Service Law.?
The State Civil Service Law establishes a system of personnel administration based on merit principles and scientific methods governing the appointment, promotion, transfer, layoff, recruitment, retention, classification and pay plan, removal, discipline, training and career development, and welfare of civil employees.? Certain positions in the planning component involved in policy development or senior professionals in the Consolidated Technology Services Agency are exempt from the State Civil Service Law.

Summary:

The Consolidated Technology Services Agency is renamed to Washington Technology Solutions (WaTech).

?

Washington Technology Solution Duties.?

The Director of WaTech remains the State Chief Information Officer, but the Office of the State Chief Information Officer (OCIO) is eliminated as a separate office and duties previously held by the OCIO are transferred to WaTech as a whole. ?In addition, the Office of Privacy and Data and the Office of Cybersecurity are established within WaTech, rather than the OCIO.?

?

In addition to its current duties and the duties formerly performed by the OCIO, WaTech must:

  • prepare and lead the implementation of a strategic direction and enterprise architecture for information technology in state government;
  • establish policies and standards for the efficient and consistent use of information technology in state government;
  • establish statewide enterprise architecture that serves as the organizing standard for information technology for state agencies; and
  • educate and inform state managers and policymakers on technology developments, industry trends and best practices, industry benchmarks, and industry understanding.

?

WaTech's authority applies to business and administrative applications in higher education institutions, but does not apply to academic, research, medical, clinical, and health care applications. ?However, higher education institutions must disclose to WaTech any proposed academic applications that are related to the needs and interests of other higher education institutions.?

?

Washington Technology Solutions Director Duties.
In addition to the WaTech Director's appointment responsibilities, the Director must also establish standards and policies to govern information technology in the state.

?

Major Information Technology Projects.
State agencies must provide a proposal to WaTech, rather than the OCIO, prior to purchasing, acquiring, or developing a major information technology project or service. ?WaTech, rather than the Office of Financial Management (OFM), must establish policies and standards for funding of major information technology projects. ?In addition, WaTech, rather than the OFM, may require incremental funding of major information technology projects.? WaTech must consult with the OFM about incremental funding.

?

When a major project is suspended or terminated, the Director of?the OFM, rather than the Director of WaTech, must place the project funds into unallotted reserved status.

?

Agency Compliance.?
Each state agency must annually certify that it complies with all policies and standards developed by WaTech, rather than only certifying that its technology security program complies with the Office of Cybersecurity's security standards policies.?

?

State Interoperability Executive Committee.
A representative from WaTech replaces a representative from the OCIO on the State Interoperability Executive Committee (SIEC).? The SIEC coordinates and manages licensing and use of state radio frequencies on behalf of the Military Department, rather than the OCIO. ?In addition, the Military Department, rather than the OCIO, must provide administrative support to the SIEC.

?

State Civil Service Law.?
It is specified that the WaTech's Chief Information Officer, the Chief Information Officer's confidential secretary, assistant directors, and other policy or senior professionals are exempt from the State Civil Service Law.

?

Washington Technology?Solutions Coordination with the Legislature and Judiciary.?
The Legislature and judiciary are encouraged to coordinate with WaTech and participate in shared initiatives and the development of enterprise-based strategies.??Legislative and judicial agencies may consult with the WaTech Director on proposed information technology expenditures.

Votes on Final Passage:
Final Passage Votes
House 97 0
Senate 49 0
Effective:

June 6, 2024