Bill Text: TX HB3217 | 2023-2024 | 88th Legislature | Introduced
Bill Title: Relating to a biennial audit by the Department of Information Resources of state agency information technology infrastructure.
Spectrum: Partisan Bill (Republican 1-0)
Status: (Introduced - Dead) 2023-03-15 - Referred to State Affairs [HB3217 Detail]
Download: Texas-2023-HB3217-Introduced.html
| 88R12618 CXP-D | ||
| By: Lujan | H.B. No. 3217 | |
|
|
||
|
|
||
| relating to a biennial audit by the Department of Information | ||
| Resources of state agency information technology infrastructure. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. The heading to Section 2054.068, Government | ||
| Code, is amended to read as follows: | ||
| Sec. 2054.068. INFORMATION TECHNOLOGY INFRASTRUCTURE AUDIT | ||
| AND REPORT. | ||
| SECTION 2. Sections 2054.068(b), (c), (d), and (e), | ||
| Government Code, are amended to read as follows: | ||
| (b) The department shall conduct a biennial audit of | ||
| [ |
||
| condition of each state [ |
||
| infrastructure, including a review of [ |
||
| (1) the agency's: | ||
| (A) information security program, including any | ||
| information technology security measures used by the agency; | ||
| (B) hardware, including [ |
||
| agency's servers, mainframes, cloud services, and other | ||
| information technology equipment; | ||
| (C) [ |
||
| and manage the agency's information technology infrastructure; | ||
| (D) software and licenses, including: | ||
| (i) purchase date and cost; | ||
| (ii) license length; | ||
| (iii) date of last use; and | ||
| (iv) the purpose of the software or | ||
| license; | ||
| (E) information technology governance policies; | ||
| (F) cloud services; | ||
| (G) vendor-managed services; | ||
| (H) support services and the cost of those | ||
| services; | ||
| (I) network systems; | ||
| (J) digital data storage systems and security | ||
| measures; | ||
| (K) future information technology projects; and | ||
| (L) information technology needs; | ||
| (2) any information technology issues reported by the | ||
| public; and | ||
| (3) [ |
||
| (c) A state agency shall provide to the department: | ||
| (1) [ |
||
| described [ |
||
| according to a schedule determined by the department; and | ||
| (2) access to the state agency's information | ||
| technology infrastructure. | ||
| (d) Not later than December 1 [ |
||
| even-numbered year, the department shall submit to the governor, | ||
| chair of the house appropriations committee, chair of the senate | ||
| finance committee, speaker of the house of representatives, | ||
| lieutenant governor, and staff of the Legislative Budget Board a | ||
| consolidated report on the audits conducted [ |
||
| (e) The consolidated report required by Subsection (d) must | ||
| include: | ||
| (1) [ |
||
| agency's security and operational risks; [ |
||
| (2) for a state agency found to be at higher security | ||
| and operational risks, [ |
||
| efforts to address the risks and related vulnerabilities; | ||
| (3) the information submitted by state agencies under | ||
| Subsection (c); | ||
| (4) the department's recommendations relating to the | ||
| state agency's information technology infrastructure; and | ||
| (5) a ranking of each state agency based on the | ||
| efficacy and ease of use of the agency's information technology | ||
| infrastructure. | ||
| SECTION 3. This Act takes effect September 1, 2023. | ||
