See other bills
under the
same topic
PRIOR PRINTER'S NO. 19
PRINTER'S NO. 280
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE BILL
No.
40
Session of
2021
INTRODUCED BY GROVE, RYAN, THOMAS, SAYLOR, MOUL, GAYDOS AND
GLEIM, JANUARY 11, 2021
AS REPORTED FROM COMMITTEE ON STATE GOVERNMENT, HOUSE OF
REPRESENTATIVES, AS AMENDED, JANUARY 27, 2021
AN ACT
Amending Title 71 (State Government) of the Pennsylvania
Consolidated Statutes, in boards and offices, providing for
information technology; establishing the Office of
Information Technology and the Information Technology Fund;
providing for administrative and procurement procedures and
for the Joint Cybersecurity Oversight Committee; and imposing
penalties.
AMENDING TITLE 71 (STATE GOVERNMENT) OF THE PENNSYLVANIA
CONSOLIDATED STATUTES, IN BOARDS AND OFFICES, PROVIDING FOR
INFORMATION TECHNOLOGY; ESTABLISHING THE OFFICE OF
INFORMATION TECHNOLOGY AND THE INFORMATION TECHNOLOGY FUND;
PROVIDING FOR ADMINISTRATIVE AND PROCUREMENT PROCEDURES AND
FOR THE JOINT CYBERSECURITY OVERSIGHT COMMITTEE; IMPOSING
DUTIES ON THE OFFICE OF INFORMATION TECHNOLOGY; PROVIDING FOR
ADMINISTRATION OF PENNSYLVANIA STATEWIDE RADIO NETWORK AND
IMPOSING PENALTIES.
The General Assembly of the Commonwealth of Pennsylvania
hereby enacts as follows:
Section 1. Part V of Title 71 of the Pennsylvania
Consolidated Statutes is amended by adding a chapter to read:
CHAPTER 43
INFORMATION TECHNOLOGY
Subchapter
A. General Provisions
<--
<--
<--
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
B. Office of Information Technology
C. Procurement and Business Operations
D. Security
E. Enforcement and Penalties
SUBCHAPTER A
GENERAL PROVISIONS
Sec.
4301. Scope of chapter.
4302. Findings and declarations.
4303. Definitions.
§ 4301. Scope of chapter.
This chapter relates to administrative procedures and
procurement regarding information technology.
§ 4302. Findings and declarations.
The General Assembly finds and declares the following:
(1) The Commonwealth has struggled to keep information
technology costs under control.
(2) M any of the Commonwealth's information technology
contracts extend well beyond their anticipated date of
completion.
(3) The Commonwealth can begin to reduce information
technology costs by the consolidation of information
technology functions and resources within the executive
branch.
(4) Consolidation of information technology services
will not only reduce costs but create more efficient
information technology operations.
(5) By reforming the Commonwealth's outdated approach to
information technology, the Commonwealth can improve data and
analytic capabilities and improve cybersecurity.
20210HB0040PN0280 - 2 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(6) The improvement of operations will enhance taxpayer
satisfaction and make it easier for residents to navigate.
(7) Consolidation of information technology services
must be designed to improve accountability and transparency
to taxpayers and enhance the Commonwealth's data and
analytics capabilities.
§ 4303. Definitions.
The following words and phrases when used in this chapter
shall have the meanings given to them in this section unless the
context clearly indicates otherwise:
"Director." The administrative head of the office.
"Distributed information technology assets." Hardware,
software and communications equipment not classified as
traditional mainframe-based items, including, but not limited
to, personal computers, local area networks, servers, mobile
computers, peripheral equipment and other related hardware and
software items.
"Electronic bidding." The electronic solicitation and
receipt of offers to contract.
"Fund." The In formation Technology Fund established under
section 4316 (relating to Information Technology Fund).
"Independent agency." A board, commission, authority or
other agency of the Commonwealth that is not subject to the
policy supervision and control of the Governor. The term does
not include:
(1) a court or agency of the unified judicial system; or
(2) the General Assembly or an agency of the General
Assembly.
"Independent department." Any of the following:
(1) The Department of the Auditor General.
20210HB0040PN0280 - 3 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(2) The Treasury Department.
(3) The Office of Attorney General.
(4) A board or commission of an entity under paragraph
(1), (2) or (3).
"Information technology." Hardware, software and
telecommunications equipment, including, but not limited to, the
following:
(1) Personal computers.
(2) Servers.
(3) Mainframes.
(4) Wired or wireless wide and local area networks.
(5) Broadband.
(6) Mobile or portable computers.
(7) Peripheral equipment.
(8) Telephones.
(9) Wireless communications.
(10) Handheld devices.
(11) Public safety radio services.
(12) Facsimile machines.
(13) Technology facilities, including, but not limited
to, data centers, dedicated training facilities or switching
facilities.
(14) Electronic payment processing services.
(15) Other relevant hardware and software items or
personnel tasked with the planning, implementation or support
of technology, including hosting or vendor-managed service
solutions.
"Information technology security incident." A computer-based
activity, network-based activity or paper-based activity which
results directly or indirectly in misuse, damage, denial of
20210HB0040PN0280 - 4 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
service, compromise of integrity or loss of confidentiality of a
network, a computer, an application or data.
"Office." The Office of Information Technology established
under Subchapter B (relating to Office of Information
Technology).
"Reverse auction." A real-time purchasing process in which
vendors compete to provide goods or services at the lowest
selling price in an open and interactive electronic environment.
"Secretary." The Secretary of Administration.
"State agency." Any of the following:
(1) The Governor's Office.
(2) A department, board, commission, authority or other
agency of the Commonwealth that is subject to the policy
supervision and control of the Governor.
(3) The office of Lieutenant Governor.
(4) An independent agency.
SUBCHAPTER B
OFFICE OF INFORMATION TECHNOLOGY
Sec.
4311. Establishment of office.
4312. Duties of office.
4313. Transfer of duties.
4314. Director.
4315. Planning and financing information technology resources.
4316. Information Technology Fund.
4317. Financial accountability and information technology .
4318. Statewide electronic portal and annual report.
4319. Budget for information technology.
4320. Commonwealth portal.
4321. Information technology request.
20210HB0040PN0280 - 5 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
4322. Status of information technology projects and corrective
action plans.
§ 4311. Establishment of office.
The Office of Information Technology is established within
the Governor's Office of Administration.
§ 4312. Duties of office.
(a) Duties generally.--The office shall:
(1) Consolidate information technology functions,
powers, duties, obligations infrastructure and support
services vested in State agencies.
(2) Direct the management and operations of information
technology services for each State agency, including, but not
limited to, the following:
(i) The development of priorities and strategic
plans.
(ii) The management of information technology
investments, procurement and policy.
(iii) Oversight of each State agency to ensure
compliance with the provisions of this chapter.
(3) Recommend any changes to staffing or operations
regarding information technology.
(b) Specific duties.--As part of the general duties under
subsection (a), the office shall:
(1) Assist in developing annual information technology
strategic plans for each State agency that include
priorities, coordination and monitoring of resource use and
expenditures, performance review measures, procurement and
other governance and planning measures.
(2) Review and approve the information technology plans
for each State agency.
20210HB0040PN0280 - 6 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(3) Consult with the Governor's Office of the Budget on
budgetary matters regarding information technology planning
and procurement.
(4) Create an advisory structure to advise on matters
involving overall technology and data governance.
(5) Establish and maintain an information technology
portfolio management process for overall monitoring of
information technology program objectives, alignment with
priorities, budgets and expenditures.
(6) Identify common information technology business
functions within each State agency.
(7) Make recommendations for consolidation, integration
and investment.
(8) Facilitate the use of common technology, as
appropriate.
(9) Expand the use of project management methodologies
and principles on information technology projects, including
measures to review project delivery and quality.
(10) Ensure compliance by each State agency with
required business process reviews.
(11) Maintain a central procurement organization.
(12) Procure or supervise the procurement of all
information technology.
(13) Oversee information technology contract issues,
monitoring and compliance.
(14) Serve as a liaison between State agencies and
contracted information technology vendors.
(15) Align the appropriate technology and procurement
methods with the service strategy.
(16) E stablish an information technology architecture
20210HB0040PN0280 - 7 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
framework that governs information technology investments.
This architecture framework shall include the following, as
appropriate:
(i) The development of standards, policies,
processes and strategic technology roadmaps.
(ii) The performance of technical reviews and
capability assessments of services, technologies and
State agency systems.
(iii) The evaluation of requests for information
technology policy exceptions.
(17) Develop and implement efforts to standardize data
elements and determine data ownership assignments.
(18) Develop and maintain a comprehensive information
technology inventory.
(19) Monitor compliance with information technology
policy and standards through an architectural review process.
(20) Maintain and strengthen the Commonwealth's
cybersecurity posture through security governance.
(21) Develop security solutions, services and programs
to protect data and infrastructure.
(22) Identify and remediate security risks and maintain
citizen trust in securing computerized personal information.
(23) Implement programs, processes and solutions to
maintain cybersecurity situational awareness and effectively
respond to cybersecurity attacks and information technology
security incidents.
(24) Foster a culture of situational and risk awareness.
(25) Conduct evaluations and compliance audits of State
agency security infrastructure.
(26) Recommend and conduct the consolidation of State
20210HB0040PN0280 - 8 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
agency information technology services, including, but not
limited to, infrastructure, personnel, investments,
operations and support services.
(27) Establish and facilitate a process for the
identification, evaluation and optimization of information
technology shared services.
(28) Establish, maintain and communicate service level
agreements for shared services.
(29) Establish a process for:
(i) the development and implementation of
telecommunications policies, services and infrastructure;
and
(ii) reviewing and authorizing State agency requests
for enhanced services.
(30) Identify opportunities for convergence and
leveraging existing assets to reduce or eliminate duplicative
telecommunication networks.
(31) Establish and maintain an information technology
service management process library to govern the services
provided to each State agency.
(32) Establish a formal governance body to evaluate the
introduction of new information technology services and the
retiring of existing information technology services.
(33) Establish metrics to monitor the health of the
services provided and make appropriate corrections as
necessary.
(34) Establish information technology data management
and development policy frameworks for each State agency that
include policies, processes and standards that adhere to
commonly accepted principles for, among other things, data
20210HB0040PN0280 - 9 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
governance, data development and the quality, sourcing, use,
accessibility, content, ownership and licensing of open data.
(35) Create and maintain a comprehensive open data
portal for public accessibility.
(36) Provide guidance regarding the procurement of
supplies and services related to the subject matter of this
chapter.
(37) Facilitate communication with the public by
publishing open data plans and policies and by soliciting or
allowing for public input on the subject matter of this
chapter.
(38) Ensure the internal examination of Commonwealth
data sets for business, confidentiality, privacy and security
issues and the reasonable mitigation of those issues, prior
to the data's release for open data purposes.
(39) Develop and facilitate the engagement with private
and other public stakeholders, including, but not limited to,
arranging for and expediting data-sharing agreements and
encouraging and facilitating cooperation and substantive and
administrative efficiencies.
(40) Develop and facilitate data sharing and data
analytics.
(41) Oversee and manage the information technology
contracts of each State agency. The following shall apply:
(i) The office shall obtain, review and maintain, on
an ongoing basis, records of the appropriations,
allotments, expenditures and revenues of each State
agency for information technology.
(ii) The office shall not manage but shall
coordinate efforts as necessary and appropriate regarding
20210HB0040PN0280 - 10 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
the information technology contracts of an independent
department, the General Assembly and its agencies or the
agencies of the judicial branch.
§ 4313. Transfer of duties.
Upon the effective date of this section, information
technology functions, powers, duties, obligations and services
shall be transferred to and vested in the office. The following
shall apply:
(1) The c hief information officer of each State agency
shall:
(i) Report directly to the director.
(ii) Work within the chief information officer's
respective State agency on behalf of the office as an
employee of the office.
(2) The salary and costs related to the chief
information officer of each State agency shall be paid by the
chief information officer's respective State agency from
funds appropriated for general government operations.
(3) The following shall apply for an employee of a State
agency who handles or otherwise has responsibility for the
State agency's information technology services:
(i) Except as provided in subparagraph (ii), the
employee shall be transferred to the office as an
employee of the State agency and operate in the physical
location of the State agency, but the employee shall
report matters to the office and be supervised by the
office.
(ii) Subparagraph (i) shall not apply to an employee
who handles proprietary information technology programs.
The employee shall remain an employee of the State agency
20210HB0040PN0280 - 11 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
and shall coordinate with the office.
§ 4314. Director.
(a) Appointment and salary.--The secretary shall appoint the
director and set the salary of the director.
(b) Qualifications.--The director shall be qualified by
education and experience for the office.
(c) Duties.--In addition to other duties specified under
this chapter, the director shall:
(1) Manage the operations of the office.
(2) Develop and administer a comprehensive long-range
plan to ensure the proper management of the Commonwealth's
information technology resources.
(3) Set technical standards for information technology
and review and approve information technology projects and
budgets.
(4) Establish information technology security standards.
(5) Provide for the procurement of information
technology resources.
(6) Develop a schedule for the replacement or
modification of information technology systems.
(7) Require and review reports by each State agency
concerning information technology assets, systems, personnel
and projects and prescribe the form of the reports.
(8) Prescribe the manner in which information technology
assets, systems and personnel shall be provided and
distributed among State agencies.
(9) Prescribe the manner of inspecting or testing
information technology assets, systems or personnel to
determine compliance with information technology plans,
specifications and requirements.
20210HB0040PN0280 - 12 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(10) Hire personnel as necessary to perform the
functions of the office.
§ 4315. P lanning and financing information technology
resources.
(a) Development of policies.--The director shall develop
necessary policies for State agency information technology
planning and financing to achieve the purposes of this chapter.
(b) Development of plan.--
(1) T he director shall analyze the information
technology systems and develop a plan to ascertain the needs,
costs and time frame required for State agencies to
efficiently use information technology systems, resources,
security and data management to achieve the purposes of this
chapter. The plan may include current applications and
infrastructure, migration from current environments and other
information necessary for fiscal or technology planning.
(2) The director shall develop strategic plans for
information technology as necessary.
(c) Consultation and cooperation.--
(1) In determining whether a strategic plan is necessary
for a State agency, the director shall consider the State
agency's operational needs, functions and performance
capabilities.
(2) The director shall consult with and assist State
agencies in the preparation of plans under this subsection.
(3) Each State agency shall actively participate in
preparing, testing and implementing an information technology
plan as determined by the director. A State agency shall
provide all financial information to the director necessary
to determine full costs and expenditures for information
20210HB0040PN0280 - 13 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
technology assets, including resources provided by the State
agency or through contracts or grants.
(4) Each State agency shall prepare and submit plans as
required by the director.
(5) A plan by a State agency shall be submitted to the
director no later than October 1 of each even-numbered year.
(d) Biennial plan.--
(1) The director shall develop a biennial State
Information Technology Plan, which shall be transmitted to
the General Assembly in conjunction with the Governor's
budget submission that year.
(2) The biennial plan shall include:
(i) An inventory of current information technology
assets and major projects.
(ii) An inventory of significant unmet needs for
information technology resources over a five-year time
period, along with a ranking of the unmet needs in
priority order according to their urgency.
(iii) A statement of the financial requirements,
together with a recommended funding schedule for major
projects in progress or anticipated for approval during
the upcoming fiscal biennium.
(iv) An analysis of opportunities for Statewide
initiatives that would yield significant efficiencies or
improve effectiveness in State programs.
(3) As used in this subsection, the term "major project"
includes a project costing more than $500,000 to implement.
§ 4316. Information Technology Fund.
(a) Establishment.--An account is established in the General
Fund to be known as the Information Technology Fund.
20210HB0040PN0280 - 14 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(b) Receipt of money.--The fund may receive money for the
operations of the office and to fulfill the duties of the office
under this chapter by the following methods:
(1) The transfer of encumbered funds from each State
agency which were designated for information technology
purposes prior to the effective date of this section.
(2) Transfers as authorized by the General Assembly that
are not already provided for under this section.
(3) The transfer of a portion of a State agency's funds
regarding general government operations for information
technology employees.
(c) Use of fund money.--
(1) Subject to paragraph (2), the director shall approve
the disbursement of money from the fund, which shall be used
for the following purposes and other legitimate purposes:
(i) P roject management.
(ii) Security.
(iii) E-mail operations.
(iv) State portal operations.
(2) Expenditures made from the fund which involve money
appropriated from the General Fund shall be approved by the
director.
§ 4317. Financial accountability and information technology .
(a) Development of processes.--The office, along with the
Secretary of the Budget and the State Treasurer, shall develop
processes for budgeting and accounting of expenditures for
information technology operations, services, projects,
infrastructure and assets across all State agencies.
(b) Included information.--T he budgeting and accounting
processes under subsection (a) may include information regarding
20210HB0040PN0280 - 15 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
the following:
(1) Hardware.
(2) S oftware.
(3) Personnel.
(4) Training.
(5) Contractual services.
(6) Other items relevant to information technology.
(c) Reports.--By February 1 of each year, the director shall
also report to the General Assembly the following information:
(1) Services currently provided and associated
transaction volumes or other relevant indicators of
utilization by user type.
(2) New services added during the previous year.
(3) The total appropriation for each service.
(4) The total amount remitted to the vendor for each
service.
(5) Any other use of State data by the vendor and the
total amount of revenue collected per use and in total.
(6) User satisfaction with each service.
(7) Any other issues associated with the provision of
each service.
(d) Financial information.--The director shall, at a
minimum, include in the report under subsection (c) the
following financial information:
(1) Current budgetary balances for the fund and each
information technology project.
(2) Line-item details on expenditures.
(3) Anticipated expenditures for the next three years.
(4) The financial activities of the fund, including fund
expenditures, during the immediately prior fiscal year.
20210HB0040PN0280 - 16 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(e) Issuance.--In addition to the General Assembly, a report
under subsection (c) shall be submitted to the following:
(1) The Secretary of the Budget.
(2) The Independent Fiscal Office.
(3) The General Assembly.
§ 4318. Statewide electronic portal and annual report.
The office shall develop and operate a Statewide electronic
portal to increase the convenience of the public in conducting
online transactions with and obtaining information from State
government. The portal shall be designed to facilitate and
improve public interactions along with communications between
State agencies.
§ 4319. B udget for information technology.
The office, along with the Secretary of the Budget, shall
develop and implement a plan to manage all information
technology funding, including State and other receipts, as soon
as practicable. As part of the plan and implementation, the
following shall apply:
(1) F unding for information technology resources,
projects and contracts shall be appropriated to and managed
by the office.
(2) Funding for the office's information technology
shared services and approved contracts shall remain with the
State agencies.
(3) Information technology budget codes and fund codes
shall be created as required.
§ 4320. Commonwealth portal.
Each State agency shall functionally link its Internet or
electronic services to a centralized web portal system
established under this chapter.
20210HB0040PN0280 - 17 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
§ 4321. Information technology request.
A State agency may request significant resources, as defined
by the director, for the purpose of acquiring, operating or
maintaining information technology for the State agency. In
addition to other information that may be required by the
director, the State agency shall submit the following to
accompany the request:
(1) A s tatement setting forth the following:
(i) The needs of the State agency for information
technology and related resources, including expected
improvements to programmatic or business operations.
(ii) The requirements for State resources, together
with an evaluation of those requirements by the chief
information officer assigned to the State agency which
takes into consideration the following:
(A) The State's current technology.
(B) The opportunities for technology sharing.
(C) Any other factors relevant to the analysis
by the director.
(2) A review and evaluation of the statement under
paragraph (1) which is prepared by the chief information
officer assigned to the State agency.
(3) In cases of an acquisition, an explanation of the
method by which the acquisition is to be financed.
(4) A statement by the chief information officer
assigned to the State agency which sets forth viable
alternatives, if any, for meeting the State agency needs in
an economical and efficient manner.
§ 4322. Status of information technology projects and
corrective action plans.
20210HB0040PN0280 - 18 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(a) Portal.--Within one year of the effective date of this
section, the director shall develop a web-based portal detailing
the status of each of the Commonwealth's information technology
projects. The portal shall include the following:
(1) A brief summary of each information technology
project.
(2) The approved budget of each project.
(3) The total and percent of the project's approved
budget which has been expended by the agency based on the end
balance from the prior business day, along with a color
designation as follows:
(i) If an information technology project is under
the project's approved budget, the project shall be
designated as the color green.
(ii) If an information technology project is over
the project's approved budget, the project shall be
designated as the color red.
(4) The completion date in the original contract along
with the total percent of work for the project that has been
completed, along with a color designation as follows:
(i) If an information technology project has not
exceeded the completion date in the original contract,
the project shall be designated as green.
(ii) If an information technology project has
exceeded the completion date in the original contract,
the project shall be designated as red.
(5) A summary of the scope of work, along with a color
designation as follows:
(i) If an information technology project is meeting
the scope of work in the original contract, the project
20210HB0040PN0280 - 19 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
shall be designated as the color green.
(ii) If an information technology project is not
meeting the scope of work in the original contract, the
project shall be designated as the color red.
(6) A summary of the performance requirements of the
contract, along with a color designation as follows:
(i) If an information technology project is meeting
the performance requirements in the original contract,
the project shall be designated as the color green.
(ii) If an information technology project is not
meeting the performance measures in the original
contract, the project shall be designated as the color
red.
(b) Notification.--The following shall apply:
(1) Upon determining that an information technology
project will be designated red, the director shall notify the
Governor's Office, the Independent Fiscal Office and the
General Assembly.
(2) Upon being notified that the information technology
project is designated as red, the director shall develop a
corrective action plan to ensure that the information
technology project moves back to green status.
(3) The corrective action plan shall be finalized within
20 days from the notification. The finalized corrective
action plan shall be sent to the General Assembly, the
Independent Fiscal Office and the Auditor General.
SUBCHAPTER C
PROCUREMENT AND BUSINESS OPERATIONS
Sec.
4331. Reporting requirements regarding procurement.
20210HB0040PN0280 - 20 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
4332. Business continuity planning.
4333. Information technology operations.
4334. Communications services.
4335. Project approval standards.
4336. Project management standards.
4337. Dispute resolution.
4338. Procurement of information technology.
4339. Contractor verification.
4340. Review and approval of contracts.
4341. Purchase of certain equipment prohibited.
4342. Refurbished computer equipment purchasing program.
4343. Data on reliability and other matters.
§ 4331. Reporting requirements regarding procurement.
(a) Bids.--A vendor submitting a bid or proposal shall
disclose in a statement, provided contemporaneously with the bid
or proposal , where services will be performed under the contract
sought, including any subcontracts, and whether any services
under that contract, including any subcontracts, are anticipated
to be performed outside the United States.
(b) Retention and reports.--The di rector shall:
(1) retain the statements required by this section
regardless of the State agency that awards the contract; and
(2) report annually to the secretary on the number of
contracts.
(c) Records of purchases.--Each State agency which makes a
purchase of information technology through the office shall
report directly to the director, who shall keep annual records
of information technology purchases.
(d) Effect of section.--Nothing in this section is intended
to contravene any existing treaty, law, agreement or regulation
20210HB0040PN0280 - 21 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
of the United States.
§ 4332. B usiness continuity planning.
(a) Oversight.--The director shall oversee the manner and
means by which information technology business and disaster
recovery plans for State agencies are created, reviewed and
updated.
(b) Disaster recovery planning team.--Each State agency
shall establish a disaster recovery planning team to work with
the office to develop the disaster recovery plan and administer
and implement the plan.
(c) Components of plan.--In developing a disaster recovery
plan, all of the following shall be completed:
(1) Consideration of the organizational, managerial and
technical environments in which the plan must be implemented.
(2) An assessment of the types and likely parameters of
disasters most likely to occur and the resultant impacts on
the State agency's ability to perform its mission.
(3) The listing of the protective measures to be
implemented in anticipation of a natural or manmade disaster.
(4) A determination whether the plan is adequate to
address information technology security incidents.
(d) Submittal.--Each State agency shall submit its disaster
recovery plan to the director on an annual basis and as
otherwise requested by the director.
§ 4333. I nformation technology operations.
(a) Functions.--In addition to other functions authorized or
required by this chapter, the office shall do the following:
(1) Establish and operate centers of expertise for
specific information technologies and services to serve two
or more State agencies on a cost-sharing basis, if the
20210HB0040PN0280 - 22 -
<