Background:

In 2011 a bill was enacted to reorganize and streamline the central service functions, powers, and duties of state government. The Department of Information Services was abolished and its various functions were transferred to the Office of Financial Management (OFM) under the newly created Office of the Chief Information Officer (OCIO), the newly created Department of Enterprise Services (DES), and the newly created Consolidated Technology Services Agency (CTS). The Department of Personnel was abolished and its functions were transferred to the DES and the OFM. The Office of Risk Management within the OFM was transferred to the DES. Generally, the OFM directs and supervises personnel policies and the application of civil service laws and the DES directs and supervises the implementation of the laws.

Office of the Chief Information Officer.

The OCIO is headed by the Chief Information Officer. The primary duties of the OCIO include: (1) preparing and leading the implementation of a strategic direction and enterprise architecture for information technology (IT) for state government; (2) enabling the standardization and consolidation of IT infrastructure to support enterprise-based system development and to improve and maintain service delivery; (3) establishing standards and policies for IT services throughout state government; and (4) establishing statewide architecture to serve as the organizing standard for IT for state agencies.

Department of Enterprise Services.

The DES provides IT services and application functions, such as the central personnel payroll system and financial management system. The DES manages the Data Processing Revolving Account established to pay for equipment, supplies, services, salaries, wages, and other costs related to the implementation of information services and telecommunications systems. The DES also is authorized to become a licensed certification authority as part of the system for authenticating digital signatures under the requirements of the Electronic Authentication Act.

In addition to the central personnel payroll system, other human resources functions performed by the DES include training and career development and background checks on prospective agency heads appointed by the Governor.

Consolidated Technology Services Agency.

The CTS provides information services to public agencies and public benefit nonprofit corporations. The CTS operates the state data center and offers IT services, including mainframe computing, network operations and telecommunication, shared email, IT security, and storage.

Summary of Bill:

Functions and duties of the OCIO and the IT functions of the DES are transferred to the CTS. The Director of the CTS is also the state Chief Information Officer. The Director must appoint a state chief information security officer.

In addition to the other standards and policies it sets, the OCIO must adopt a policy for cybersecurity. The OCIO must require a state agency to obtain an independent compliance audit of its IT security program and controls once every three years to determine whether it is in compliance with the standards and policies established by the CTS and that security controls identified by the state agency are operating efficiently.

The specific requirements regarding what must be included in a state agency's IT portfolio are removed. State agencies and local governments that collect and enter information concerning individuals into electronic records and information systems must review the information collected and justify the purpose for collecting it at least once every five years. The licensed certification authority for digital signatures is changed from the DES to the CTS.

For IT investments exceeding $5 million, requiring more than one biennium to complete, or financed through financial contracts, bond, or other indebtedness, the OCIO must:

require quality assurance for the investment to report independently to the office;
review and possibly revise the proposed investment to ensure flexibility and adaptability to advances in technology;
ensure the technology budget is complete and includes an implementation schedule covering activities, critical milestones, and deliverables at each state of the investment for the life of the project at each agency affected by the investment;
ensure the technology budget specifically identifies the uses of any financing proceeds. No more than 30 percent of the financing proceeds may be used for payroll-related costs for state employees assigned to project management, installation, testing, or training;
ensure that performance measures are established and used to determine that the investment is on time, within budget, and meeting expectations for quality of work product;
ensure that the agency consults with the office of the State Treasurer during the competitive procurement process to evaluate whether investments may be financed; and
ensure that the agency consults with the DES for a review of all contracts and agreements related to the investment's information technology procurements.

If the Director suspends or terminates the investment, state agencies may not make additional expenditures for the IT investment unless approved by the Director. Allocated funds must be placed into unalloted reserve status. Oversight and management of any remaining activities are transferred to the Director.

The OCIO may delegate to state agencies authorization to purchase or acquire IT investments without review or approval, depending on the dollar amount or type of investment, based on an assessment process developed by the office. If so delegated, state agencies must comply with requirements or policies established by the Director. An agency not in substantial compliance with overall policies established by the OCIO may not be delegated this authorization.

The Office of Risk Management within the DES is transferred to the OFM. Human resource functions within the DES are transferred to the OFM.

OFM's statewide budget, accounting, and forecasting functions are funded through a new central service charge to state agencies on all funds and accounts consistent with OFM's statewide cost allocation plan for federal funds. A nonappropriated account, the Central Service Revolving Account, is created for these purposes.

The Data Processing Revolving Account (DPR Account) managed by the DES is replaced with four IT revolving accounts and the residual balance of funds remaining in the DPR Account are apportioned to the new accounts:

the CTS Revolving Account, for the acquisition of equipment, software, supplies, and services, and the payment of salaries, wages, and other costs related to those acquisitions;
the statewide IT System Development Revolving Account, for the development and acquisition of enterprise IT systems;
the statewide IT System Maintenance and Operations Revolving Account, for maintenance and operations of enterprise IT systems; and
the shared IT System Revolving Account, for development, acquisition, and maintenance of shared IT systems.

The CTS Revolving Account requires expenditures to be approved by the Director of the CTS, or a designee. The statewide IT System Development Revolving Account is an appropriated account managed by the OFM. The remaining two accounts are nonappropriated accounts that require signatory approval by the OFM for expenditures.

The OFM must convene a workgroup that includes representatives of the DES, the CTS, the OCIO, the Legislative Evaluation and Accountability Program Committee, and legislative fiscal staff to review the central service model and chart of accounts of the agencies after the reorganization.

The OFM must convene a task force to review the necessary qualifications, experience, compensation, benefits, professional development, and skills training required to recruit and retain a skilled state government IT workforce. As part of this effort, the OFM must:

conduct a salary survey of other public and private employment to establish market rates for IT professionals at all organizational levels of state government;
conduct a class study of IT classifications at state agencies;
review the use of Washington Management Service for IT positions;
conduct an evaluation of the IT investment portfolios of state agencies to determine which agencies need chief information officers; and
develop performance appraisal tools to assess and reward state agency IT professionals for purposes of retention.

The task force must review the information and make recommendations to the fiscal committees of the Legislature by August 1, 2016.

The Select Committee on Pension Policy, with the assistance of the Office of the State Actuary and the OCIO is requested to review pension options in the commercial information technology industry and develop recommendations for more attractive retirement benefit options for the state's IT workforce who are less likely to vest their benefit in the state public retirement system.

The bill contains an emergency clause and takes effect July 1, 2015.