Brief Summary of Engrossed Substitute Bill

(As Amended by House)

Requires the Office of the Chief Information Officer (OCIO) to implement an information technology business management program for state agencies with an annual information technology expenditure exceeding $10 million, and develop statewide purchasing standards for technology networking equipment and services.
Exempts state agencies from competitive contracting for information technology purchases of less than $100,000, with certain approvals and justifications.
Requires institutions of higher education to provide the Chief Information Officer (CIO) data and information on proposed expenditures on business and administrative applications.
Requires the legislative and judicial agencies to provide to the CIO information regarding proposed technology expenditures.
Requires the CIO to evaluate proposed information technology expenditures and establish priority ranking categories of proposals.
Allows the Office of Financial Management (OFM) to establish an information technology investment pool.
Requires the Consolidated Technology Services Agency to review and assess the current state telecommunications and information services network model for purposes of consolidation.
Requires the OCIO to inventory state legacy information technology systems and develop a plan for modernization and funding.
Requires the OCIO to establish security standards and policies to ensure the confidentiality, availability, and integrity of the information transacted, stored, or processed in the state’s information technology systems and infrastructure.

Background:

The Office of the Chief Information Officer (OCIO) was created in 2011 as part of an agency reorganization and consolidation of central service functions. The OCIO is within the Office of Financial Management (OFM). The OCIO is responsible for the preparation and implementation of a strategic information technology (IT) plan and enterprise architecture for the state. The OCIO works toward standardization and consolidation of IT infrastructure and establishes IT standards and policies. The OCIO prepares a biennial state performance report on IT, evaluates current IT spending and budget requests, and oversees major IT projects, including procurements.

As part of the agency reorganization, a majority of service provision duties were transferred from the Department of Information Systems to the Consolidated Technology Services Agency (CTS), including server hosting, network administration, telephone, security administration, and electronic mail.

Summary of Amended Bill:

The OCIO must coordinate with state agencies with an annual IT expenditure that exceeds $10 million to implement an IT business management program to monitor financial performance and identify savings and efficiencies. In conjunction with the CTS, the OCIO must develop statewide purchasing standards for technology networking equipment and services.

In addition to services and activities, equipment necessary to establish, operate, or manage the state data center is exempt from competitive contracting. Competitive purchasing statutes also do not apply to IT purchases by state agencies if the purchase is $100,000 or less, the purchase is approved by the OCIO, and the agency director and the OCIO prepare a public document providing a detailed justification.

Higher education institutions must provide the OCIO with information on proposed expenditures on business and administrative IT applications to allow the OCIO to evaluate the expenditure. Legislative and judicial agencies must provide the OCIO with information on proposed IT expenditures to allow the OCIO to evaluate the expenditure on an advisory basis.

The OCIO must evaluate proposed IT expenditures and establish a priority ranking of the proposals. Not more than one-third of the proposed expenditures may be ranked in the highest priority category.

Subject to funding, the OFM may establish an IT investment pool and enter into contracts for IT purchases if the purchase replaces IT systems with more modern and efficient systems, the project improves the ability of an agency to recover from a major disaster, or the project provides future savings and efficiencies for an agency through reduced costs, improved customer services, or increased revenue collections. Preference for project approvals must be given to an agency that has prior project approval from the OCIO and an approved business plan, and the primary hurdle to project funding is lack of funding capacity. The OFM must report to the Governor and the fiscal committees of the Legislature by November 1 of each year on the status of distributions and expenditures on IT projects and improved performance results achieved by project funding.

The CTS must review state telecommunications and information networks with the objective of agency network consolidation in CTS, with a report due to OFM and the Legislature in December 2013.

The OCIO must inventory state legacy IT systems and develop a plan for modernization and funding, with a report due to the OFM and the Legislature in December 2014.

The OCIO must establish security standards and policies to ensure the confidentiality, availability, and integrity of the information transacted, stored, or processed in the state’s IT systems and infrastructure. State agencies, institutions of higher education, the Legislature, and the judiciary are required to develop an information technology security plan and program.

An exemption from public disclosure pertaining to security and infrastructure of computer and telecommunications networks is expanded to include information that may increase risk to the confidentiality, integrity, or availability of agency security, information technology infrastructure, or assets. An exemption regarding emergency preparedness plan system security is updated.