Chief Sponsor: Angela Romero

Senate Sponsor: Scott K. Jenkins


8     General Description:
9          This bill amends provisions related to information technology accessibility.
10     Highlighted Provisions:
11          This bill:
12          ▸     requires the chief information officer to set standards for accessibility of executive
13     branch information technology by individuals with disabilities.
14     Money Appropriated in this Bill:
15          None
16     Other Special Clauses:
17          None
18     Utah Code Sections Affected:
19     AMENDS:
20          63F-1-102, as last amended by Laws of Utah 2011, Chapter 270
21          63F-1-205, as last amended by Laws of Utah 2014, Chapter 196
22          63F-1-206, as last amended by Laws of Utah 2008, Chapter 382
23     ENACTS:
24          63F-1-210, Utah Code Annotated 1953

26     Be it enacted by the Legislature of the state of Utah:
27          Section 1. Section 63F-1-102 is amended to read:

28          63F-1-102. Definitions.
29          As used in this title:
30          (1) "Board" means the Technology Advisory Board created in Section 63F-1-202.
31          (2) "Chief information officer" means the chief information officer appointed under
32     Section 63F-1-201.
33          (3) "Computer center" means the location at which a central data processing platform is
34     managed to serve multiple executive branch agencies.
35          (4) "Data center" means a centralized repository for the storage, management, and
36     dissemination of data.
37          (5) "Department" means the Department of Technology Services.
38          (6) (a) Except as provided in Subsection (6)(b), "executive branch agency" means an
39     agency or administrative subunit of state government.
40          (b) "Executive branch agency" does not include:
41          (i) the legislative branch;
42          (ii) the judicial branch;
43          (iii) the State Board of Education;
44          (iv) the Board of Regents;
45          (v) institutions of higher education;
46          (vi) independent entities as defined in Section 63E-1-102; and
47          (vii) elective constitutional offices of the executive department which includes:
48          (A) the state auditor;
49          (B) the state treasurer; and
50          (C) the attorney general.
51          (7) "Executive branch strategic plan" means the executive branch strategic plan created
52     under Section 63F-1-203.
53          (8) "Individual with a disability" means an individual with a condition that meets the
54     definition of "disability" in 42 U.S.C. Sec. 12102.
55          [(8)] (9) "Information technology" means all computerized and auxiliary automated
56     information handling, including:
57          (a) systems design and analysis;
58          (b) acquisition, storage, and conversion of data;

59          (c) computer programming;
60          (d) information storage and retrieval;
61          (e) voice, radio, video, and data communications;
62          (f) requisite systems controls;
63          (g) simulation; and
64          (h) all related interactions between people and machines.
65          [(9)] (10) "State information architecture" means a logically consistent set of
66     principles, policies, and standards that guide the engineering of state government's information
67     technology and infrastructure in a way that ensures alignment with state government's business
68     and service needs.
69          [(10)] (11) "Telecommunications" means the transmission or reception of signs,
70     signals, writing, images, sounds, messages, data, or other information of any nature by wire,
71     radio, light waves, or other electromagnetic means.
72          Section 2. Section 63F-1-205 is amended to read:
73          63F-1-205. Approval of acquisitions of information technology.
74          (1) (a) Except as provided in Title 63M, Chapter 1, Part 26, Government Procurement
75     Private Proposal Program, in accordance with Subsection (2), the chief information officer
76     shall approve the acquisition by an executive branch agency of:
77          (i) information technology equipment;
78          (ii) telecommunications equipment;
79          (iii) software;
80          (iv) services related to the items listed in Subsections (1)(a)(i) through (iii); and
81          (v) data acquisition.
82          (b) The chief information officer may negotiate the purchase, lease, or rental of private
83     or public information technology or telecommunication services or facilities in accordance with
84     this section.
85          (c) Where practical, efficient, and economically beneficial, the chief information
86     officer shall use existing private and public information technology or telecommunication
87     resources.
88          (d) Notwithstanding another provision of this section, an acquisition authorized by this
89     section shall comply with rules made by the applicable rulemaking authority under Title 63G,

90     Chapter 6a, Utah Procurement Code.
91          (2) Before negotiating a purchase, lease, or rental under Subsection (1) for an amount
92     that exceeds the value established by the chief information officer by rule in accordance with
93     Section 63F-1-206, the chief information officer shall:
94          (a) conduct an analysis of the needs of executive branch agencies and subscribers of
95     services and the ability of the proposed information technology or telecommunications services
96     or supplies to meet those needs; and
97          (b) for purchases, leases, or rentals not covered by an existing statewide contract,
98     provide in writing to the chief procurement officer in the Division of Purchasing and General
99     Services that:
100          (i) the analysis required in Subsection (2)(a) was completed; and
101          (ii) based on the analysis, the proposed purchase, lease, rental, or master contract of
102     services, products, or supplies is practical, efficient, and economically beneficial to the state
103     and the executive branch agency or subscriber of services.
104          (3) In approving an acquisition described in Subsections (1) and (2), the chief
105     information officer shall:
106          (a) establish by administrative rule, in accordance with Section 63F-1-206, standards
107     under which an agency must obtain approval from the chief information officer before
108     acquiring the items listed in Subsections (1) and (2);
109          (b) for those acquisitions requiring approval, determine whether the acquisition is in
110     compliance with:
111          (i) the executive branch strategic plan;
112          (ii) the applicable agency information technology plan;
113          (iii) the budget for the executive branch agency or department as adopted by the
114     Legislature; [and]
115          (iv) Title 63G, Chapter 6a, Utah Procurement Code; and
116          (v) the information technology accessibility standards described in Section 63F-1-210;
117     and
118          (c) in accordance with Section 63F-1-207, require coordination of acquisitions between
119     two or more executive branch agencies if it is in the best interests of the state.
120          (4) (a) Each executive branch agency shall provide the chief information officer with

121     complete access to all information technology records, documents, and reports:
122          (i) at the request of the chief information officer; and
123          (ii) related to the executive branch agency's acquisition of any item listed in Subsection
124     (1).
125          (b) Beginning July 1, 2006 and in accordance with administrative rules established by
126     the department under Section 63F-1-206, no new technology projects may be initiated by an
127     executive branch agency or the department unless the technology project is described in a
128     formal project plan and the business case analysis has been approved by the chief information
129     officer and agency head. The project plan and business case analysis required by this
130     Subsection (4) shall be in the form required by the chief information officer, and shall include:
131          (i) a statement of work to be done and existing work to be modified or displaced;
132          (ii) total cost of system development and conversion effort, including system analysis
133     and programming costs, establishment of master files, testing, documentation, special
134     equipment cost and all other costs, including overhead;
135          (iii) savings or added operating costs that will result after conversion;
136          (iv) other advantages or reasons that justify the work;
137          (v) source of funding of the work, including ongoing costs;
138          (vi) consistency with budget submissions and planning components of budgets; and
139          (vii) whether the work is within the scope of projects or initiatives envisioned when the
140     current fiscal year budget was approved.
141          (5) (a) The chief information officer and the Division of Purchasing and General
142     Services shall work cooperatively to establish procedures under which the chief information
143     officer shall monitor and approve acquisitions as provided in this section.
144          (b) The procedures established under this section shall include at least the written
145     certification required by Subsection 63G-6a-303(1)(e).
146          Section 3. Section 63F-1-206 is amended to read:
147          63F-1-206. Rulemaking -- Policies.
148          (1) (a) Except as provided in Subsection (2), in accordance with Title 63G, Chapter 3,
149     Utah Administrative Rulemaking Act, the chief information officer shall make rules that:
150          (i) provide standards that impose requirements on executive branch agencies that:
151          (A) are related to the security of the statewide area network; and

152          (B) establish standards for when an agency must obtain approval before obtaining
153     items listed in Subsection 63F-1-205(1);
154          (ii) specify the detail and format required in an agency information technology plan
155     submitted in accordance with Section 63F-1-204;
156          (iii) provide for standards related to the privacy policies of websites operated by or on
157     behalf of an executive branch agency;
158          (iv) provide for the acquisition, licensing, and sale of computer software;
159          (v) specify the requirements for the project plan and business case analysis required by
160     Section 63F-1-205;
161          (vi) provide for project oversight of agency technology projects when required by
162     Section 63F-1-205;
163          (vii) establish, in accordance with Subsection 63F-1-205(2), the implementation of the
164     needs assessment for information technology purchases; [and]
165          (viii) establish telecommunications standards and specifications in accordance with
166     Section 63F-1-404[.]; and
167          (ix) establish standards for accessibility of information technology by individuals with
168     disabilities in accordance with Section 63F-1-210.
169          (b) The rulemaking authority in this Subsection (1) is in addition to any other
170     rulemaking authority granted by this title.
171          (2) (a) Notwithstanding Title 63G, Chapter 3, Utah Administrative Rulemaking Act,
172     and subject to Subsection (2)(b), the chief information officer may adopt a policy that outlines
173     procedures to be followed by the chief information officer in facilitating the implementation of
174     this title by executive branch agencies if the policy:
175          (i) is consistent with the executive branch strategic plan; and
176          (ii) is not required to be made by rule under Subsection (1) or Section 63G-3-201.
177          (b) (i) A policy adopted by the chief information officer under Subsection (2)(a) may
178     not take effect until 30 days after the day on which the chief information officer submits the
179     policy to:
180          (A) the governor; and
181          (B) all cabinet level officials.
182          (ii) During the 30-day period described in Subsection (2)(b)(i), cabinet level officials

183     may review and comment on a policy submitted under Subsection (2)(b)(i).
184          (3) (a) Notwithstanding Subsection (1) or (2) or Title 63G, Chapter 3, Utah
185     Administrative Rulemaking Act, without following the procedures of Subsection (1) or (2), the
186     chief information officer may adopt a security procedure to be followed by executive branch
187     agencies to protect the statewide area network if:
188          (i) broad communication of the security procedure would create a significant potential
189     for increasing the vulnerability of the statewide area network to breach or attack; and
190          (ii) after consultation with the chief information officer, the governor agrees that broad
191     communication of the security procedure would create a significant potential increase in the
192     vulnerability of the statewide area network to breach or attack.
193          (b) A security procedure described in Subsection (3)(a) is classified as a protected
194     record under Title 63G, Chapter 2, Government Records Access and Management Act.
195          (c) The chief information officer shall provide a copy of the security procedure as a
196     protected record to:
197          (i) the chief justice of the Utah Supreme Court for the judicial branch;
198          (ii) the speaker of the House of Representatives and the president of the Senate for the
199     legislative branch;
200          (iii) the chair of the Board of Regents; and
201          (iv) the chair of the State Board of Education.
202          Section 4. Section 63F-1-210 is enacted to read:
203          63F-1-210. Accessibility standards for executive branch agency information
204     technology.
205          (1) The chief information officer shall establish, by rule made in accordance with Title
206     63G, Chapter 3, Utah Administrative Rulemaking Act:
207          (a) minimum standards for accessibility of executive branch agency information
208     technology by an individual with a disability that:
209          (i) include accessibility criteria for:
210          (A) agency websites;
211          (B) hardware and software procured by an executive branch agency; and
212          (C) information systems used by executive branch agency employees; and
213          (ii) include a protocol to evaluate the standards via testing by individuals with a variety

214     of access limitations;
215          (b) grievance procedures for an individual with a disability who is unable to access
216     executive branch agency information technology, including:
217          (i) a process for an individual with a disability to report the access issue to the chief
218     information officer; and
219          (ii) a mechanism through which the chief information officer can respond to the report;
220     and
221          (c) are, at minimum, consistent with the Web Content Accessibility 2.0 guidelines
222     published by the World Wide Web Consortium.
223          (2) The chief information officer shall update the standards described in Subsection
224     (1)(a) at least every three years to reflect advances in technology.

Legislative Review Note
     as of 1-13-15 8:39 AM

Office of Legislative Research and General Counsel