Bill Text: TX HB3217 | 2023-2024 | 88th Legislature | Introduced
Bill Title: Relating to a biennial audit by the Department of Information Resources of state agency information technology infrastructure.
Spectrum: Partisan Bill (Republican 1-0)
Status: (Introduced - Dead) 2023-03-15 - Referred to State Affairs [HB3217 Detail]
Download: Texas-2023-HB3217-Introduced.html
88R12618 CXP-D | ||
By: Lujan | H.B. No. 3217 |
|
||
|
||
relating to a biennial audit by the Department of Information | ||
Resources of state agency information technology infrastructure. | ||
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
SECTION 1. The heading to Section 2054.068, Government | ||
Code, is amended to read as follows: | ||
Sec. 2054.068. INFORMATION TECHNOLOGY INFRASTRUCTURE AUDIT | ||
AND REPORT. | ||
SECTION 2. Sections 2054.068(b), (c), (d), and (e), | ||
Government Code, are amended to read as follows: | ||
(b) The department shall conduct a biennial audit of | ||
[ |
||
condition of each state [ |
||
infrastructure, including a review of [ |
||
(1) the agency's: | ||
(A) information security program, including any | ||
information technology security measures used by the agency; | ||
(B) hardware, including [ |
||
agency's servers, mainframes, cloud services, and other | ||
information technology equipment; | ||
(C) [ |
||
and manage the agency's information technology infrastructure; | ||
(D) software and licenses, including: | ||
(i) purchase date and cost; | ||
(ii) license length; | ||
(iii) date of last use; and | ||
(iv) the purpose of the software or | ||
license; | ||
(E) information technology governance policies; | ||
(F) cloud services; | ||
(G) vendor-managed services; | ||
(H) support services and the cost of those | ||
services; | ||
(I) network systems; | ||
(J) digital data storage systems and security | ||
measures; | ||
(K) future information technology projects; and | ||
(L) information technology needs; | ||
(2) any information technology issues reported by the | ||
public; and | ||
(3) [ |
||
(c) A state agency shall provide to the department: | ||
(1) [ |
||
described [ |
||
according to a schedule determined by the department; and | ||
(2) access to the state agency's information | ||
technology infrastructure. | ||
(d) Not later than December 1 [ |
||
even-numbered year, the department shall submit to the governor, | ||
chair of the house appropriations committee, chair of the senate | ||
finance committee, speaker of the house of representatives, | ||
lieutenant governor, and staff of the Legislative Budget Board a | ||
consolidated report on the audits conducted [ |
||
(e) The consolidated report required by Subsection (d) must | ||
include: | ||
(1) [ |
||
agency's security and operational risks; [ |
||
(2) for a state agency found to be at higher security | ||
and operational risks, [ |
||
efforts to address the risks and related vulnerabilities; | ||
(3) the information submitted by state agencies under | ||
Subsection (c); | ||
(4) the department's recommendations relating to the | ||
state agency's information technology infrastructure; and | ||
(5) a ranking of each state agency based on the | ||
efficacy and ease of use of the agency's information technology | ||
infrastructure. | ||
SECTION 3. This Act takes effect September 1, 2023. |