In the near future, I intend to introduce legislation to create in statute the Office of Information Technology under the Office of Administration and consolidate all of the executive branch’s information technology (IT) services, funding and oversight into this single office. Pennsylvania has plenty of examples of our aging, inadequate, and costly IT infrastructure. For instance, the Department of Revenue received funds specifically for IT modernization over the past 18 years. Despite this dedicated fund, the Department of Revenue is constantly in need of new funds for IT upgrades. And most recently, an audit of Pennsylvania’s Unemployment Compensation Call Centers revealed the state mismanaged hundreds of millions of taxpayer dollars in the effort to upgrade their system. The system has still not been upgraded. Unfortunately, this problem transcends individual state departments and administrations to encapsulate all of state government. In order to address this problem, my proposal will codify the Office of Information created by Governor Wolf under Executive Order E0 2016-6. This legislation mirrors the executive order by providing the newly established office with broad necessary powers to consolidate and oversee all IT systems and contracts within the executive branch. These powers include: - Consolidation of all IT functions, powers, duties, infrastructure and support services in state agencies under the Governor’s jurisdiction
- Assist in the development and review the strategic plans of state agencies for handling IT
- Identify and make recommendations on which services are common and can be shared throughout state government
- Supervise and manage the procurement of all IT services
- Serve as the liaison between state agencies and IT contractors
- Establish standards and policies for IT procurement and cybersecurity
- Establish and maintain a comprehensive IT Portal for all state agencies
- Oversee and manage all state agency contracts regarding IT
The Office of Information Technology would be administered by the Director, who will be given broad powers concerning the state’s IT infrastructure including:
- Develop a schedule for replacement or modification of IT systems
- Require and reviewing IT reports from each state agency
- Establish standards adopted by the office for IT projects and IT standards
- Develop biennial strategic plan for handling state government IT needs
- Oversee and ensure each state agency has an updated disaster recovery plans for IT
Additionally, the director will have the power to approve or deny IT contracts based on the money available for the project and the department’s current IT capabilities. Further, the director may suspend any IT project that does not meet the Office’s standards for quality or has exceeded the estimated cost. To improve financial oversight of IT projects and capabilities, my proposal requires annual reports and a bi-annual IT plan to be submitted to the General Assembly. Finally, as cyber-attacks become more prevalent, the bill requires numerous steps to be taken to improve our overall cyber security including: - Requires all state agencies to adopt new cybersecurity standards created by the director which must, at least, match industry best practices
- Requires the director to develop a two-year schedule to test cyber security capabilities – these tests would be performed by an independent, outside organization.
- Establishes a new committee on cybersecurity to meet quarterly to be updated on emerging threats and will issue an annual report which will include policy recommendations
- The committee will be comprised of members of the House and Senate and their IT staffs, members of the administration, state row officers and the Administrative Office of the Pennsylvania Courts and their IT staff
Please join me and co-sponsor this comprehensive measure to consolidate and improve the Commonwealth’s IT procurement and oversight while also improving our cybersecurity. Should you have any questions, please contact Stephanie Buchanan at sbuchanan@pasen.gov. |