Bill Text: DE SB153 | 2019-2020 | 150th General Assembly | Engrossed


Bill Title: An Act To Amend Title 29 Of The Delaware Code Relating To The Department Of Technology And Information To Establish A Statewide Shared Technology Services Model To Facilitate Digital Government For Citizens, Increase Efficiency, And Control Security Risks.

Spectrum: Partisan Bill (Democrat 3-0)

Status: (Passed) 2019-08-05 - Signed by Governor [SB153 Detail]

Download: Delaware-2019-SB153-Engrossed.html

SPONSOR:

Sen. Poore & Rep. Griffith

DELAWARE STATE SENATE

150th GENERAL ASSEMBLY

SENATE BILL NO. 153

AS AMENDED BY

SENATE AMENDMENT NO. 1

AN ACT TO AMEND TITLE 29 OF THE DELAWARE CODE RELATING TO THE DEPARTMENT OF TECHNOLOGY AND INFORMATION TO ESTABLISH A STATEWIDE SHARED TECHNOLOGY SERVICES MODEL TO FACILITATE DIGITAL GOVERNMENT FOR CITIZENS, INCREASE EFFICIENCY, AND CONTROL SECURITY RISKS.

BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF DELAWARE:

Section 1. Amend Chapter 90C, Title 29 of the Delaware Code by making deletions as shown by strike through and insertions as shown by underline as follows and by redesignating accordingly:

§ 9001C Intent and purpose.

The General Assembly finds and declares that the way it manages information technology will play a strong role in determining the future success of the State. Information technology resources in state government are valuable strategic assets belonging to the citizens of Delaware and must be managed accordingly. The development and implementation of a single, common, statewide technology direction is fundamental to every aspect of state government including strengthening economic development, expanding education opportunities and providing the most efficient delivery of services to the citizens of Delaware. The General Assembly further finds and declares that the creation of a new Department will best support the State in this endeavor to unify its technology strategy while identifying those solutions which will best improve service delivery to the citizens of Delaware. The General Assembly further finds and declares there is a critical role of information and information systems in the provision of life, health, safety, and other crucial services to the citizens of the State of Delaware and there is a need to mitigate the risk posed to these services due to ever-evolving cybersecurity threats.

§ 9002C Establishment of the Department of Technology and Information.

A Department of Technology and Information is established to replace the Office of Information Services within the Executive Department, and shall have the powers, duties and functions vested in the Department by this chapter.

§ 9003C Definitions.

For the purposes of this chapter:

(1) “Agency” or “state agency” includes every board, department, bureau, commission, person or group of persons or other authority created and now existing or hereafter to be created to execute, supervise, control or administer governmental functions under the laws of this State or to perform such other duties as may be prescribed or to whom any moneys are appropriated under any budget appropriation act or supplemental appropriation act or any other act which authorizes and requires any department to collect or use any taxes, fees, licenses, permits or other receipts for services or otherwise for the performance of any function of or related to or supported in whole or in part by the laws of this State, or created to administer any laws providing for the collection of taxes, fees, permits, licenses or other forms of receipts from any sources whatsoever for the use of the State or any agency of the State. “Agency” or “state agency” does not include the legislative and judicial branches of state government, any non-Executive branch agencies of the government, or any university, or local education agencies.

(1) (2) “CIO” means Chief Information Officer of the State.

(2) (3) “Council” means Technology Investment Council.

(3) (4) “Department” means the Department of Technology and Information.

(4) (5) “State” means State of Delaware.

(5) (6) "Technology" means computing and telecommunications systems, their supporting infrastructure and interconnectivity used to acquire, transport, process, analyze, store and disseminate information or data electronically . The term "technology" includes systems and equipment associated with e-government and Internet initiatives. the following resources and initiatives used to acquire, transport, process, analyze, store and disseminate information or data electronically:

a.D ata centers, infrastructure, hardware, technology project management, telecommunications and networking, software applications, service desk, information security, data management, and database administration; and

b. Digital government and online initiatives.

§ 9004C General powers, duties and functions of the Department.

The Department, with the approval of the CIO, may enter into contracts with private entities to perform any of its enumerated duties that can be more efficiently performed in such manner. In addition, the Department of Technology and Information shall have the following powers, duties and functions:

(2)  Implement Create , implement, and enforce statewide and interagency agency technology solutions, policies, standards and guidelines , including as recommended by the Technology Investment Council on an ongoing basis and the CIO , including, but not limited to, statewide technology and information architectures, statewide information technology plans, development life cycle methodologies, transport facilities, communications protocols, data and information sharing considerations, the technique of obtaining grants involving the State's informational resources and the overall coordination of information technology efforts undertaken by and between the various State agencies ;

(4) Provide technical support and assistance to maintain control programs for computer operations, program development, telecommunications network operation and data base management;

(5 ) (4) Evaluate the performance of technology systems and equipment;

(6) (5) Provide analytical and programming support to maintain and upgrade existing technology systems, applications and programs;

(7) (6) Provide facilities management of certain informational technology facilities ; ., including certain office-support informational centers;

(8) Make studies of (7) Research all facets of data/voice/image processing, word processing, computer and computer-related telecommunications, voice and radio telecommunications in state government, and technology systems that may have been or will be installed or are proposed to be installed, and all matters pertaining thereto, including: (a) potential technology solutions of or with private entities; and (b) review of systems and equipment installed or to be installed or of changes or additions in or to equipment in any or all of the various state agencies, regardless of size or of the method or source of funding;

(9)  (8) Responsibility for the development and coordination of Develop and coordinate new technology based management or productivity improvement programs, along with the responsibility to initiatives and establish statewide information systems and technology priorities for purposes of budgetary funding reviews by the Director of the Office of Management and Budget;

(10)  (9) Promote cooperation between the several all state agencies, departments and institutions in order that work may be done by one agency for another agency and equipment and/or technical personnel in one agency may be made available to another agency, and promote such improvements as may be necessary in joint or cooperative data processing technology operations. The Chief Information Officer is authorized to purchase, lease or rent data processing technology and related equipment in the name of the Department of Technology and Information and to operate the equipment in providing services to 1 or more any or all state agencies departments and institutions . When, in the opinion of the Chief Information Officer, better and more efficient data processing technology services can be performed, the Department may enter into lease or purchase agreements in the acquiring or the use of any data processing technology equipment and use such equipment in a consolidated or cooperative program centralized statewide approach . When the Department acts as a cooperative or consolidated data processing operating agency in a centralized statewide approach , the cost of the operation shall be prorated among the state agencies utilizing the data processing benefiting from those services provided thereby. The Chief Information Officer shall decide on the number of data processing centers, including the size of each, and shall be empowered to pick the site or sites for the centers and the controlling agency. Any consolidated or cooperative plan approved by the Chief Information Officer shall be given effect;

(11)  Any consolidated or cooperative plan approved by the Chief Information Officer shall be given effect. The Technology Investment Council shall adjudicate disputes in all matters pertaining to the division of cost of data processing operations among the several all state agencies, and shall resolve differences with respect to data sharing and access privileges among and between using/owning agencies.

(10) The Department of Technology and Information shall maintain as a paramount consideration the successful internal organization and duties of the several all state agencies so that efficiency existing in the agencies shall not be adversely affected or impaired by the decisions that are made;

(12) (11) Provide consulting services to client all agencies including, but not limited to, information technology planning, program budget planning for information technology initiatives, expertise in systems development life cycle methods, and access to technical information on emerging technologies;

(13) (12) Provide staff support to the Technology Investment Council;

(14) (13) Perform policies and procedures as directed by the CIO; and

(15) (14) Develop an acceptable use policy for e-mail communications for every state executive branch agency ; .

§ 9005C Communications powers, duties and functions.

(a) To provide for the development of an efficient and reliable communications system for joint use by departments, agencies and subdivisions of state government and effect maximum practical consolidation and joint use of existing and future communications facilities technology, equipment and services owned or used by the State and generally to obtain maximum practical economies by centralized coordination and budgetary control of all communications technology functions and activities of state government, the Department of Technology and Information shall:

(1) Approve and authorize all state government communications activities in accordance with this subchapter. The management control of and accountability for the use and operation of communications activities shall be a function of the using agency subject to the policies and intent of this subchapter. Expenditure of any funds, regardless of source, for unauthorized communications activities of any kind, by any agency, for any reason, or for communications activities not in compliance with the policies and intent of this subchapter shall be a violation of law punishable under the applicable statutes or regulations;

(2) (15) Develop, coordinate, publish and administer a comprehensive state communications technology plan which shall provide for the maximum practical consolidation centralization and joint use of existing and future communications systems, facilities technology , equipment and services by state government agencies ;

(3) (16) Develop, coordinate, publish and administer standards, policies and procedures for identifying, justifying and documenting communications technology requirements of state government agencies ;

(17) Establish and promulgate standards, policies, guidelines and procedures concerning the development, implementation, acquisition, and use of the State's technology assets;

(4) Develop, coordinate, publish and administer policies and procedures for the use of communications facilities and services by state government ;

(5) (18) Design, procure, install and maintain or, if appropriate, contract for the design, installation and maintenance of communications systems, facilities technology , equipment , and services for state government agencies in accordance with the determinations directed by this subchapter;

(6) Apply for, receive and hold, or, if appropriate, assist agencies in applying for, receiving and holding such authorizations, licenses, permits and allocations of channels and frequencies as are necessary to carry out the purpose of this subchapter;

(7) (19) Perform periodic audits of the communications facilities technology and activities of state agencies to ensure compliance with the policy and intent of this subchapter, and other applicable laws and regulations; and

(8) Perform such other duties in connection with the communications activities of the state government as may be directed by the Governor, or the General Assembly, or as may be required by existing or future state or federal statute.

(9) (20) Develop, coordinate, publish and administer policies and procedures for the submission of a communications statewide technology budget, which shall include all requirements of state government agencies , including identification of detailed business requirements by agency;

(10) (21) Require that all state government agencies having communications specific technology requirements related to business needs shall cooperate with and assist in the preparation of the communications statewide technology budget; and

(11) Provide for emergency or unplanned communications requirements by presenting a detailed program item in a supplemental budget request. Justification for the budget request shall be the responsibility of the agency having such emergency or unplanned requirements.

(b) In addition to those communications powers, duties and function enumerated above, the Department shall:

(1) Cause a statewide telecommunications plan to be created, implemented and maintained;

(2) Monitor and control the execution of said plan;

(3) Review and approve all agency plans, and shall advise the Chief Information Officer and the Director of the Office of Management and Budget regarding budget requests and acquisitions, involving any telecommunications resources and activities;

(4) Report on status to the Technology Investment Council, as is required;

(5) Provide technical assistance and consultation to state agencies with regard to meeting agency for telecommunications goods and services;

(6) Coordinate telecommunications plans and activities with related statewide information technology functions; and

(7) Establish and promulgate standards, policies, guidelines and procedures concerning the development, implementation, acquisition and use of the State's communications facilities and assets ; .

(22) Establish and coordinate a mechanism for a prorated chargeback process that aligns with the state’s annual budget process with the approval of the Director of the Office of Management and Budget and Controller General. The chargeback rate will cover all centralized technology services statewide;

(23) Assign an agency “technology coordinator” to each state agency. It is the intent of this subsection that such technology coordinators will act as the primary points of contact for appropriate communications between the Department and the state agencies, the State General Assembly, the State Judiciary, the State Department of Elections, the State Board of Education, the Office of the State Public Defender, the State Attorney General, the State Treasurer, the Auditor of Accounts, other elective offices, and the school districts; and

(24) Perform such other duties in connection with the technology activities of the state government as may be directed by the Governor, or the General Assembly, or as may be required by existing or future state or federal statute.

§ 9006C § 9005C Requirements for agency technology projects.

(a) Within guidelines established by the Department of Technology and Information, no new technology project may be initiated by any department or agency unless covered by a formal project plan approved by the Department or and agency head. Such plan will be in the form prescribed by the Chief Information Officer, but shall include in any case:

(2) Total cost of system development and conversion effort including, but not limited to, systems analysis and programming costs, process reengineering, establishment of master files, testing, documentation, special equipment costs and all other costs, including full overhead;

(5) Source of funding of the work, including ongoing costs and staffing resources ;

(9)  Whether or not work is within scope of projects or initiatives envisioned when the current fiscal year budget was approved. End user and staff training as needed .

(b) No project is to be undertaken which is beyond the scope of work funded by the General Fund or a special fund. This paragraph applies to all telecommunications or computer or computer-related systems development technology performed by the Department of Technology and Information, a department or agency itself an agency , or an outside contractor, and also applies to new technology programs or systems purchased or otherwise acquired and placed in use.

(c) All projects are to be signed authorized by the Chief Information Officer and the concerned department or agency head, or their designees, before work is begun, except such relatively minor feasibility work required to prepare the project. Copies of all projects are to be provided to the Controller General and the Director of the Office of Management and Budget, who shall ensure that the Department of Technology and Information is included in reviews of agency information systems and technology tactical plans and technology budget requests. Within constraints established by the Director of the Office of Management and Budget and the Controller General, the Department of Technology and

Information will provide an analysis of the technical feasibility, consistent with statewide technology strategy, and completeness and reasonableness of projected costs to develop and operate all agency projects submitted through the annual budget process. In support of all projects executed between the Department of Technology and Information and the concerned department or agency, the Department of Technology and Information shall provide or maintain staff support to the benefiting department or agency at the projected level of effort until the project work has been accomplished .

§ 9007C § 9006C Chief Information Officer.

(a) The Administrator of the Department shall be the State's Chief Information Officer CIO . The CIO shall be appointed by the Governor, with the advice and consent of the Senate, shall serve at the pleasure of the Governor, and receive a salary to be determined by the Governor and specified in the annual Operating Budget.

§ 9008C § 9007C Powers, duties and functions of the CIO.

The following shall be the responsibilities and functions of the CIO:

(14) Coordinate the activities of the Department of Technology and Information with those of other State departments and state agencies concerned with the services provided; and

§ 9009C § 9008C Budgeting and financing.

The Chief Information Officer, in compliance with § 9008C(13) 9007C(13) of this title, in cooperation with the internal program managers and office administrators, shall prepare a proposed budget for the operation of the Department of Technology and Information to be submitted for the consideration of the Director of the Office of Management and Budget, the Governor and the General Assembly. The Department of Technology and Information shall be operated within the limitation of the annual appropriation and any other funds appropriated by the General Assembly.

§ 9009C State Information Security Requirements

The Department of Technology and Information shall have the power to:

(1) Develop and implement a comprehensive information security program that applies personnel, process, and technology controls to protect the State’s data, systems, and infrastructure, within the State’s computing environment and on partner systems. All systems that connect to the State network shall comply with the State Information Security Program;

(2) Identify and address information security risks to each State agency, to third-party providers, and to key supply chain partners, including an assessment of the extent to which information resources, processes, or technologies are vulnerable to unauthorized access or harm, including the extent to which the entity’s electronically stored information is vulnerable to unauthorized access, use, disclosure, disruption, modification, or destruction, and direct risk mitigation strategies, methods, and procedures to reduce those risks;

(3) Establish a central Security Operations Center (SOC) to direct statewide cyber defense and cyber threat mitigation. The SOC responsibilities shall include generating, collecting and analyzing security activity information to effectively identify and respond to cyber-attacks against the State;

(4) Implement technical compliance to State-owned technology as required by law. The Department may also implement technical compliance to State-owned technology that is recommended by private industry standards. The Department shall have the full cooperation of state agencies in identifying compliance requirements or industry standards; and

(5) Temporarily disrupt the exposure of an information system or information technology infrastructure that is owned, leased, outsourced, or shared by one or more state agencies in order to isolate the source of, or stop the spread of, an information security breach or other similar information security incident.

§ 9010C Exemptions from the merit system.

(b) The CIO, with the advice of the Secretary of the Department of Human Resources, shall create a compensation plan. Implementation of said plan shall be contingent upon approval by the Director of the Office of Management and Budget and Controller General. Any proposed compensation plan within the Department of Technology and Information should be unique to information technology employees working at the Department and consider all factors including areas requiring specialized skill sets and other elements of providing a comprehensive technology service organization . consistent with the recommendations of the Information Services Task Force. Such a plan may include competency-based pay, pay-for-performance and other components necessary to recruit and retain highly qualified information technology professionals to the State.

§ 9011C Transitional provisions.

Repealed by 77 Del. Laws, c. 105, § 1, effective July 6, 2009.;

§ 9012C Information coordination.

To assist the Technology Investment Council in fulfilling its duties, each state agency shall name an individual to act as that agency's "information resource manager" or "coordinator." It is the intent of this section that such coordinators will act as the primary points of contact for appropriate communications between the Technology Investment Council and the agency. It is further intended that the State General Assembly, the State Judiciary, the State Department of Elections, the State Board of Education, the Office of the State Public Defender, the State Attorney General and other elective offices similarly assign such a coordinator.

§ 9013C § 9011C Technology Investment Council.

(a) There is hereby established a Technology Investment Council hereinafter referred to as the "Council". The Council shall consist of 9 members as follows: appointed by the Governor, as follows:

(1) The Chief Information Officer, who shall serve as Chair of the Council;

(2) The Chief Justice of the Supreme Court;

(3) The Controller General;

(4) The Secretary of Education Finance ;

(5) The Director of the Office of Management or and Budget; and

(6) 4 Cabinet level members appointed by the Governor.

(6) Five members selected to serve at the discretion of the Governor.

(b)  Designees may be recommended by members of the Council and shall be approved by the Governor. M embers serving by virtue of position may appoint their deputy or equivalent position to serve in their stead and at their pleasure.

(c) The Council may establish sub-committees as necessary to carry out business, responsibilities or assigned projects. Non-Committee members may participate in sub-committee meetings and work. The sub-committee members may reach out for assistance as needed to accomplish the assigned project.

§ 9014C § 9012C Duties of the Technology Investment Council.

The duties of the Council are as follows:

(2)  By October 1, 2001, and each By October 1 thereafter of each year , the Council shall provide the Governor and the Director of the Office of Management and Budget with a statewide technology plan. The plan shall discuss the State's overall technology needs over a multi-year period and the potential budgetary implications of meeting those needs.

(6) Develop minimum technical standards, guidelines, and architectures as required for state technology projects.

(7) (6) Identify opportunities to leverage expertise in strategically important areas of information technology by partnering with private sector entities. Such opportunities shall be clearly set forth in the statewide technology plan called for in paragraph (2) of this section.

§ 9015C § 9013C Misnomer of Department.

§ 9016C § 9014C Supremacy.

§ 9015C State Agency Technology Procurement and Management

(a) The Department shall establish statewide technology standards for use in the procurement process. Further, if the Department has entered into a statewide contract for technology services or resources, then that contract is mandatory use for state agencies.

(b) The Department of Technology and Information shall have the full cooperation of state agencies in developing and implementing the sharing of data and information throughout the Executive Branch.

(c) The Department of Technology and Information shall enter into and develop service level agreements necessary to ensure that the state agencies have full access to secure, reliable, and efficient technology services.

§ 9016C Reallocation of Technology Personnel and Equipment from Executive Branch Agencies

(a) All employees in Executive Branch Agencies who are currently engaged in the exercise and performance of the powers, duties, and functions, as defined in this title and who are determined by the CIO to be necessary for the exercise and performance of the powers, duties, and functions as defined in this title are hereby reallocated to the Department. In addition, all Executive Branch Agency employees who are determined by the CIO to have been engaged in providing necessary administrative, technical, or other support functions as defined in this title are hereby reallocated to the Department. In order to facilitate this reallocation, all Executive Branch Agencies shall work in cooperation with the CIO, the Secretary of the Department of Human Resources, and the Director of the Office of Management and Budget to develop a detailed plan of implementation to reallocate and centralize all agency employees referenced in this Section to the Department. This plan shall include but not be limited to any budgetary, operational, and regulatory changes necessary to implement such a centralization as well as service level agreements with state agencies to ensure continued operations.

(b) All technology equipment in Executive Branch Agencies that is currently engaged in the exercise and performance of the powers, duties, and functions, as defined in this title and that is determined by the CIO to be necessary for the exercise and performance of the powers, duties, and functions as defined in this title are hereby reallocated to the Department. In order to facilitate this reallocation, all Executive Branch Agencies shall work in cooperation with the CIO and the Director of the Office of Management and Budget to develop a detailed plan of implementation to reallocate and centralize all Executive Branch Agencies equipment referenced in this Section to the Department. This plan shall include but not be limited to any budgetary, operational, and regulatory changes necessary to implement such a centralization as well as service level agreements with state agencies to ensure continued operations.

Section 2. § 9016C of this Act expires 3 years after its enactment into law, unless otherwise provided by a subsequent act of the General Assembly.

feedback