Background:

Reorganization.

In 2011 certain central service functions, powers, and duties of state government related to information technology was reorganized and streamlined. The Department of Information Services was abolished and its various functions were transferred to the newly created Office of the Chief Information Officer (OCIO), the newly created Department of Enterprise Services (DES), and the newly created Consolidated Technology Services Agency (CTS).

In 2015 further consolidation occurred when the OCIO, the CTS, and the information technology (IT) functions of the DES were merged to form the new CTS, also known as WaTech.

Consolidated Technology Services Agency – General.

The CTS is established as the state's centralized provider and procurer of certain information technology services. Agencies are encouraged to rely on the CTS for services with a business case of broad use, uniformity, scalability, and price sensitivity to aggregation and volume. The Chief Information Officer is the director of the CTS. The CTS is responsible for: (1) establishing rates and fees for services provided; (2) developing a business plan for services or activities to be contracted; (3) developing plans for the agency's achievement of statewide goals and objectives; and (4) enabling the standardization and consolidation of IT infrastructure across all state agencies to support enterprise-based system development and improve and maintain service delivery.

The CTS must submit its billing rate plan annually to the Office of Financial Management (OFM). The rate structure is mutually determined by the CTS and the OFM. The OFM approves the CTS's rate plan and any adjustments.

The CTS bills customer agencies for services primarily through two means: (1) fee-for-service billings; and (2) allocations. Fee-for-service is used to bill for services based on the customer's usage. For example, agencies that use the CTS email service are charged a rate per mailbox used. Allocation is used to charge agencies for services provided that have general benefit to the state as a whole. For example, the state data network or enterprise security services.

Consolidated Technology Services Agency – Services.

Agencies are required to use the CTS to house agency servers or use cloud-based services. The OCIO is also required to develop a migration strategy plan to ensure that all state agencies are moving towards the CTS as their central services provider for all utility-based infrastructure services. Utility-based infrastructure services include personal computer and portable device support, servers and server administration, security administration, network administration, telephony, electronic mail (e-mail), and other IT services commonly used by state agencies.

The CTS also hosts agency systems on its mainframe. A dozen agencies use the mainframe for systems critical to state operations, such as the Agency Financial Reporting System (AFRS), which the CTS and most other agencies use for financial information. The Office of the State Auditor (SAO) found, in its performance audit published in September 2017, that the mainframe is one of the services that make up a significant portion of CTS' deficit, and that 11 out of 20 business centers operate at deficits.

Office of the Chief Information Officer.

The OCIO is created within the CTS. The OCIO is required to prepare a state strategic information technology plan to establish a mission, goals, and objectives for the use of IT.

State Data Center.

Authorization for the construction of the state data center (data center) was given in 2009 and construction was completed in 2011. The SAO identified the data center as a significant cost that the CTS must cover through service charges and allocations. The data center includes four halls, two of which are operating as data centers. By 2019 all state agencies must move all agency servers off agency premises and into the data center, except for agencies that obtain a waiver from the OCIO. As of December 2016, 34 agencies relocated their servers to the data center. The debt service for the building center is expected to be paid in full as of June 1, 2039.

Performance Audit Number 1019874.

On September 25, 2017 the SAO issued a report (number 1019874) titled Ensuring Transparent Pricing and Customer-focused IT services at WaTech. The performance audit focused on the CTS' process for gathering and incorporating customer input on its service offerings, making prices transparent, and monitoring service costs. In the audit report, the SAO provided a list of recommendations to help the CTS improve customer service practices, develop and sustain competitive and transparent pricing, and make progress toward its goal of financial sustainability.

Summary of Bill:

Consolidated Technology Services Agency (CTS)/WaTech – General.

The CTS must also submit its billing rate plan to the Joint Legislative Audit and Review Committee, the Technology Services Board (TSB) and the Legislature. The Legislature is included in the entities that mutually determine and approve the rate structure and plan.

Consolidated Technology Services Agency (CTS) – Services.

State agencies have the option to use the CTS as their service provider for its utility-based infrastructure services. The OCIO is only required to develop a migration strategy for customer agencies that choose to use the CTS for such services. Reference to the CTS as being the centralized and primary provider and procurer of certain IT services is removed.

If the CTS expenditures exceed receipts from agency fees and charges for a line of business for six or more months within a fiscal year for three consecutive fiscal years, the OCIO must develop a termination migration plan for migrating each customer agency from the line of business to a new provider. A line of business is a service offering provided by the CTS to customer agencies, which are entities that purchase or use IT services from the CTS. Termination migration is the process whereby the CTS ceases to provide a line of business to a customer agency and migrates that line of business to a new provider. The OCIO's plan must include options for agencies that do not have resources to maintain the migrated service on their own and choose to migrate to a new provider. The OCIO must submit termination migration plans every two years through 2025 to the JLARC, the TSB, and the Legislature. The initial plan must be submitted by December 15, 2019, and termination must occur by December 15, 2021. Termination migrations recommended by each subsequent termination plan must occur no later than two years after the submission of the plan. Once a line of business is terminated, the CTS may no longer provide that line of business to customer agencies.

State Data Center.

The CTS must migrate lines of business hosted on its mainframe platforms, and coordinate with customer agencies to migrate applications hosted on the agency's mainframe platforms, to new service providers by December 31, 2023.

State agencies have the option to physically locate its servers in the data center. Customer agency servers and resources that are physically stored within the data center are exempt from the termination process requirements until one year after the end of the fiscal year following when the debt service for the state data center is paid in full, or within two years of the data center debt service being paid in full if an alternative financing mechanism can be used to pay the debt service in full.

The CTS must first use any revenues related to hosting lines of business in the data center toward satisfying the debt service of the state data center. In addition, subject to any financing restrictions, the CTS must coordinate with the DES to sublease the following spaces to private sector entities or public agencies:

vacant halls in the data center, by December 31, 2019; and
unused office space at the 1500 Jefferson Building resulting from customer agency termination migrations, by December 31, 2021.

Future upgrades to the state data center must be preapproved by the Office of Financial management, the TSB, and the Legislature.

Within one year of the data center's debt service being paid in full, the SAO must audit and report on the revenue and expenses of the data center since the completion of its construction. The report must include recommendations on whether:

the state data center is financially self-sustaining;
the state data center is able to continue operating in its current form of business operations and be financially self-sustaining; and
the agency should develop a termination migration plan for any remaining customer agency services hosted at the data center. A termination migration implemented under this recommendation must occur within four fiscal years following the submittal of the report.

Office of the Chief Information Officer.

The state strategic information technology plan prepared by the OCIO must be consistent with the provisions of this act.

Performance Audit.

The SAO must conduct a performance audit of the agency lines of business to address follow-up and correcting action from the performance audit report number 1019874, and submit a report by September 15, 2019. The audit must review:

revenues and expenses overall and by line of business;
customer service ratings and feedback, including changes from prior ratings; and
lines of business for which expenditures exceed receipts from agency fees and charges collected, for six or more months within a fiscal year for three consecutive fiscal years.