H-3503.3
HOUSE BILL 2404
State of Washington
65th Legislature
2018 Regular Session
By Representatives Kraft and Hudgins
Prefiled 01/05/18. Read first time 01/08/18. Referred to Committee on State Govt, Elections & IT.
AN ACT Relating to accountability of services provided by the consolidated technology services agency (WaTech); amending RCW 43.105.385, 43.105.375, 43.105.007, 43.105.052, 43.105.020, and 43.105.220; creating a new section; and repealing RCW 43.105.006.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:
NEW SECTION.  Sec. 1.  (1) The legislature intends by this act to improve government accountability and fiscal responsibility to Washington taxpayers in the state's use of technology to support public agencies.
(2) The legislature finds that:
(a) The consolidated technology services agency, which provides centralized technology services to state agencies, is the result of two major reorganizations in state government information technology since 2011. Chapter 43, Laws of 2011 1st sp. sess. transferred powers and duties from the department of information services to three newly created entities, the office of the chief information officer, the consolidated technology services agency, and the department of enterprise services, intended to efficiently and cost-effectively manage centralized services for technology. The agencies were created to provide high quality services and to be accountable to their customers and the public agencies they serve.
(b) Chapter 1, Laws of 2015 3rd sp. sess. reorganized the two organizations created in 2011 (the office of the chief information officer and the consolidated technology services agency) and the centralized technology functions of the department of enterprise services, under the consolidated technology services agency. With this reorganization, the intended goals for the state's management of centralized technology services remained largely the same—cost-effectiveness, high quality services at best value, and accountability to customers.
(c) Over several years and under two different organizational models, the consolidated technology services agency has run annual deficits each year, except for fiscal year 2017, spending more than customer agencies pay for their services. Annual deficits over the consolidated technology services agency's first five fiscal years ranged from three million dollars to seventeen million dollars. Furthermore, independent performance audits of customer satisfaction with the agency's services reported ongoing concerns about service quality and pricing transparency from customer agencies.
Sec. 2.  RCW 43.105.385 and 2015 3rd sp.s. c 1 s 220 are each amended to read as follows:
(1) ((The office shall conduct a needs assessment and develop a migration strategy to ensure that, over time, all)) (a) Subject to subsections (3) and (5) of this section, state agencies ((are moving towards using)) may choose to use the agency as their central service provider for ((all)) utility-based infrastructure services, including centralized PC and infrastructure support. The office shall develop a migration strategy for state agencies that choose to use the agency for services provided under this subsection.
(b) State agency-specific application services shall remain managed within individual agencies.
(2) The office shall develop short-term and long-term objectives as part of the migration strategy.
(3) Except as provided under RCW 43.105.375(1), if expenditures exceed receipts from agency fees and charges collected from public agencies for a line of business for six or more months within a fiscal year for three consecutive fiscal years, the office shall develop a termination migration plan for migrating each customer agency from the line of business to a new provider. The plan must include options for public agencies that do not have the resources to maintain the migrated service on their own and choose to migrate to a new provider. The office shall submit the initial plan to the joint legislative audit and review committee, the board, and the appropriate policy and fiscal committees of the legislature by December 15, 2019. Thereafter, the office shall submit subsequent termination migration plans every two years through 2025. The agency shall not provide the line of business to customer agencies once the termination migration is complete. Termination migrations required by the initial plan must occur by December 15, 2021, and termination migrations required by subsequent plans must occur no later than two years after the report is submitted.
(4) The office of the state auditor shall conduct a performance audit of agency lines of business to address follow-up and corrective action from performance audit report number 1019874, "ensuring transparent pricing and customer-focused IT services at WaTech." The office of the state auditor shall submit the report to the joint legislative audit and review committee, the board, and the appropriate policy and fiscal committees of the legislature by September 15, 2019. The audit must review:
(a) Revenues and expenses overall and by line of business;
(b) Customer service ratings and feedback, including changes from prior ratings; and
(c) Lines of business for which expenditures exceed receipts from agency fees and charges collected from public agencies for six or more months within a fiscal year for three consecutive fiscal years.
(5) The agency shall migrate lines of business hosted on the agency's mainframe platforms to new service providers, and coordinate with customer agencies to migrate applications hosted on the agency's mainframe platforms to new platforms, by December 31, 2023.
(6) This section does not apply to institutions of higher education.
Sec. 3.  RCW 43.105.375 and 2015 3rd sp.s. c 1 s 219 are each amended to read as follows:
(1) ((Except as provided by subsection (2) of this section, state agencies shall)) Any state agency may choose to locate ((all existing and new)) servers in the state data center. Customer agency servers and resources that are physically stored within the state data center are subject to termination migration requirements under RCW 43.105.385(3) beginning within one year after the end of the fiscal year following when the debt service for the state data center is paid in full, which is June 1, 2039, or within two years of the state data center debt service being paid in full if an alternative financing mechanism can be used to pay the debt service in full.
(2) ((State agencies with a service requirement that requires servers to be located outside the state data center must receive a waiver from the office. Waivers must be based upon written justification from the requesting state agency citing specific service or performance requirements for locating servers outside the state's common platform.
(3) The office, in consultation with the office of financial management, shall continue to develop the business plan and migration schedule for moving all state agencies into the state data center.)) The agency shall use any revenues related to hosting lines of business in the state data center toward satisfying the debt service of the state data center building prior to using the revenues toward other expenses.
(3) Subject to any restrictions related to financing of the state data center, the agency shall coordinate with the department of enterprise services to sublease the following to private sector entities or public agencies:
(a) Vacant halls at the state data center by December 31, 2019; and
(b) Unused office space at the 1500 Jefferson Building resulting from customer agency migrations required by RCW 43.105.385 (3) and (5) by December 31, 2021.
(4) The legislature and the judiciary, which are constitutionally recognized as separate branches of government, may enter into an interagency agreement with the office to migrate its servers into the state data center subject to subsection (1) of this section.
(5) Future upgrades to the state data center must be preapproved by the office of financial management, the board, and the appropriate policy and fiscal committees of the legislature.
(6) Within one year of when the state data center debt service is paid in full, which is June 1, 2039, the state auditor's office shall audit and report on the revenue and expenses of the state data center since the completion of its construction on July 15, 2011. The state auditor's office shall submit a report to the joint legislative audit and review committee, the board, the office of financial management, and the appropriate fiscal committees of the legislature and make recommendations on whether:
(a) The state data center is financially self-sustaining;
(b) The state data center is able to continue operating in its current form of business operations and be financially self-sustaining; and
(c) The agency should develop a termination migration plan to migrate any remaining customer agencies out of the state data center to other providers. Any termination migration implemented under this subsection must occur within four fiscal years following the issuance of the report submitted by the state auditor's office.
(7) This section does not apply to institutions of higher education.
Sec. 4.  RCW 43.105.007 and 2015 3rd sp.s. c 1 s 101 are each amended to read as follows:
Information technology is a tool used by state agencies to improve their ability to deliver public services efficiently and effectively. Advances in information technology, including advances in hardware, software, and business processes for implementing and managing these resources, offer new opportunities to improve the level of support provided to citizens and state agencies and to reduce the per-transaction cost of these services. These advances are one component in the process of ((reengineering)) how government delivers services to citizens.
To fully realize the service improvements and cost efficiency from the effective application of information technology to its business processes, state government must establish decision-making structures that connect business processes and information technology in an operating model. ((Many of these business practices transcend individual agency processes and should be worked at the enterprise level.)) To do this requires an effective partnership of executive management, business processes owners, and providers of support functions necessary to efficiently and effectively deliver services to citizens.
((To maximize the potential for information technology to contribute to government business process reengineering, the state must establish clear central authority to plan, set enterprise policies and standards, and provide project oversight and management analysis of the various aspects of a business process.))
Establishing a state chief information officer as the director of the consolidated technology services agency will provide state government with the cohesive structure necessary to develop improved operating models with agency directors and reengineer business process to enhance service delivery while capturing savings.
To achieve maximum benefit from advances in information technology, the state establishes a ((centralized)) provider and procurer of certain information technology services as an agency to support the needs of public agencies. This agency shall be known as the consolidated technology services agency. ((To ensure maximum benefit to the state, state agencies shall rely on the consolidated technology services agency for those services with a business case of broad use, uniformity, scalability, and price sensitivity to aggregation and volume.))
To successfully meet public agency needs and meet its obligation as ((the primary)) a service provider for ((these)) information technology services, the consolidated technology services agency must offer high quality services at the best value. It must be ((able to attract an adaptable and competitive workforce, be authorized to procure services where the business case justifies it, and be)) accountable to its customers for the efficient and effective delivery of critical business services.
The consolidated technology services agency is established with clear accountability to the agencies it serves and to the public. This accountability will come through enhanced transparency in the agency's operation and performance. The agency is also established ((with broad flexibility)) to adapt its operations and service catalog to address the needs of customer agencies, and to do so in the most cost-effective ways.
Sec. 5.  RCW 43.105.052 and 2015 3rd sp.s. c 1 s 104 are each amended to read as follows:
The agency shall:
(1) Make available information services to public agencies and public benefit nonprofit corporations;
(2) Establish rates and fees for services provided by the agency;
(3) Develop a billing rate plan for a two-year period to coincide with the budgeting process. The rate plan must be subject to review at least annually by the office of financial management, the joint legislative audit and review committee, the board, and the appropriate policy and fiscal committees of the legislature. The rate plan must show the proposed rates by each cost center and show the components of the rate structure as mutually determined by the agency ((and)), the office of financial management, and the appropriate policy and fiscal committees of the legislature. The rate plan and any adjustments to rates must be approved by the office of financial management and the appropriate policy and fiscal committees of the legislature;
(4) Develop a detailed business plan for any service or activity to be contracted under RCW 41.06.142(7)(b);
(5) Develop plans for the agency's achievement of ((statewide)) goals and objectives set forth in the state strategic information technology plan required under RCW 43.105.220;
(((6) Enable the standardization and consolidation of information technology infrastructure across all state agencies to support enterprise-based system development and improve and maintain service delivery; and
(7) Perform all other matters and things necessary to carry out the purposes and provisions of this chapter.))
Sec. 6.  RCW 43.105.020 and 2017 c 92 s 2 are each amended to read as follows:
The definitions in this section apply throughout this chapter unless the context clearly requires otherwise.
(1) "Agency" means the consolidated technology services agency, which may also be known as Washington technology solutions (WaTech).
(2) "Board" means the technology services board.
(3) "Customer agencies" means all entities that purchase or use information technology resources, telecommunications, or services from the consolidated technology services agency.
(4) "Director" means the state chief information officer, who is the director of the consolidated technology services agency.
(5) "Enterprise architecture" means an ongoing activity for translating business vision and strategy into effective enterprise change. ((It is a continuous activity. Enterprise architecture creates, communicates, and improves the key principles and models that describe the enterprise's future state and enable its evolution.))
(6) "Equipment" means the machines, devices, and transmission facilities used in information processing, including but not limited to computers, terminals, telephones, wireless communications system facilities, cables, and any physical facility necessary for the operation of such equipment.
(7) "Information" includes, but is not limited to, data, text, voice, and video.
(8) "Information security" means the protection of communication and information resources from unauthorized access, use, disclosure, disruption, modification, or destruction in order to:
(a) Prevent improper information modification or destruction;
(b) Preserve authorized restrictions on information access and disclosure;
(c) Ensure timely and reliable access to and use of information; and
(d) Maintain the confidentiality, integrity, and availability of information.
(9) "Information technology" includes, but is not limited to, all electronic technology systems and services, automated information handling, system design and analysis, conversion of data, computer programming, information storage and retrieval, telecommunications, requisite system controls, simulation, electronic commerce, radio technologies, and all related interactions between people and machines.
(10) "Information technology portfolio" or "portfolio" means a strategic management process documenting relationships between agency missions and information technology and telecommunications investments.
(11) "K-20 network" means the network established in RCW 43.41.391.
(12) "Line of business" means a service offering provided by the consolidated technology services agency to customer agencies.
(13) "Local governments" includes all municipal and quasi-municipal corporations and political subdivisions, and all agencies of such corporations and subdivisions authorized to contract separately.
(((13))) (14) "Office" means the office of the state chief information officer within the consolidated technology services agency.
(((14))) (15) "Oversight" means a process of comprehensive risk analysis and management designed to ensure optimum use of information technology resources and telecommunications.
(((15))) (16) "Proprietary software" means that software offered for sale or license.
(((16))) (17) "Public agency" means any agency of this state or another state; any political subdivision or unit of local government of this state or another state including, but not limited to, municipal corporations, quasi-municipal corporations, special purpose districts, and local service districts; any public benefit nonprofit corporation; any agency of the United States; and any Indian tribe recognized as such by the federal government.
(((17))) (18) "Public benefit nonprofit corporation" means a public benefit nonprofit corporation as defined in RCW 24.03.005 that is receiving local, state, or federal funds either directly or through a public agency other than an Indian tribe or political subdivision of another state.
(((18))) (19) "Public record" has the definitions in RCW 42.56.010 and chapter 40.14 RCW and includes legislative records and court records that are available for public inspection.
(((19))) (20) "Public safety" refers to any entity or services that ensure the welfare and protection of the public.
(((20))) (21) "Security incident" means an accidental or deliberative event that results in or constitutes an imminent threat of the unauthorized access, loss, disclosure, modification, disruption, or destruction of communication and information resources.
(((21))) (22) "State agency" means every state office, department, division, bureau, board, commission, or other state agency, including offices headed by a statewide elected official.
(((22))) (23) "Telecommunications" includes, but is not limited to, wireless or wired systems for transport of voice, video, and data communications, network systems, requisite facilities, equipment, system controls, simulation, electronic commerce, and all related interactions between people and machines.
(((23))) (24) "Termination migration" means the process whereby the consolidated technology services agency ceases to provide a line of business to customer agencies and migrates that line of business to a new provider.
(25) "Utility-based infrastructure services" includes personal computer and portable device support, servers and server administration, security administration, network administration, telephony, email, and other information technology services commonly used by state agencies.
Sec. 7.  RCW 43.105.220 and 2015 3rd sp.s. c 1 s 203 are each amended to read as follows:
(1) The office shall prepare a state strategic information technology plan which shall establish a ((statewide)) mission, goals, and objectives for the use of information technology, including goals for electronic access to government records, information, and services. The plan shall be consistent with the provisions of chapter . . ., Laws of 2018 (this act), and developed in accordance with the standards and policies established by the office. The office shall seek the advice of the board in the development of this plan.
The plan shall be updated as necessary and submitted to the governor and the legislature.
(2) The office shall prepare a biennial state performance report on information technology based on state agency performance reports required under RCW 43.105.235 and other information deemed appropriate by the office. The report shall include, but not be limited to:
(a) An analysis, based upon agency portfolios, of the state's information technology infrastructure, including its value, condition, and capacity;
(b) An evaluation of performance relating to information technology;
(c) An assessment of progress made toward implementing the state strategic information technology plan, including progress toward electronic access to public information and enabling citizens to have two-way access to public records, information, and services; and
(d) An analysis of the success or failure, feasibility, progress, costs, and timeliness of implementation of major information technology projects under RCW 43.105.245. At a minimum, the portion of the report regarding major technology projects must include:
(i) The total cost data for the entire life-cycle of the project, including capital and operational costs, broken down by staffing costs, contracted service, hardware purchase or lease, software purchase or lease, travel, and training. The original budget must also be shown for comparison;
(ii) The original proposed project schedule and the final actual project schedule;
(iii) Data regarding progress towards meeting the original goals and performance measures of the project;
(iv) Discussion of lessons learned on the project, performance of any contractors used, and reasons for project delays or cost increases; and
(v) Identification of benefits generated by major information technology projects developed under RCW 43.105.245.
Copies of the report shall be distributed biennially to the governor and the legislature. The major technology section of the report must examine major information technology projects completed in the previous biennium.
NEW SECTION.  Sec. 8.  RCW 43.105.006 (Consolidated technology services agencyPurpose) and 2011 1st sp.s. c 43 s 801 are each repealed.
--- END ---