2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill amends provisions related to state technology governance.
10 Highlighted Provisions:
11 This bill:
12 ▸ eliminates divisions within the Department of Technology Services;
13 ▸ assigns duties formerly assigned to divisions within the Department of Technology
14 Services to the Department of Technology Services and the chief information
15 officer within the Department of Technology Services;
16 ▸ directs the chief information officer within the Department of Technology Services
17 to appoint a chief information security officer; and
18 ▸ defines terms.
19 Money Appropriated in this Bill:
20 None
21 Other Special Clauses:
22 None
23 Utah Code Sections Affected:
24 AMENDS:
25 63F-1-102, as last amended by Laws of Utah 2015, Chapter 114
26 63F-1-104, as last amended by Laws of Utah 2016, Chapter 13
27 63F-1-106, as enacted by Laws of Utah 2005, Chapter 169
28 63F-1-202, as last amended by Laws of Utah 2014, Chapter 387
29 63F-1-203, as last amended by Laws of Utah 2016, Chapter 13
30 63F-1-204, as last amended by Laws of Utah 2013, Chapter 53
31 63F-1-205, as last amended by Laws of Utah 2016, Chapter 355
32 63F-1-206, as last amended by Laws of Utah 2015, Chapter 114
33 63F-1-207, as last amended by Laws of Utah 2008, Chapter 382
34 63F-1-208, as enacted by Laws of Utah 2005, Chapter 169
35 63F-1-209, as last amended by Laws of Utah 2008, Chapter 382
36 63F-1-210, as enacted by Laws of Utah 2015, Chapter 114
37 63F-1-404, as last amended by Laws of Utah 2016, Chapter 13
38 63F-1-502, as enacted by Laws of Utah 2005, Chapter 169
39 63F-1-504, as last amended by Laws of Utah 2016, Chapter 13
40 63F-1-604, as last amended by Laws of Utah 2016, Chapter 13
41 ENACTS:
42 63F-1-211, Utah Code Annotated 1953
43 63F-1-212, Utah Code Annotated 1953
44 REPEALS AND REENACTS:
45 63F-1-401, as enacted by Laws of Utah 2005, Chapter 169
46 63F-1-403, as enacted by Laws of Utah 2005, Chapter 169
47 63F-1-501, as enacted by Laws of Utah 2005, Chapter 169
48 63F-1-503, as enacted by Laws of Utah 2005, Chapter 169
49 63F-1-601, as enacted by Laws of Utah 2005, Chapter 169
50 63F-1-603, as enacted by Laws of Utah 2005, Chapter 169
51 REPEALS:
52 63F-1-602, as enacted by Laws of Utah 2005, Chapter 169
53
54 Be it enacted by the Legislature of the state of Utah:
55 Section 1. Section 63F-1-102 is amended to read:
56 63F-1-102. Definitions.
57 As used in this title:
58 (1) "Board" means the Technology Advisory Board created in Section 63F-1-202.
59 (2) "Chief information officer" means the chief information officer appointed under
60 Section 63F-1-201.
61 [
62
63 [
64 dissemination of data.
65 [
66 (5) "Enterprise architecture" means:
67 (a) information technology that can be applied across state government; and
68 (b) support for information technology that can be applied across state government,
69 including:
70 (i) technical support;
71 (ii) master software licenses; and
72 (iii) hardware and software standards.
73 (6) (a) Except as provided in Subsection (6)(b), "executive branch agency" means an
74 agency or administrative subunit of state government.
75 (b) "Executive branch agency" does not include:
76 (i) the legislative branch;
77 (ii) the judicial branch;
78 (iii) the State Board of Education;
79 (iv) the Board of Regents;
80 (v) institutions of higher education;
81 (vi) independent entities as defined in Section 63E-1-102; and
82 (vii) elective constitutional offices of the executive department which includes:
83 (A) the state auditor;
84 (B) the state treasurer; and
85 (C) the attorney general.
86 (7) "Executive branch strategic plan" means the executive branch strategic plan created
87 under Section 63F-1-203.
88 (8) "Individual with a disability" means an individual with a condition that meets the
89 definition of "disability" in 42 U.S.C. Sec. 12102.
90 (9) "Information technology" means all computerized and auxiliary automated
91 information handling, including:
92 (a) systems design and analysis;
93 (b) acquisition, storage, and conversion of data;
94 (c) computer programming;
95 (d) information storage and retrieval;
96 (e) voice, [
97 (f) requisite systems controls;
98 (g) simulation; and
99 (h) all related interactions between people and machines.
100 (10) "State information architecture" means a logically consistent set of principles,
101 policies, and standards that guide the engineering of state government's information technology
102 and infrastructure in a way that ensures alignment with state government's business and service
103 needs.
104 [
105
106
107 Section 2. Section 63F-1-104 is amended to read:
108 63F-1-104. Purposes.
109 The department shall:
110 (1) lead state executive branch agency efforts to establish and reengineer the state's
111 information technology architecture with the goal of coordinating central and individual agency
112 information technology in a manner that:
113 (a) ensures compliance with the executive branch agency strategic plan; and
114 (b) ensures that cost-effective, efficient information and communication systems and
115 resources are being used by agencies to:
116 (i) reduce data, hardware, and software redundancy;
117 (ii) improve system interoperability and data accessibility between agencies; and
118 (iii) meet the agency's and user's business and service needs;
119 (2) coordinate an executive branch strategic plan for all agencies;
120 [
121
122
123
124 [
125 practices and standards [
126 [
127 year:
128 (a) evaluate the adequacy of the department's and the executive branch agencies' data
129 and information technology system security standards through an independent third party
130 assessment; and
131 (b) communicate the results of the independent third party assessment to the
132 appropriate executive branch agencies and to the president of the Senate and the speaker of the
133 House of Representatives;
134 [
135 management principles as they relate to information technology projects within the executive
136 branch;
137 [
138 and private sector providers of information technology products and services;
139 [
140 [
141 agencies to ensure quality products and services are delivered on schedule and within budget;
142 [
143 methodology and cost-benefit analysis that all agencies shall utilize for application
144 development activities;
145 [
146 [
147 [
148 existing information technology projects within the executive branch and report to the governor
149 and the Public Utilities, Energy, and Technology Interim Committee on a semiannual basis
150 regarding the status of information technology projects; and
151 [
152 development of information technology budgets for agencies.
153 Section 3. Section 63F-1-106 is amended to read:
154 63F-1-106. Executive director -- Jurisdiction over office directors -- Authority.
155 (1) The executive director of the department:
156 (a) has administrative jurisdiction over each [
157 the [
158 (b) may make changes in department personnel and each office's service functions in
159 the divisions under the director's administrative jurisdiction[
160 (c) may authorize [
161
162
163 (2) The executive director may, to facilitate department management, establish offices
164 and bureaus to perform functions such as budgeting, planning, and personnel administration [
165
166 (3) (a) The executive director may hire employees in the department, divisions, and
167 offices as permitted by department resources.
168 (b) Except as provided in Subsection (4), [
169 department [
170 Section 67-19-15.
171 (4) (a) An employee of an executive branch agency who was a career service employee
172 as of July 1, 2005 who is transferred to the Department of Technology Services continues in
173 the employee's career service status during the employee's service to the Department of
174 Technology Services if the duties of the position in the new department are substantially
175 similar to those in the employee's previous position.
176 (b) A career service employee transferred to the new department under the provisions
177 of Subsection (4)(a), whose duties or responsibilities subsequently change, may not be
178 converted to exempt status without the review process required by Subsection 67-19-15(3).
179 [
180
181 [
182 [
183
184 [
185 [
186
187
188
189 [
190
191
192
193 Section 4. Section 63F-1-202 is amended to read:
194 63F-1-202. Technology Advisory Board -- Membership -- Duties.
195 (1) There is created the Technology Advisory Board to the chief information officer.
196 The board shall have seven members as follows:
197 (a) three members appointed by the governor who are individuals actively involved in
198 business planning for state agencies;
199 (b) one member appointed by the governor who is actively involved in business
200 planning for higher education or public education;
201 (c) one member appointed by the speaker of the House of Representatives and
202 president of the Senate [
203
204 (d) one member appointed by the Judicial Council [
205 and
206 (e) one member appointed by the governor who represents private sector business
207 needs in the state, but who is not an information technology vendor for the state.
208 (2) (a) The members of the advisory board shall elect a chair from the board by
209 majority vote.
210 (b) The department shall provide staff to the board.
211 (c) (i) A majority of the members of the board constitutes a quorum.
212 (ii) Action by a majority of a quorum of the board constitutes an action of the board.
213 (3) The board shall meet as necessary to advise the chief information officer and assist
214 the chief information officer and executive branch agencies in coming to consensus on:
215 (a) the development and implementation of the state's information technology strategic
216 plan;
217 (b) critical information technology initiatives for the state;
218 (c) the development of standards for state information architecture;
219 (d) identification of the business and technical needs of state agencies;
220 (e) the department's performance measures for service agreements with executive
221 branch agencies and subscribers of services, including a process in which an executive branch
222 agency may review the department's implementation of and compliance with an executive
223 branch agency's data security requirements; and
224 (f) the efficient and effective operation of the department.
225 (4) (a) A member who is not a legislator may not receive compensation or benefits for
226 the member's service, but may receive per diem and travel expenses as allowed in:
227 (i) Section 63A-3-106;
228 (ii) Section 63A-3-107; and
229 (iii) rules made by the Division of Finance [
230 63A-3-106 and 63A-3-107.
231 (b) Compensation and expenses of a member who is a legislator are governed by
232 Section 36-2-2 and Legislative Joint Rules, Title 5, Legislative Compensation and Expenses.
233 Section 5. Section 63F-1-203 is amended to read:
234 63F-1-203. Executive branch information technology strategic plan.
235 (1) In accordance with this section, the chief information officer shall prepare an
236 executive branch information technology strategic plan:
237 (a) that complies with this chapter; and
238 (b) [
239 (i) a strategic plan for the:
240 (A) interchange of information related to information technology between executive
241 branch agencies;
242 (B) coordination between executive branch agencies in the development and
243 maintenance of information technology and information systems, including the coordination of
244 agency information technology plans described in Section 63F-1-204; and
245 (C) protection of the privacy of individuals who use state information technology or
246 information systems, including the implementation of industry best practices for data and
247 system security [
248 (ii) priorities for the development and implementation of information technology or
249 information systems including priorities determined on the basis of:
250 (A) the importance of the information technology or information system; and
251 (B) the time sequencing of the information technology or information system; and
252 (iii) maximizing the use of existing state information technology resources.
253 (2) In the development of the executive branch strategic plan, the chief information
254 officer shall consult with:
255 (a) all cabinet level officials; and
256 (b) the advisory board created in Section 63F-1-202[
257
258 (3) (a) Unless withdrawn by the chief information officer or the governor in accordance
259 with Subsection (3)(b), the executive branch strategic plan takes effect 30 days after the day on
260 which the executive branch strategic plan is submitted to:
261 (i) the governor; and
262 (ii) the Public Utilities, Energy, and Technology Interim Committee.
263 (b) The chief information officer or the governor may withdraw the executive branch
264 strategic plan submitted under Subsection (3)(a) if the governor or chief information officer
265 determines that the executive branch strategic plan:
266 (i) should be modified; or
267 (ii) for any other reason should not take effect.
268 (c) The Public Utilities, Energy, and Technology Interim Committee may make
269 recommendations to the governor and to the chief information officer if the commission
270 determines that the executive branch strategic plan should be modified or for any other reason
271 should not take effect.
272 (d) Modifications adopted by the chief information officer shall be resubmitted to the
273 governor and the Public Utilities, Energy, and Technology Interim Committee for their review
274 or approval as provided in Subsections (3)(a) and (b).
275 (4) (a) The chief information officer shall, on or before January 1, 2014, and each year
276 thereafter, modify the executive branch information technology strategic plan to incorporate
277 security standards that:
278 (i) are identified as industry best practices in accordance with Subsections
279 63F-1-104(3) and (4); and
280 (ii) can be implemented within the budget of the department or the executive branch
281 agencies.
282 (b) The chief information officer shall inform the speaker of the House of
283 Representatives and the president of the Senate on or before January 1 of each year if best
284 practices identified in Subsection (4)(a)(i) are not adopted due to budget issues considered
285 under Subsection (4)(a)(ii).
286 (5) [
287 plan [
288
289 63F-1-204.
290 Section 6. Section 63F-1-204 is amended to read:
291 63F-1-204. Agency information technology plans.
292 (1) (a) By July 1 of each year, each executive branch agency shall submit an agency
293 information technology plan to the chief information officer at the department level, unless the
294 governor or the chief information officer request an information technology plan be submitted
295 by a subunit of a department, or by an executive branch agency other than a department.
296 (b) The information technology plans required by this section shall be in the form and
297 level of detail required by the chief information officer, by administrative rule adopted in
298 accordance with Section 63F-1-206, and shall include, at least:
299 (i) the information technology objectives of the agency;
300 (ii) any performance measures used by the agency for implementing the agency's
301 information technology objectives;
302 (iii) any planned expenditures related to information technology;
303 (iv) the agency's need for appropriations for information technology;
304 (v) how the agency's development of information technology coordinates with other
305 state and local governmental entities;
306 (vi) any efforts the agency has taken to develop public and private partnerships to
307 accomplish the information technology objectives of the agency;
308 (vii) the efforts the executive branch agency has taken to conduct transactions
309 electronically in compliance with Section 46-4-503; and
310 (viii) the executive branch agency's plan for the timing and method of verifying the
311 department's security standards, if an agency intends to verify the department's security
312 standards for the data that the agency maintains or transmits through the department's servers.
313 (2) (a) Except as provided in Subsection (2)(b), an agency information technology plan
314 described in Subsection (1) shall comply with the executive branch strategic plan established in
315 accordance with Section 63F-1-203.
316 (b) If the executive branch agency submitting the agency information technology plan
317 justifies the need to depart from the executive branch strategic plan, an agency information
318 technology plan may depart from the executive branch strategic plan to the extent approved by
319 the chief information officer.
320 [
321
322
323
324 [
325
326 [
327 [
328 plan and state information architecture; or
329 [
330 strategic plan or state information architecture, whether the executive branch entity is justified
331 in departing from the executive branch strategic plan, or state information architecture; and
332 [
333 [
334 [
335 [
336
337 [
338 Subsection [
339 may:
340 (a) approve the agency information technology plan;
341 (b) disapprove the agency information technology plan; or
342 (c) recommend modifications to the agency information technology plan.
343 [
344 appropriation related to information technology or an information technology system to the
345 governor in accordance with Section 63J-1-201 until after the executive branch agency's
346 information technology plan is approved by the chief information officer.
347 Section 7. Section 63F-1-205 is amended to read:
348 63F-1-205. Approval of acquisitions of information technology.
349 (1) (a) Except as provided in Title 63N, Chapter 13, Part 2, Government Procurement
350 Private Proposal Program, in accordance with Subsection (2), the chief information officer
351 shall approve the acquisition by an executive branch agency of:
352 (i) information technology equipment;
353 (ii) telecommunications equipment;
354 (iii) software;
355 (iv) services related to the items listed in Subsections (1)(a)(i) through (iii); and
356 (v) data acquisition.
357 (b) The chief information officer may negotiate the purchase, lease, or rental of private
358 or public information technology or telecommunication services or facilities in accordance with
359 this section.
360 (c) Where practical, efficient, and economically beneficial, the chief information
361 officer shall use existing private and public information technology or telecommunication
362 resources.
363 (d) Notwithstanding another provision of this section, an acquisition authorized by this
364 section shall comply with rules made by the applicable rulemaking authority under Title 63G,
365 Chapter 6a, Utah Procurement Code.
366 (2) Before negotiating a purchase, lease, or rental under Subsection (1) for an amount
367 that exceeds the value established by the chief information officer by rule in accordance with
368 Section 63F-1-206, the chief information officer shall:
369 (a) conduct an analysis of the needs of executive branch agencies and subscribers of
370 services and the ability of the proposed information technology or telecommunications services
371 or supplies to meet those needs; and
372 (b) for purchases, leases, or rentals not covered by an existing statewide contract,
373 certify in writing to the chief procurement officer in the Division of Purchasing and General
374 Services that:
375 (i) the analysis required in Subsection (2)(a) was completed; and
376 (ii) based on the analysis, the proposed purchase, lease, rental, or master contract of
377 services, products, or supplies is practical, efficient, and economically beneficial to the state
378 and the executive branch agency or subscriber of services.
379 (3) In approving an acquisition described in Subsections (1) and (2), the chief
380 information officer shall:
381 (a) establish by administrative rule, in accordance with Section 63F-1-206, standards
382 under which an agency must obtain approval from the chief information officer before
383 acquiring the items listed in Subsections (1) and (2);
384 (b) for those acquisitions requiring approval, determine whether the acquisition is in
385 compliance with:
386 (i) the executive branch strategic plan;
387 (ii) the applicable agency information technology plan;
388 (iii) the budget for the executive branch agency or department as adopted by the
389 Legislature;
390 (iv) Title 63G, Chapter 6a, Utah Procurement Code; and
391 (v) the information technology accessibility standards described in Section 63F-1-210;
392 and
393 (c) in accordance with Section 63F-1-207, require coordination of acquisitions between
394 two or more executive branch agencies if it is in the best interests of the state.
395 (4) [
396 complete access to all information technology records, documents, and reports:
397 [
398 [
399 Subsection (1).
400 [
401 (5) (a) In accordance with administrative rules established by the department under
402 Section 63F-1-206, [
403
404 new technology project unless the technology project is described in a formal project plan and
405 [
406 [
407 (b) The project plan and business case analysis required by this Subsection [
408 shall [
409 (i) a statement of work to be done and existing work to be modified or displaced;
410 (ii) total cost of system development and conversion effort, including system analysis
411 and programming costs, establishment of master files, testing, documentation, special
412 equipment cost and all other costs, including overhead;
413 (iii) savings or added operating costs that will result after conversion;
414 (iv) other advantages or reasons that justify the work;
415 (v) source of funding of the work, including ongoing costs;
416 (vi) consistency with budget submissions and planning components of budgets; and
417 (vii) whether the work is within the scope of projects or initiatives envisioned when the
418 current fiscal year budget was approved.
419 (c) The chief information officer shall determine the required form of the project plan
420 and business case analysis described in this Subsection (5).
421 [
422 Services within the Department of Administrative Services shall work cooperatively to
423 establish procedures under which the chief information officer shall monitor and approve
424 acquisitions as provided in this section.
425 Section 8. Section 63F-1-206 is amended to read:
426 63F-1-206. Rulemaking -- Policies.
427 (1) (a) Except as provided in Subsection (2), the chief information officer shall, by rule
428 made in accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act[
429
430 (i) provide standards that impose requirements on executive branch agencies that:
431 (A) are related to the security of the statewide area network; and
432 (B) establish standards for when an agency must obtain approval before obtaining
433 items listed in Subsection 63F-1-205(1);
434 (ii) specify the detail and format required in an agency information technology plan
435 submitted in accordance with Section 63F-1-204;
436 (iii) provide for standards related to the privacy policies of websites operated by or on
437 behalf of an executive branch agency;
438 (iv) provide for the acquisition, licensing, and sale of computer software;
439 (v) specify the requirements for the project plan and business case analysis required by
440 Section 63F-1-205;
441 (vi) provide for project oversight of agency technology projects when required by
442 Section 63F-1-205;
443 (vii) establish, in accordance with Subsection 63F-1-205(2), the implementation of the
444 needs assessment for information technology purchases;
445 (viii) establish telecommunications standards and specifications in accordance with
446 Section 63F-1-404; and
447 (ix) establish standards for accessibility of information technology by individuals with
448 disabilities in accordance with Section 63F-1-210.
449 (b) The rulemaking authority [
450 other rulemaking authority granted by this title.
451 (2) (a) Notwithstanding Title 63G, Chapter 3, Utah Administrative Rulemaking Act,
452 and subject to Subsection (2)(b), the chief information officer may adopt a policy that outlines
453 procedures to be followed by the chief information officer in facilitating the implementation of
454 this title by executive branch agencies if the policy:
455 (i) is consistent with the executive branch strategic plan; and
456 (ii) is not required to be made by rule under Subsection (1) or Section 63G-3-201.
457 (b) (i) A policy adopted by the chief information officer under Subsection (2)(a) may
458 not take effect until 30 days after the day on which the chief information officer submits the
459 policy to:
460 (A) the governor; and
461 (B) all cabinet level officials.
462 (ii) During the 30-day period described in Subsection (2)(b)(i), cabinet level officials
463 may review and comment on a policy submitted under Subsection (2)(b)(i).
464 (3) (a) Notwithstanding Subsection (1) or (2) or Title 63G, Chapter 3, Utah
465 Administrative Rulemaking Act, without following the procedures of Subsection (1) or (2), the
466 chief information officer may adopt a security procedure to be followed by executive branch
467 agencies to protect the statewide area network if:
468 (i) broad communication of the security procedure would create a significant potential
469 for increasing the vulnerability of the statewide area network to breach or attack; and
470 (ii) after consultation with the chief information officer, the governor agrees that broad
471 communication of the security procedure would create a significant potential increase in the
472 vulnerability of the statewide area network to breach or attack.
473 (b) A security procedure described in Subsection (3)(a) is classified as a protected
474 record under Title 63G, Chapter 2, Government Records Access and Management Act.
475 (c) The chief information officer shall provide a copy of the security procedure as a
476 protected record to:
477 (i) the chief justice of the Utah Supreme Court for the judicial branch;
478 (ii) the speaker of the House of Representatives and the president of the Senate for the
479 legislative branch;
480 (iii) the chair of the Board of Regents; and
481 (iv) the chair of the State Board of Education.
482 Section 9. Section 63F-1-207 is amended to read:
483 63F-1-207. Coordination within the executive branch -- Cooperation with other
484 branches.
485 (1) In accordance with the executive branch strategic plan and the requirements of this
486 title, the chief information officer shall coordinate the development of information technology
487 systems between two or more executive branch agencies subject to:
488 (a) the budget approved by the Legislature; and
489 (b) Title 63J, Chapter 1, Budgetary Procedures Act.
490 (2) In addition to the coordination described in Subsection (1), the chief information
491 officer shall promote cooperation regarding information technology [
492
493 branches of state government.
494 Section 10. Section 63F-1-208 is amended to read:
495 63F-1-208. Delegation of department functions.
496 (1) (a) If the conditions of Subsections (1)(b) and (2) are met and subject to the other
497 provisions of this section, the chief information officer may delegate a function of the
498 department to another executive branch agency or an institution of higher education by contract
499 or other means authorized by law.
500 (b) The chief information officer may delegate a function of the department as
501 provided in Subsection (1)(a) if in the judgment of the director of the executive branch agency[
502
503 (i) the executive branch agency or institution of higher education has requested that the
504 function be delegated;
505 (ii) the executive branch agency or institution of higher education has the necessary
506 resources and skills to perform or control the function to be delegated; and
507 (iii) the function to be delegated is a unique or [
508 function of the agency or institution of higher education [
509
510
511 (2) The chief information officer may delegate a function of the department only when
512 the delegation results in net cost savings or improved service delivery to the state as a whole or
513 to the unique mission critical function of the executive branch agency.
514 (3) The delegation of a function under this section shall:
515 (a) be in writing;
516 (b) contain all of the following:
517 (i) a precise definition of each function to be delegated;
518 (ii) a clear description of the standards to be met in performing each function
519 delegated;
520 (iii) a provision for periodic administrative audits by the [
521
522 (iv) a date on which the agreement shall terminate if the agreement has not been
523 previously terminated or renewed; and
524 (v) any delegation of department staff to the agency to support the function in-house
525 with the agency and rates to be charged for the delegated staff; and
526 (c) include a cost-benefit analysis justifying the delegation [
527
528 (4) An agreement to delegate functions to an executive branch agency or an institution
529 of higher education may be terminated by the department if the results of an administrative
530 audit conducted by the [
531 agreement by the executive branch agency or institution of higher education.
532 Section 11. Section 63F-1-209 is amended to read:
533 63F-1-209. Delegation of department staff to executive branch agencies --
534 Prohibition against executive branch agency information technology staff.
535 (1) (a) The chief information officer shall assign department staff to serve an agency
536 in-house if the chief information officer and the executive branch agency director jointly
537 determine it is appropriate to provide information technology services to:
538 (i) the agency's unique [
539 (ii) the agency's participation in and use of statewide enterprise architecture [
540
541 (iii) the agency's use of coordinated technology services with other agencies that share
542 similar characteristics with the agency [
543 (b) (i) An agency may request the chief information officer to assign in-house staff
544 support from the department.
545 (ii) The chief information officer shall respond to the agency's request for in-house
546 staff support in accordance with Subsection (1)(a).
547 (c) The department shall enter into service agreements with an agency when
548 department staff is assigned in-house to the agency under the provisions of this section.
549 (d) An agency that receives in-house staff support assigned from the department under
550 the provision of this section is responsible for paying the rates charged by the department for
551 that staff as established under Section 63F-1-301.
552 (2) (a) [
553 equivalent position or part-time position, or request an appropriation to fund a full-time
554 equivalent position or part-time position under the provisions of Section 63J-1-201 for the
555 purpose of providing information technology services to the agency unless:
556 (i) the chief information officer has approved a delegation under Section 63F-1-208;
557 and
558 (ii) the [
559 63F-1-604 and finds that the delegation of information technology services to the agency meets
560 the requirements of Section 63F-1-208.
561 (b) The prohibition against a request for appropriation under Subsection (2)(a) does not
562 apply to a request for appropriation needed to pay rates imposed under Subsection (1)(d).
563 Section 12. Section 63F-1-210 is amended to read:
564 63F-1-210. Accessibility standards for executive branch agency information
565 technology.
566 (1) The chief information officer shall establish, by rule made in accordance with Title
567 63G, Chapter 3, Utah Administrative Rulemaking Act:
568 (a) minimum standards for accessibility of executive branch agency information
569 technology by an individual with a disability that:
570 (i) include accessibility criteria for:
571 (A) agency websites;
572 (B) hardware and software procured by an executive branch agency; and
573 (C) information systems used by executive branch agency employees; [
574 (ii) include a protocol to evaluate the standards via testing by individuals with a variety
575 of access limitations; and
576 (iii) are, at minimum, consistent with the most recent Web Content Accessibility
577 guidelines published by the World Wide Web Consortium; and
578 (b) grievance procedures for an individual with a disability who is unable to access
579 executive branch agency information technology, including:
580 (i) a process for an individual with a disability to report the access issue to the chief
581 information officer; and
582 (ii) a mechanism through which the chief information officer can respond to the
583 report[
584
585 (2) The chief information officer shall update the standards described in Subsection
586 (1)(a) at least every three years to reflect advances in technology.
587 Section 13. Section 63F-1-211 is enacted to read:
588 63F-1-211. Chief information security officer.
589 (1) The chief information officer shall appoint a chief information security officer.
590 (2) The chief information security officer described in Subsection (1) shall:
591 (a) assess cybersecurity risks;
592 (b) coordinate with executive branch agencies to assess the sensitivity of information;
593 and
594 (c) manage cybersecurity support for the department and executive branch agencies.
595 Section 14. Section 63F-1-212 is enacted to read:
596 63F-1-212. Report to the Legislature.
597 The department shall, before November 1 of each year, report to the Public Utilities,
598 Energy, and Technology Interim Committee on:
599 (1) performance measures that the department uses to assess the department's
600 effectiveness in performing the department's duties under this chapter; and
601 (2) the department's performance, evaluated in accordance with the performance
602 measures described in Subsection (1).
603 Section 15. Section 63F-1-401 is repealed and reenacted to read:
604
605 63F-1-401. Title.
606 This part is known as "Enterprise Technology."
607 Section 16. Section 63F-1-403 is repealed and reenacted to read:
608 63F-1-403. Enterprise technology -- Chief information officer manages.
609 The chief information officer shall manage the department's duties related to enterprise
610 technology.
611 Section 17. Section 63F-1-404 is amended to read:
612 63F-1-404. Duties of the department -- Enterprise technology.
613 The [
614 (1) develop and implement an effective enterprise architecture governance model for
615 the executive branch;
616 (2) provide oversight of information technology projects that impact statewide
617 information technology services, assets, or functions of state government to:
618 (a) control costs;
619 (b) ensure business value to a project;
620 (c) maximize resources;
621 (d) ensure the uniform application of best practices; and
622 (e) avoid duplication of resources;
623 (3) develop a method of accountability to agencies for services provided by the
624 [
625 [
626
627
628
629 [
630 management of applications, standards, and procurement of enterprise architecture;
631 [
632 telecommunication systems;
633 [
634 (a) to executive branch agencies and subscribers to the services; and
635 (b) related to information technology or telecommunications;
636 [
637 (a) one or more executive branch agencies; or
638 (b) one or more entities that subscribe to the telecommunication systems in accordance
639 with Section 63F-1-303;
640 [
641 (a) state telecommunication users;
642 (b) executive branch agencies; and
643 (c) other subscribers to the state's telecommunication systems;
644 [
645 municipalities in the development, implementation, and maintenance of:
646 (a) (i) governmental information technology; or
647 (ii) governmental telecommunication systems; and
648 (b) (i) as part of a cooperative organization; or
649 (ii) through means other than a cooperative organization;
650 [
651 (a) one or more state data centers; and
652 (b) one or more regional computer centers;
653 [
654 mobile, or radio telecommunication systems that are used in the delivery of services for state
655 government or its political subdivisions; and
656 [
657 minimum standards to be used by the [
658 procedures, programming languages, codes, and media that facilitate the exchange of
659 information within and among telecommunication systems[
660 [
661
662 [
663
664 [
665 [
666 [
667 Section 18. Section 63F-1-501 is repealed and reenacted to read:
668
669 63F-1-501. Title.
670 This part is known as "Integrated Technology."
671 Section 19. Section 63F-1-502 is amended to read:
672 63F-1-502. Definitions.
673 As used in this part:
674 (1) "Center" means the Automated Geographic Reference Center created in Section
675 63F-1-506.
676 (2) "Database" means the State Geographic Information Database created in Section
677 63F-1-507.
678 [
679 [
680 [
681 integration and map production system that interrelates disparate layers of data to specific
682 geographic locations.
683 [
684 Section 63F-1-507.
685 [
686 network created in Section 63F-1-509.
687 Section 20. Section 63F-1-503 is repealed and reenacted to read:
688 63F-1-503. Integrated technology -- Chief information officer manages.
689 The chief information officer shall manage the department's duties related to integrated
690 technology.
691 Section 21. Section 63F-1-504 is amended to read:
692 63F-1-504. Duties of the department -- Integrated technology.
693 The [
694 (1) establish standards for the information technology needs of a collection of
695 executive branch agencies or programs that share common characteristics relative to the types
696 of stakeholders they serve, including:
697 (a) project management;
698 (b) application development; and
699 (c) procurement;
700 (2) provide oversight of information technology standards that impact multiple
701 executive branch agency information technology services, assets, or functions to:
702 (a) control costs;
703 (b) ensure business value to a project;
704 (c) maximize resources;
705 (d) ensure the uniform application of best practices; and
706 (e) avoid duplication of resources; and
707 [
708
709
710 [
711
712 [
713
714 [
715
716
717 [
718 [
719 [
720
721 [
722
723 [
724 agreements[
725 [
726
727
728 [
729
730 Section 22. Section 63F-1-601 is repealed and reenacted to read:
731
732 63F-1-601. Title.
733 This part is known as "Agency Services."
734 Section 23. Section 63F-1-603 is repealed and reenacted to read:
735 63F-1-603. Agency services -- Chief information officer manages.
736 The chief information officer shall manage the department's duties related to agency
737 services.
738 Section 24. Section 63F-1-604 is amended to read:
739 63F-1-604. Duties of the department -- Agency services.
740 The [
741 (1) be responsible for providing support to executive branch agencies for an agency's
742 information technology assets and functions that are unique to the executive branch agency and
743 are mission critical functions of the agency;
744 [
745
746 [
747
748 [
749 agencies;
750 [
751
752 [
753
754 [
755 [
756 coordinating department services with agency needs; and
757 [
758 rule adopted by the chief information officer[
759
760
761 Section 25. Repealer.
762 This bill repeals:
763 Section 63F-1-602, Definitions.