7 LONG TITLE
8 General Description:
9 This bill amends provisions related to state technology governance.
10 Highlighted Provisions:
11 This bill:
12 ▸ eliminates divisions within the Department of Technology Services;
13 ▸ assigns duties formerly assigned to divisions within the Department of Technology
14 Services to the Department of Technology Services and the chief information
15 officer within the Department of Technology Services;
16 ▸ directs the chief information officer within the Department of Technology Services
17 to appoint a chief information security officer; and
18 ▸ defines terms.
19 Money Appropriated in this Bill:
21 Other Special Clauses:
23 Utah Code Sections Affected:
25 63F-1-102, as last amended by Laws of Utah 2015, Chapter 114
26 63F-1-104, as last amended by Laws of Utah 2016, Chapter 13
27 63F-1-106, as enacted by Laws of Utah 2005, Chapter 169
28 63F-1-202, as last amended by Laws of Utah 2014, Chapter 387
29 63F-1-203, as last amended by Laws of Utah 2016, Chapter 13
30 63F-1-204, as last amended by Laws of Utah 2013, Chapter 53
31 63F-1-205, as last amended by Laws of Utah 2016, Chapter 355
32 63F-1-206, as last amended by Laws of Utah 2015, Chapter 114
33 63F-1-207, as last amended by Laws of Utah 2008, Chapter 382
34 63F-1-208, as enacted by Laws of Utah 2005, Chapter 169
35 63F-1-209, as last amended by Laws of Utah 2008, Chapter 382
36 63F-1-210, as enacted by Laws of Utah 2015, Chapter 114
37 63F-1-404, as last amended by Laws of Utah 2016, Chapter 13
38 63F-1-502, as enacted by Laws of Utah 2005, Chapter 169
39 63F-1-504, as last amended by Laws of Utah 2016, Chapter 13
40 63F-1-604, as last amended by Laws of Utah 2016, Chapter 13
42 63F-1-211, Utah Code Annotated 1953
43 63F-1-212, Utah Code Annotated 1953
44 REPEALS AND REENACTS:
45 63F-1-401, as enacted by Laws of Utah 2005, Chapter 169
46 63F-1-403, as enacted by Laws of Utah 2005, Chapter 169
47 63F-1-501, as enacted by Laws of Utah 2005, Chapter 169
48 63F-1-503, as enacted by Laws of Utah 2005, Chapter 169
49 63F-1-601, as enacted by Laws of Utah 2005, Chapter 169
50 63F-1-603, as enacted by Laws of Utah 2005, Chapter 169
52 63F-1-602, as enacted by Laws of Utah 2005, Chapter 169
54 Be it enacted by the Legislature of the state of Utah:
55 Section 1. Section 63F-1-102 is amended to read:
56 63F-1-102. Definitions.
57 As used in this title:
58 (1) "Board" means the Technology Advisory Board created in Section 63F-1-202.
59 (2) "Chief information officer" means the chief information officer appointed under
60 Section 63F-1-201.
64 dissemination of data.
66 (5) "Enterprise architecture" means:
67 (a) information technology that can be applied across state government; and
68 (b) support for information technology that can be applied across state government,
70 (i) technical support;
71 (ii) master software licenses; and
72 (iii) hardware and software standards.
73 (6) (a) Except as provided in Subsection (6)(b), "executive branch agency" means an
74 agency or administrative subunit of state government.
75 (b) "Executive branch agency" does not include:
76 (i) the legislative branch;
77 (ii) the judicial branch;
78 (iii) the State Board of Education;
79 (iv) the Board of Regents;
80 (v) institutions of higher education;
81 (vi) independent entities as defined in Section 63E-1-102; and
82 (vii) elective constitutional offices of the executive department which includes:
83 (A) the state auditor;
84 (B) the state treasurer; and
85 (C) the attorney general.
86 (7) "Executive branch strategic plan" means the executive branch strategic plan created
87 under Section 63F-1-203.
88 (8) "Individual with a disability" means an individual with a condition that meets the
89 definition of "disability" in 42 U.S.C. Sec. 12102.
90 (9) "Information technology" means all computerized and auxiliary automated
91 information handling, including:
92 (a) systems design and analysis;
93 (b) acquisition, storage, and conversion of data;
94 (c) computer programming;
95 (d) information storage and retrieval;
96 (e) voice, [
97 (f) requisite systems controls;
98 (g) simulation; and
99 (h) all related interactions between people and machines.
100 (10) "State information architecture" means a logically consistent set of principles,
101 policies, and standards that guide the engineering of state government's information technology
102 and infrastructure in a way that ensures alignment with state government's business and service
107 Section 2. Section 63F-1-104 is amended to read:
108 63F-1-104. Purposes.
109 The department shall:
110 (1) lead state executive branch agency efforts to establish and reengineer the state's
111 information technology architecture with the goal of coordinating central and individual agency
112 information technology in a manner that:
113 (a) ensures compliance with the executive branch agency strategic plan; and
114 (b) ensures that cost-effective, efficient information and communication systems and
115 resources are being used by agencies to:
116 (i) reduce data, hardware, and software redundancy;
117 (ii) improve system interoperability and data accessibility between agencies; and
118 (iii) meet the agency's and user's business and service needs;
119 (2) coordinate an executive branch strategic plan for all agencies;
125 practices and standards [
128 (a) evaluate the adequacy of the department's and the executive branch agencies' data
129 and information technology system security standards through an independent third party
130 assessment; and
131 (b) communicate the results of the independent third party assessment to the
132 appropriate executive branch agencies and to the president of the Senate and the speaker of the
133 House of Representatives;
135 management principles as they relate to information technology projects within the executive
138 and private sector providers of information technology products and services;
141 agencies to ensure quality products and services are delivered on schedule and within budget;
143 methodology and cost-benefit analysis that all agencies shall utilize for application
144 development activities;
148 existing information technology projects within the executive branch and report to the governor
149 and the Public Utilities, Energy, and Technology Interim Committee on a semiannual basis
150 regarding the status of information technology projects; and
152 development of information technology budgets for agencies.
153 Section 3. Section 63F-1-106 is amended to read:
154 63F-1-106. Executive director -- Jurisdiction over divisions and office directors --
156 (1) The executive director of the department:
157 (a) has administrative jurisdiction over each [
158 the [
159 (b) may make changes in department personnel and each office's service functions in
160 the divisions under the director's administrative jurisdiction[
161 (c) may authorize [
164 (2) The executive director may, to facilitate department management, establish offices
165 and bureaus to perform functions such as budgeting, planning, and personnel administration [
167 (3) (a) The executive director may hire employees in the department, divisions, and
168 offices as permitted by department resources.
169 (b) Except as provided in Subsection (4), [
170 department [
171 Section 67-19-15.
172 (4) (a) An employee of an executive branch agency who was a career service employee
173 as of July 1, 2005 who is transferred to the Department of Technology Services continues in
174 the employee's career service status during the employee's service to the Department of
175 Technology Services if the duties of the position in the new department are substantially
176 similar to those in the employee's previous position.
177 (b) A career service employee transferred to the new department under the provisions
178 of Subsection (4)(a), whose duties or responsibilities subsequently change, may not be
179 converted to exempt status without the review process required by Subsection 67-19-15(3).
194 Section 4. Section 63F-1-202 is amended to read:
195 63F-1-202. Technology Advisory Board -- Membership -- Duties.
196 (1) There is created the Technology Advisory Board to the chief information officer.
197 The board shall have seven members as follows:
198 (a) three members appointed by the governor who are individuals actively involved in
199 business planning for state agencies;
200 (b) one member appointed by the governor who is actively involved in business
201 planning for higher education or public education;
202 (c) one member appointed by the speaker of the House of Representatives and
203 president of the Senate [
205 (d) one member appointed by the Judicial Council [
207 (e) one member appointed by the governor who represents private sector business
208 needs in the state, but who is not an information technology vendor for the state.
209 (2) (a) The members of the advisory board shall elect a chair from the board by
210 majority vote.
211 (b) The department shall provide staff to the board.
212 (c) (i) A majority of the members of the board constitutes a quorum.
213 (ii) Action by a majority of a quorum of the board constitutes an action of the board.
214 (3) The board shall meet as necessary to advise the chief information officer and assist
215 the chief information officer and executive branch agencies in coming to consensus on:
216 (a) the development and implementation of the state's information technology strategic
218 (b) critical information technology initiatives for the state;
219 (c) the development of standards for state information architecture;
220 (d) identification of the business and technical needs of state agencies;
221 (e) the department's performance measures for service agreements with executive
222 branch agencies and subscribers of services, including a process in which an executive branch
223 agency may review the department's implementation of and compliance with an executive
224 branch agency's data security requirements; and
225 (f) the efficient and effective operation of the department.
226 (4) (a) A member who is not a legislator may not receive compensation or benefits for
227 the member's service, but may receive per diem and travel expenses as allowed in:
228 (i) Section 63A-3-106;
229 (ii) Section 63A-3-107; and
230 (iii) rules made by the Division of Finance [
231 63A-3-106 and 63A-3-107.
232 (b) Compensation and expenses of a member who is a legislator are governed by
233 Section 36-2-2 and Legislative Joint Rules, Title 5, Legislative Compensation and Expenses.
234 Section 5. Section 63F-1-203 is amended to read:
235 63F-1-203. Executive branch information technology strategic plan.
236 (1) In accordance with this section, the chief information officer shall prepare an
237 executive branch information technology strategic plan:
238 (a) that complies with this chapter; and
239 (b) [
240 (i) a strategic plan for the:
241 (A) interchange of information related to information technology between executive
242 branch agencies;
243 (B) coordination between executive branch agencies in the development and
244 maintenance of information technology and information systems, including the coordination of
245 agency information technology plans described in Section 63F-1-204; and
246 (C) protection of the privacy of individuals who use state information technology or
247 information systems, including the implementation of industry best practices for data and
248 system security [
249 (ii) priorities for the development and implementation of information technology or
250 information systems including priorities determined on the basis of:
251 (A) the importance of the information technology or information system; and
252 (B) the time sequencing of the information technology or information system; and
253 (iii) maximizing the use of existing state information technology resources.
254 (2) In the development of the executive branch strategic plan, the chief information
255 officer shall consult with:
256 (a) all cabinet level officials; and
257 (b) the advisory board created in Section 63F-1-202[
259 (3) (a) Unless withdrawn by the chief information officer or the governor in accordance
260 with Subsection (3)(b), the executive branch strategic plan takes effect 30 days after the day on
261 which the executive branch strategic plan is submitted to:
262 (i) the governor; and
263 (ii) the Public Utilities, Energy, and Technology Interim Committee.
264 (b) The chief information officer or the governor may withdraw the executive branch
265 strategic plan submitted under Subsection (3)(a) if the governor or chief information officer
266 determines that the executive branch strategic plan:
267 (i) should be modified; or
268 (ii) for any other reason should not take effect.
269 (c) The Public Utilities, Energy, and Technology Interim Committee may make
270 recommendations to the governor and to the chief information officer if the commission
271 determines that the executive branch strategic plan should be modified or for any other reason
272 should not take effect.
273 (d) Modifications adopted by the chief information officer shall be resubmitted to the
274 governor and the Public Utilities, Energy, and Technology Interim Committee for their review
275 or approval as provided in Subsections (3)(a) and (b).
276 (4) (a) The chief information officer shall, on or before January 1, 2014, and each year
277 thereafter, modify the executive branch information technology strategic plan to incorporate
278 security standards that:
279 (i) are identified as industry best practices in accordance with Subsections
280 63F-1-104(3) and (4); and
281 (ii) can be implemented within the budget of the department or the executive branch
283 (b) The chief information officer shall inform the speaker of the House of
284 Representatives and the president of the Senate on or before January 1 of each year if best
285 practices identified in Subsection (4)(a)(i) are not adopted due to budget issues considered
286 under Subsection (4)(a)(ii).
287 (5) [
288 plan [
291 Section 6. Section 63F-1-204 is amended to read:
292 63F-1-204. Agency information technology plans.
293 (1) (a) By July 1 of each year, each executive branch agency shall submit an agency
294 information technology plan to the chief information officer at the department level, unless the
295 governor or the chief information officer request an information technology plan be submitted
296 by a subunit of a department, or by an executive branch agency other than a department.
297 (b) The information technology plans required by this section shall be in the form and
298 level of detail required by the chief information officer, by administrative rule adopted in
299 accordance with Section 63F-1-206, and shall include, at least:
300 (i) the information technology objectives of the agency;
301 (ii) any performance measures used by the agency for implementing the agency's
302 information technology objectives;
303 (iii) any planned expenditures related to information technology;
304 (iv) the agency's need for appropriations for information technology;
305 (v) how the agency's development of information technology coordinates with other
306 state and local governmental entities;
307 (vi) any efforts the agency has taken to develop public and private partnerships to
308 accomplish the information technology objectives of the agency;
309 (vii) the efforts the executive branch agency has taken to conduct transactions
310 electronically in compliance with Section 46-4-503; and
311 (viii) the executive branch agency's plan for the timing and method of verifying the
312 department's security standards, if an agency intends to verify the department's security
313 standards for the data that the agency maintains or transmits through the department's servers.
314 (2) (a) Except as provided in Subsection (2)(b), an agency information technology plan
315 described in Subsection (1) shall comply with the executive branch strategic plan established in
316 accordance with Section 63F-1-203.
317 (b) If the executive branch agency submitting the agency information technology plan
318 justifies the need to depart from the executive branch strategic plan, an agency information
319 technology plan may depart from the executive branch strategic plan to the extent approved by
320 the chief information officer.
329 plan and state information architecture; or
331 strategic plan or state information architecture, whether the executive branch entity is justified
332 in departing from the executive branch strategic plan, or state information architecture; and
339 Subsection [
341 (a) approve the agency information technology plan;
342 (b) disapprove the agency information technology plan; or
343 (c) recommend modifications to the agency information technology plan.
345 appropriation related to information technology or an information technology system to the
346 governor in accordance with Section 63J-1-201 until after the executive branch agency's
347 information technology plan is approved by the chief information officer.
348 Section 7. Section 63F-1-205 is amended to read:
349 63F-1-205. Approval of acquisitions of information technology.
350 (1) (a) Except as provided in Title 63N, Chapter 13, Part 2, Government Procurement
351 Private Proposal Program, in accordance with Subsection (2), the chief information officer
352 shall approve the acquisition by an executive branch agency of:
353 (i) information technology equipment;
354 (ii) telecommunications equipment;
355 (iii) software;
356 (iv) services related to the items listed in Subsections (1)(a)(i) through (iii); and
357 (v) data acquisition.
358 (b) The chief information officer may negotiate the purchase, lease, or rental of private
359 or public information technology or telecommunication services or facilities in accordance with
360 this section.
361 (c) Where practical, efficient, and economically beneficial, the chief information
362 officer shall use existing private and public information technology or telecommunication
364 (d) Notwithstanding another provision of this section, an acquisition authorized by this
365 section shall comply with rules made by the applicable rulemaking authority under Title 63G,
366 Chapter 6a, Utah Procurement Code.
367 (2) Before negotiating a purchase, lease, or rental under Subsection (1) for an amount
368 that exceeds the value established by the chief information officer by rule in accordance with
369 Section 63F-1-206, the chief information officer shall:
370 (a) conduct an analysis of the needs of executive branch agencies and subscribers of
371 services and the ability of the proposed information technology or telecommunications services
372 or supplies to meet those needs; and
373 (b) for purchases, leases, or rentals not covered by an existing statewide contract,
374 certify in writing to the chief procurement officer in the Division of Purchasing and General
375 Services that:
376 (i) the analysis required in Subsection (2)(a) was completed; and
377 (ii) based on the analysis, the proposed purchase, lease, rental, or master contract of
378 services, products, or supplies is practical, efficient, and economically beneficial to the state
379 and the executive branch agency or subscriber of services.
380 (3) In approving an acquisition described in Subsections (1) and (2), the chief
381 information officer shall:
382 (a) establish by administrative rule, in accordance with Section 63F-1-206, standards
383 under which an agency must obtain approval from the chief information officer before
384 acquiring the items listed in Subsections (1) and (2);
385 (b) for those acquisitions requiring approval, determine whether the acquisition is in
386 compliance with:
387 (i) the executive branch strategic plan;
388 (ii) the applicable agency information technology plan;
389 (iii) the budget for the executive branch agency or department as adopted by the
391 (iv) Title 63G, Chapter 6a, Utah Procurement Code; and
392 (v) the information technology accessibility standards described in Section 63F-1-210;
394 (c) in accordance with Section 63F-1-207, require coordination of acquisitions between
395 two or more executive branch agencies if it is in the best interests of the state.
396 (4) [
397 complete access to all information technology records, documents, and reports:
400 Subsection (1).
402 (5) (a) In accordance with administrative rules established by the department under
403 Section 63F-1-206, [
405 new technology project unless the technology project is described in a formal project plan and
408 (b) The project plan and business case analysis required by this Subsection [
409 shall [
410 (i) a statement of work to be done and existing work to be modified or displaced;
411 (ii) total cost of system development and conversion effort, including system analysis
412 and programming costs, establishment of master files, testing, documentation, special
413 equipment cost and all other costs, including overhead;
414 (iii) savings or added operating costs that will result after conversion;
415 (iv) other advantages or reasons that justify the work;
416 (v) source of funding of the work, including ongoing costs;
417 (vi) consistency with budget submissions and planning components of budgets; and
418 (vii) whether the work is within the scope of projects or initiatives envisioned when the
419 current fiscal year budget was approved.
420 (c) The chief information officer shall determine the required form of the project plan
421 and business case analysis described in this Subsection (5).
423 Services within the Department of Administrative Services shall work cooperatively to
424 establish procedures under which the chief information officer shall monitor and approve
425 acquisitions as provided in this section.
426 Section 8. Section 63F-1-206 is amended to read:
427 63F-1-206. Rulemaking -- Policies.
428 (1) (a) Except as provided in Subsection (2), the chief information officer shall, by rule
429 made in accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act[
431 (i) provide standards that impose requirements on executive branch agencies that:
432 (A) are related to the security of the statewide area network; and
433 (B) establish standards for when an agency must obtain approval before obtaining
434 items listed in Subsection 63F-1-205(1);
435 (ii) specify the detail and format required in an agency information technology plan
436 submitted in accordance with Section 63F-1-204;
437 (iii) provide for standards related to the privacy policies of websites operated by or on
438 behalf of an executive branch agency;
439 (iv) provide for the acquisition, licensing, and sale of computer software;
440 (v) specify the requirements for the project plan and business case analysis required by
441 Section 63F-1-205;
442 (vi) provide for project oversight of agency technology projects when required by
443 Section 63F-1-205;
444 (vii) establish, in accordance with Subsection 63F-1-205(2), the implementation of the
445 needs assessment for information technology purchases;
446 (viii) establish telecommunications standards and specifications in accordance with
447 Section 63F-1-404; and
448 (ix) establish standards for accessibility of information technology by individuals with
449 disabilities in accordance with Section 63F-1-210.
450 (b) The rulemaking authority [
451 other rulemaking authority granted by this title.
452 (2) (a) Notwithstanding Title 63G, Chapter 3, Utah Administrative Rulemaking Act,
453 and subject to Subsection (2)(b), the chief information officer may adopt a policy that outlines
454 procedures to be followed by the chief information officer in facilitating the implementation of
455 this title by executive branch agencies if the policy:
456 (i) is consistent with the executive branch strategic plan; and
457 (ii) is not required to be made by rule under Subsection (1) or Section 63G-3-201.
458 (b) (i) A policy adopted by the chief information officer under Subsection (2)(a) may
459 not take effect until 30 days after the day on which the chief information officer submits the
460 policy to:
461 (A) the governor; and
462 (B) all cabinet level officials.
463 (ii) During the 30-day period described in Subsection (2)(b)(i), cabinet level officials
464 may review and comment on a policy submitted under Subsection (2)(b)(i).
465 (3) (a) Notwithstanding Subsection (1) or (2) or Title 63G, Chapter 3, Utah
466 Administrative Rulemaking Act, without following the procedures of Subsection (1) or (2), the
467 chief information officer may adopt a security procedure to be followed by executive branch
468 agencies to protect the statewide area network if:
469 (i) broad communication of the security procedure would create a significant potential
470 for increasing the vulnerability of the statewide area network to breach or attack; and
471 (ii) after consultation with the chief information officer, the governor agrees that broad
472 communication of the security procedure would create a significant potential increase in the
473 vulnerability of the statewide area network to breach or attack.
474 (b) A security procedure described in Subsection (3)(a) is classified as a protected
475 record under Title 63G, Chapter 2, Government Records Access and Management Act.
476 (c) The chief information officer shall provide a copy of the security procedure as a
477 protected record to:
478 (i) the chief justice of the Utah Supreme Court for the judicial branch;
479 (ii) the speaker of the House of Representatives and the president of the Senate for the
480 legislative branch;
481 (iii) the chair of the Board of Regents; and
482 (iv) the chair of the State Board of Education.
483 Section 9. Section 63F-1-207 is amended to read:
484 63F-1-207. Coordination within the executive branch -- Cooperation with other
486 (1) In accordance with the executive branch strategic plan and the requirements of this
487 title, the chief information officer shall coordinate the development of information technology
488 systems between two or more executive branch agencies subject to:
489 (a) the budget approved by the Legislature; and
490 (b) Title 63J, Chapter 1, Budgetary Procedures Act.
491 (2) In addition to the coordination described in Subsection (1), the chief information
492 officer shall promote cooperation regarding information technology [
494 branches of state government.
495 Section 10. Section 63F-1-208 is amended to read:
496 63F-1-208. Delegation of department functions.
497 (1) (a) If the conditions of Subsections (1)(b) and (2) are met and subject to the other
498 provisions of this section, the chief information officer may delegate a function of the
499 department to another executive branch agency or an institution of higher education by contract
500 or other means authorized by law.
501 (b) The chief information officer may delegate a function of the department as
502 provided in Subsection (1)(a) if in the judgment of the director of the executive branch agency[
504 (i) the executive branch agency or institution of higher education has requested that the
505 function be delegated;
506 (ii) the executive branch agency or institution of higher education has the necessary
507 resources and skills to perform or control the function to be delegated; and
508 (iii) the function to be delegated is a unique or [
509 function of the agency or institution of higher education [
512 (2) The chief information officer may delegate a function of the department only when
513 the delegation results in net cost savings or improved service delivery to the state as a whole or
514 to the unique mission critical function of the executive branch agency.
515 (3) The delegation of a function under this section shall:
516 (a) be in writing;
517 (b) contain all of the following:
518 (i) a precise definition of each function to be delegated;
519 (ii) a clear description of the standards to be met in performing each function
521 (iii) a provision for periodic administrative audits by the [
523 (iv) a date on which the agreement shall terminate if the agreement has not been
524 previously terminated or renewed; and
525 (v) any delegation of department staff to the agency to support the function in-house
526 with the agency and rates to be charged for the delegated staff; and
527 (c) include a cost-benefit analysis justifying the delegation [
529 (4) An agreement to delegate functions to an executive branch agency or an institution
530 of higher education may be terminated by the department if the results of an administrative
531 audit conducted by the [
532 agreement by the executive branch agency or institution of higher education.
533 Section 11. Section 63F-1-209 is amended to read:
534 63F-1-209. Delegation of department staff to executive branch agencies --
535 Prohibition against executive branch agency information technology staff.
536 (1) (a) The chief information officer shall assign department staff to serve an agency
537 in-house if the chief information officer and the executive branch agency director jointly
538 determine it is appropriate to provide information technology services to:
539 (i) the agency's unique [
540 (ii) the agency's participation in and use of statewide enterprise architecture [
542 (iii) the agency's use of coordinated technology services with other agencies that share
543 similar characteristics with the agency [
544 (b) (i) An agency may request the chief information officer to assign in-house staff
545 support from the department.
546 (ii) The chief information officer shall respond to the agency's request for in-house
547 staff support in accordance with Subsection (1)(a).
548 (c) The department shall enter into service agreements with an agency when
549 department staff is assigned in-house to the agency under the provisions of this section.
550 (d) An agency that receives in-house staff support assigned from the department under
551 the provision of this section is responsible for paying the rates charged by the department for
552 that staff as established under Section 63F-1-301.
553 (2) (a) [
554 equivalent position or part-time position, or request an appropriation to fund a full-time
555 equivalent position or part-time position under the provisions of Section 63J-1-201 for the
556 purpose of providing information technology services to the agency unless:
557 (i) the chief information officer has approved a delegation under Section 63F-1-208;
559 (ii) the [
560 63F-1-604 and finds that the delegation of information technology services to the agency meets
561 the requirements of Section 63F-1-208.
562 (b) The prohibition against a request for appropriation under Subsection (2)(a) does not
563 apply to a request for appropriation needed to pay rates imposed under Subsection (1)(d).
564 Section 12. Section 63F-1-210 is amended to read:
565 63F-1-210. Accessibility standards for executive branch agency information
567 (1) The chief information officer shall establish, by rule made in accordance with Title
568 63G, Chapter 3, Utah Administrative Rulemaking Act:
569 (a) minimum standards for accessibility of executive branch agency information
570 technology by an individual with a disability that:
571 (i) include accessibility criteria for:
572 (A) agency websites;
573 (B) hardware and software procured by an executive branch agency; and
574 (C) information systems used by executive branch agency employees; [
575 (ii) include a protocol to evaluate the standards via testing by individuals with a variety
576 of access limitations; and
577 (iii) are, at minimum, consistent with the most recent Web Content Accessibility
578 guidelines published by the World Wide Web Consortium; and
579 (b) grievance procedures for an individual with a disability who is unable to access
580 executive branch agency information technology, including:
581 (i) a process for an individual with a disability to report the access issue to the chief
582 information officer; and
583 (ii) a mechanism through which the chief information officer can respond to the
586 (2) The chief information officer shall update the standards described in Subsection
587 (1)(a) at least every three years to reflect advances in technology.
588 Section 13. Section 63F-1-211 is enacted to read:
589 63F-1-211. Chief information security officer.
590 (1) The chief information officer shall appoint a chief information security officer.
591 (2) The chief information security officer described in Subsection (1) shall:
592 (a) assess cybersecurity risks;
593 (b) coordinate with executive branch agencies to assess the sensitivity of information;
595 (c) manage cybersecurity support for the department and executive branch agencies.
596 Section 14. Section 63F-1-212 is enacted to read:
597 63F-1-212. Report to the Legislature.
598 The department shall, before November 1 of each year, report to the Public Utilities,
599 Energy, and Technology Interim Committee on:
600 (1) performance measures that the department uses to assess the department's
601 effectiveness in performing the department's duties under this chapter; and
602 (2) the department's performance, evaluated in accordance with the performance
603 measures described in Subsection (1).
604 Section 15. Section 63F-1-401 is repealed and reenacted to read:
606 63F-1-401. Title.
607 This part is known as "Enterprise Technology."
608 Section 16. Section 63F-1-403 is repealed and reenacted to read:
609 63F-1-403. Enterprise technology -- Chief information officer manages.
610 The chief information officer shall manage the department's duties related to enterprise
612 Section 17. Section 63F-1-404 is amended to read:
613 63F-1-404. Duties of the department -- Enterprise technology.
614 The [
615 (1) develop and implement an effective enterprise architecture governance model for
616 the executive branch;
617 (2) provide oversight of information technology projects that impact statewide
618 information technology services, assets, or functions of state government to:
619 (a) control costs;
620 (b) ensure business value to a project;
621 (c) maximize resources;
622 (d) ensure the uniform application of best practices; and
623 (e) avoid duplication of resources;
624 (3) develop a method of accountability to agencies for services provided by the
631 management of applications, standards, and procurement of enterprise architecture;
633 telecommunication systems;
635 (a) to executive branch agencies and subscribers to the services; and
636 (b) related to information technology or telecommunications;
638 (a) one or more executive branch agencies; or
639 (b) one or more entities that subscribe to the telecommunication systems in accordance
640 with Section 63F-1-303;
642 (a) state telecommunication users;
643 (b) executive branch agencies; and
644 (c) other subscribers to the state's telecommunication systems;
646 municipalities in the development, implementation, and maintenance of:
647 (a) (i) governmental information technology; or
648 (ii) governmental telecommunication systems; and
649 (b) (i) as part of a cooperative organization; or
650 (ii) through means other than a cooperative organization;
652 (a) one or more state data centers; and
653 (b) one or more regional computer centers;
655 mobile, or radio telecommunication systems that are used in the delivery of services for state
656 government or its political subdivisions; and
658 minimum standards to be used by the [
659 procedures, programming languages, codes, and media that facilitate the exchange of
660 information within and among telecommunication systems[
668 Section 18. Section 63F-1-501 is repealed and reenacted to read:
670 63F-1-501. Title.
671 This part is known as "Integrated Technology."
672 Section 19. Section 63F-1-502 is amended to read:
673 63F-1-502. Definitions.
674 As used in this part:
675 (1) "Center" means the Automated Geographic Reference Center created in Section
677 (2) "Database" means the State Geographic Information Database created in Section
682 integration and map production system that interrelates disparate layers of data to specific
683 geographic locations.
685 Section 63F-1-507.
687 network created in Section 63F-1-509.
688 Section 20. Section 63F-1-503 is repealed and reenacted to read:
689 63F-1-503. Integrated technology -- Chief information officer manages.
690 The chief information officer shall manage the department's duties related to integrated
692 Section 21. Section 63F-1-504 is amended to read:
693 63F-1-504. Duties of the department -- Integrated technology.
694 The [
695 (1) establish standards for the information technology needs of a collection of
696 executive branch agencies or programs that share common characteristics relative to the types
697 of stakeholders they serve, including:
698 (a) project management;
699 (b) application development; and
700 (c) procurement;
701 (2) provide oversight of information technology standards that impact multiple
702 executive branch agency information technology services, assets, or functions to:
703 (a) control costs;
704 (b) ensure business value to a project;
705 (c) maximize resources;
706 (d) ensure the uniform application of best practices; and
707 (e) avoid duplication of resources; and
731 Section 22. Section 63F-1-601 is repealed and reenacted to read:
733 63F-1-601. Title.
734 This part is known as "Agency Services."
735 Section 23. Section 63F-1-603 is repealed and reenacted to read:
736 63F-1-603. Agency services -- Chief information officer manages.
737 The chief information officer shall manage the department's duties related to agency
739 Section 24. Section 63F-1-604 is amended to read:
740 63F-1-604. Duties of the department -- Agency services.
741 The [
742 (1) be responsible for providing support to executive branch agencies for an agency's
743 information technology assets and functions that are unique to the executive branch agency and
744 are mission critical functions of the agency;
757 coordinating department services with agency needs; and
759 rule adopted by the chief information officer[
762 Section 25. Repealer.
763 This bill repeals:
764 Section 63F-1-602, Definitions.
Legislative Review Note
Office of Legislative Research and General Counsel