2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill amends provisions related to information technology accessibility.
10 Highlighted Provisions:
11 This bill:
12 ▸ requires the chief information officer to set standards for accessibility of executive
13 branch information technology by individuals with disabilities.
14 Money Appropriated in this Bill:
15 None
16 Other Special Clauses:
17 None
18 Utah Code Sections Affected:
19 AMENDS:
20 63F-1-102, as last amended by Laws of Utah 2011, Chapter 270
21 63F-1-205, as last amended by Laws of Utah 2014, Chapter 196
22 63F-1-206, as last amended by Laws of Utah 2008, Chapter 382
23 ENACTS:
24 63F-1-210, Utah Code Annotated 1953
25
26 Be it enacted by the Legislature of the state of Utah:
27 Section 1. Section 63F-1-102 is amended to read:
28 63F-1-102. Definitions.
29 As used in this title:
30 (1) "Board" means the Technology Advisory Board created in Section 63F-1-202.
31 (2) "Chief information officer" means the chief information officer appointed under
32 Section 63F-1-201.
33 (3) "Computer center" means the location at which a central data processing platform is
34 managed to serve multiple executive branch agencies.
35 (4) "Data center" means a centralized repository for the storage, management, and
36 dissemination of data.
37 (5) "Department" means the Department of Technology Services.
38 (6) (a) Except as provided in Subsection (6)(b), "executive branch agency" means an
39 agency or administrative subunit of state government.
40 (b) "Executive branch agency" does not include:
41 (i) the legislative branch;
42 (ii) the judicial branch;
43 (iii) the State Board of Education;
44 (iv) the Board of Regents;
45 (v) institutions of higher education;
46 (vi) independent entities as defined in Section 63E-1-102; and
47 (vii) elective constitutional offices of the executive department which includes:
48 (A) the state auditor;
49 (B) the state treasurer; and
50 (C) the attorney general.
51 (7) "Executive branch strategic plan" means the executive branch strategic plan created
52 under Section 63F-1-203.
53 (8) "Individual with a disability" means an individual with a condition that meets the
54 definition of "disability" in 42 U.S.C. Sec. 12102.
55 [
56 information handling, including:
57 (a) systems design and analysis;
58 (b) acquisition, storage, and conversion of data;
59 (c) computer programming;
60 (d) information storage and retrieval;
61 (e) voice, radio, video, and data communications;
62 (f) requisite systems controls;
63 (g) simulation; and
64 (h) all related interactions between people and machines.
65 [
66 principles, policies, and standards that guide the engineering of state government's information
67 technology and infrastructure in a way that ensures alignment with state government's business
68 and service needs.
69 [
70 signals, writing, images, sounds, messages, data, or other information of any nature by wire,
71 radio, light waves, or other electromagnetic means.
72 Section 2. Section 63F-1-205 is amended to read:
73 63F-1-205. Approval of acquisitions of information technology.
74 (1) (a) Except as provided in Title 63M, Chapter 1, Part 26, Government Procurement
75 Private Proposal Program, in accordance with Subsection (2), the chief information officer
76 shall approve the acquisition by an executive branch agency of:
77 (i) information technology equipment;
78 (ii) telecommunications equipment;
79 (iii) software;
80 (iv) services related to the items listed in Subsections (1)(a)(i) through (iii); and
81 (v) data acquisition.
82 (b) The chief information officer may negotiate the purchase, lease, or rental of private
83 or public information technology or telecommunication services or facilities in accordance with
84 this section.
85 (c) Where practical, efficient, and economically beneficial, the chief information
86 officer shall use existing private and public information technology or telecommunication
87 resources.
88 (d) Notwithstanding another provision of this section, an acquisition authorized by this
89 section shall comply with rules made by the applicable rulemaking authority under Title 63G,
90 Chapter 6a, Utah Procurement Code.
91 (2) Before negotiating a purchase, lease, or rental under Subsection (1) for an amount
92 that exceeds the value established by the chief information officer by rule in accordance with
93 Section 63F-1-206, the chief information officer shall:
94 (a) conduct an analysis of the needs of executive branch agencies and subscribers of
95 services and the ability of the proposed information technology or telecommunications services
96 or supplies to meet those needs; and
97 (b) for purchases, leases, or rentals not covered by an existing statewide contract,
98 provide in writing to the chief procurement officer in the Division of Purchasing and General
99 Services that:
100 (i) the analysis required in Subsection (2)(a) was completed; and
101 (ii) based on the analysis, the proposed purchase, lease, rental, or master contract of
102 services, products, or supplies is practical, efficient, and economically beneficial to the state
103 and the executive branch agency or subscriber of services.
104 (3) In approving an acquisition described in Subsections (1) and (2), the chief
105 information officer shall:
106 (a) establish by administrative rule, in accordance with Section 63F-1-206, standards
107 under which an agency must obtain approval from the chief information officer before
108 acquiring the items listed in Subsections (1) and (2);
109 (b) for those acquisitions requiring approval, determine whether the acquisition is in
110 compliance with:
111 (i) the executive branch strategic plan;
112 (ii) the applicable agency information technology plan;
113 (iii) the budget for the executive branch agency or department as adopted by the
114 Legislature; [
115 (iv) Title 63G, Chapter 6a, Utah Procurement Code; and
116 (v) the information technology accessibility standards described in Section 63F-1-210;
117 and
118 (c) in accordance with Section 63F-1-207, require coordination of acquisitions between
119 two or more executive branch agencies if it is in the best interests of the state.
120 (4) (a) Each executive branch agency shall provide the chief information officer with
121 complete access to all information technology records, documents, and reports:
122 (i) at the request of the chief information officer; and
123 (ii) related to the executive branch agency's acquisition of any item listed in Subsection
124 (1).
125 (b) Beginning July 1, 2006 and in accordance with administrative rules established by
126 the department under Section 63F-1-206, no new technology projects may be initiated by an
127 executive branch agency or the department unless the technology project is described in a
128 formal project plan and the business case analysis has been approved by the chief information
129 officer and agency head. The project plan and business case analysis required by this
130 Subsection (4) shall be in the form required by the chief information officer, and shall include:
131 (i) a statement of work to be done and existing work to be modified or displaced;
132 (ii) total cost of system development and conversion effort, including system analysis
133 and programming costs, establishment of master files, testing, documentation, special
134 equipment cost and all other costs, including overhead;
135 (iii) savings or added operating costs that will result after conversion;
136 (iv) other advantages or reasons that justify the work;
137 (v) source of funding of the work, including ongoing costs;
138 (vi) consistency with budget submissions and planning components of budgets; and
139 (vii) whether the work is within the scope of projects or initiatives envisioned when the
140 current fiscal year budget was approved.
141 (5) (a) The chief information officer and the Division of Purchasing and General
142 Services shall work cooperatively to establish procedures under which the chief information
143 officer shall monitor and approve acquisitions as provided in this section.
144 (b) The procedures established under this section shall include at least the written
145 certification required by Subsection 63G-6a-303(1)(e).
146 Section 3. Section 63F-1-206 is amended to read:
147 63F-1-206. Rulemaking -- Policies.
148 (1) (a) Except as provided in Subsection (2), in accordance with Title 63G, Chapter 3,
149 Utah Administrative Rulemaking Act, the chief information officer shall make rules that:
150 (i) provide standards that impose requirements on executive branch agencies that:
151 (A) are related to the security of the statewide area network; and
152 (B) establish standards for when an agency must obtain approval before obtaining
153 items listed in Subsection 63F-1-205(1);
154 (ii) specify the detail and format required in an agency information technology plan
155 submitted in accordance with Section 63F-1-204;
156 (iii) provide for standards related to the privacy policies of websites operated by or on
157 behalf of an executive branch agency;
158 (iv) provide for the acquisition, licensing, and sale of computer software;
159 (v) specify the requirements for the project plan and business case analysis required by
160 Section 63F-1-205;
161 (vi) provide for project oversight of agency technology projects when required by
162 Section 63F-1-205;
163 (vii) establish, in accordance with Subsection 63F-1-205(2), the implementation of the
164 needs assessment for information technology purchases; [
165 (viii) establish telecommunications standards and specifications in accordance with
166 Section 63F-1-404[
167 (ix) establish standards for accessibility of information technology by individuals with
168 disabilities in accordance with Section 63F-1-210.
169 (b) The rulemaking authority in this Subsection (1) is in addition to any other
170 rulemaking authority granted by this title.
171 (2) (a) Notwithstanding Title 63G, Chapter 3, Utah Administrative Rulemaking Act,
172 and subject to Subsection (2)(b), the chief information officer may adopt a policy that outlines
173 procedures to be followed by the chief information officer in facilitating the implementation of
174 this title by executive branch agencies if the policy:
175 (i) is consistent with the executive branch strategic plan; and
176 (ii) is not required to be made by rule under Subsection (1) or Section 63G-3-201.
177 (b) (i) A policy adopted by the chief information officer under Subsection (2)(a) may
178 not take effect until 30 days after the day on which the chief information officer submits the
179 policy to:
180 (A) the governor; and
181 (B) all cabinet level officials.
182 (ii) During the 30-day period described in Subsection (2)(b)(i), cabinet level officials
183 may review and comment on a policy submitted under Subsection (2)(b)(i).
184 (3) (a) Notwithstanding Subsection (1) or (2) or Title 63G, Chapter 3, Utah
185 Administrative Rulemaking Act, without following the procedures of Subsection (1) or (2), the
186 chief information officer may adopt a security procedure to be followed by executive branch
187 agencies to protect the statewide area network if:
188 (i) broad communication of the security procedure would create a significant potential
189 for increasing the vulnerability of the statewide area network to breach or attack; and
190 (ii) after consultation with the chief information officer, the governor agrees that broad
191 communication of the security procedure would create a significant potential increase in the
192 vulnerability of the statewide area network to breach or attack.
193 (b) A security procedure described in Subsection (3)(a) is classified as a protected
194 record under Title 63G, Chapter 2, Government Records Access and Management Act.
195 (c) The chief information officer shall provide a copy of the security procedure as a
196 protected record to:
197 (i) the chief justice of the Utah Supreme Court for the judicial branch;
198 (ii) the speaker of the House of Representatives and the president of the Senate for the
199 legislative branch;
200 (iii) the chair of the Board of Regents; and
201 (iv) the chair of the State Board of Education.
202 Section 4. Section 63F-1-210 is enacted to read:
203 63F-1-210. Accessibility standards for executive branch agency information
204 technology.
205 (1) The chief information officer shall establish, by rule made in accordance with Title
206 63G, Chapter 3, Utah Administrative Rulemaking Act:
207 (a) minimum standards for accessibility of executive branch agency information
208 technology by an individual with a disability that:
209 (i) include accessibility criteria for:
210 (A) agency websites;
211 (B) hardware and software procured by an executive branch agency; and
212 (C) information systems used by executive branch agency employees; and
213 (ii) include a protocol to evaluate the standards via testing by individuals with a variety
214 of access limitations;
215 (b) grievance procedures for an individual with a disability who is unable to access
216 executive branch agency information technology, including:
217 (i) a process for an individual with a disability to report the access issue to the chief
218 information officer; and
219 (ii) a mechanism through which the chief information officer can respond to the report;
220 and
221 (c) are, at minimum, consistent with the Web Content Accessibility 2.0 guidelines
222 published by the World Wide Web Consortium.
223 (2) The chief information officer shall update the standards described in Subsection
224 (1)(a) at least every three years to reflect advances in technology.