Please wait while the document is loaded.

A10030
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE BILL
No.
1704
Session of
2017
INTRODUCED BY GROVE, PHILLIPS-HILL, ORTITAY, CUTLER, BAKER,
SAYLOR, ENGLISH, MILLARD, BLOOM, WHEELAND, A. HARRIS, WATSON,
PICKETT, B. MILLER AND COX, AUGUST 16, 2017
REFERRED TO COMMITTEE ON STATE GOVERNMENT, AUGUST 16, 2017
AN ACT
Amending Title 71 (State Government) of the Pennsylvania
Consolidated Statutes, providing for information technology;
establishing the Office of Information Technology and the
Information Technology Fund; providing for administrative and
procurement procedures and for the Legislative Cybersecurity
Oversight Committee; and imposing penalties.
The General Assembly of the Commonwealth of Pennsylvania
hereby enacts as follows:
Section 1. Part V of Title 71 of the Pennsylvania
Consolidated Statutes is amended by adding a chapter to read:
CHAPTER 43
INFORMATION TECHNOLOGY
Subchapter
A. General Provisions
B. Office of Information Technology
C. Procurement and Business Operations
D. Security
E. Enforcement and Penalties
SUBCHAPTER A
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
GENERAL PROVISIONS
Sec.
4301. Scope of chapter.
4302. Findings and declarations.
4303. Definitions.
§ 4301. Scope of chapter.
This chapter relates to administrative procedures and
procurement regarding information technology.
§ 4302. Findings and declarations.
The General Assembly finds and declares the following:
(1) The Commonwealth has struggled to keep information
technology costs under control.
(2) M any of the Commonwealth's information technology
contracts extend well beyond their anticipated date of
completion.
(3) The Commonwealth can begin to reduce information
technology costs by the consolidation of information
technology functions and resources within the executive
branch.
(4) Consolidation of information technology services
will not only reduce costs but create more efficient
information technology operations.
(5) By reforming the Commonwealth's outdated approach to
information technology, the Commonwealth can improve data and
analytic capabilities and improve cybersecurity.
(6) The improvement of operations will enhance taxpayer
satisfaction and make it easier for residents to navigate.
(7) Consolidation of information technology services
must be designed to improve accountability and transparency
to taxpayers and enhance the Commonwealth's data and
A10030 - 2 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
analytics capabilities.
§ 4303. Definitions.
The following words and phrases when used in this chapter
shall have the meanings given to them in this section unless the
context clearly indicates otherwise:
"Director." The administrative head of the office.
"Distributed information technology assets." Hardware,
software and communications equipment not classified as
traditional mainframe-based items, including, but not limited
to, personal computers, local area networks, servers, mobile
computers, peripheral equipment and other related hardware and
software items.
"Electronic bidding." The electronic solicitation and
receipt of offers to contract.
"Fund." The In formation Technology Fund established under
section 4316 (relating to Information Technology Fund).
"Independent agency." A board, commission, authority or
other agency of the Commonwealth that is not subject to the
policy supervision and control of the Governor. The term does
not include:
(1) a court or agency of the unified judicial system; or
(2) the General Assembly or an agency of the General
Assembly.
"Independent department." Any of the following:
(1) The Department of the Auditor General.
(2) The Treasury Department.
(3) The Office of Attorney General.
(4) A board or commission of an entity under paragraph
(1), (2) or (3).
"Information technology." Hardware, software and
A10030 - 3 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
telecommunications equipment, including, but not limited to, the
following:
(1) Personal computers.
(2) Servers.
(3) Mainframes.
(4) Wired or wireless wide and local area networks.
(5) Broadband.
(6) Mobile or portable computers.
(7) Peripheral equipment.
(8) Telephones.
(9) Wireless communications.
(10) Handheld devices.
(11) Public safety radio services.
(12) Facsimile machines.
(13) Technology facilities, including, but not limited
to, data centers, dedicated training facilities or switching
facilities.
(13.1) Electronic payment processing services.
(14) Other relevant hardware and software items or
personnel tasked with the planning, implementation or support
of technology, including hosting or vendor-managed service
solutions.
"Information technology security incident." A computer-based
activity, network-based activity or paper-based activity which
results directly or indirectly in misuse, damage, denial of
service, compromise of integrity or loss of confidentiality of a
network, a computer, an application or data.
"Office." The Office of Information Technology established
under Subchapter B (relating to Office of Information
Technology).
A10030 - 4 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
"Reverse auction." A real-time purchasing process in which
vendors compete to provide goods or services at the lowest
selling price in an open and interactive electronic environment.
"Secretary." The Secretary of Administration.
"State agency." Any of the following:
(1) The Governor's Office.
(2) A department, board, commission, authority or other
agency of the Commonwealth that is subject to the policy
supervision and control of the Governor.
(3) The office of Lieutenant Governor.
(4) An independent agency.
SUBCHAPTER B
OFFICE OF INFORMATION TECHNOLOGY
Sec.
4311. Establishment of office.
4312. Duties of office.
4313. Transfer of duties.
4314. Director.
4315. Planning and financing information technology resources.
4316. Information Technology Fund.
4317. Information technology reports.
4318 4317 . Financial reporting and accountability and
information technology .
4319 4318 . Statewide electronic portal and annual report.
4320 4319 . Budget for information technology.
4321 4320 . Commonwealth portal.
4322 4321 . Information technology request.
4322. Status of information technology projects and corrective
action plans.
§ 4311. Establishment of office.
A10030 - 5 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
The Office of Information Technology is established within
the Governor's Office of Administration.
§ 4312. Duties of office.
(a) Duties generally.--The office shall:
(1) Consolidate information technology functions,
powers, duties, obligations infrastructure and support
services vested in State agencies.
(2) Direct the management and operations of information
technology services for each State agency, including, but not
limited to, the following:
(i) The development of priorities and strategic
plans.
(ii) The management of information technology
investments, procurement and policy.
(iii) Oversight of each State agency to ensure
compliance with the provisions of this chapter.
(3) Recommend any changes to staffing or operations
regarding information technology.
(b) Specific duties.--As part of the general duties under
subsection (a), the office shall:
(1) Assist in developing annual information technology
strategic plans for each State agency that include
priorities, coordination and monitoring of resource use and
expenditures, performance review measures, procurement and
other governance and planning measures.
(2) Review and approve the information technology plans
for each State agency.
(3) Consult with the Governor's Office of the Budget on
budgetary matters regarding information technology planning
and procurement.
A10030 - 6 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(4) Create an advisory structure to advise on matters
involving overall technology and data governance.
(5) Establish and maintain an information technology
portfolio management process for overall monitoring of
information technology program objectives, alignment with
priorities, budgets and expenditures.
(6) Identify common information technology business
functions within each State agency.
(7) Make recommendations for consolidation, integration
and investment.
(8) Facilitate the use of common technology, as
appropriate.
(9) Expand the use of project management methodologies
and principles on information technology projects, including
measures to review project delivery and quality.
(10) Ensure compliance by each State agency with
required business process reviews.
(11) Maintain a central procurement organization.
(12) Procure or supervise the procurement of all
information technology.
(13) Oversee information technology contract issues,
monitoring and compliance.
(14) Serve as a liaison between State agencies and
contracted information technology vendors.
(15) Align the appropriate technology and procurement
methods with the service strategy.
(16) E stablish an information technology architecture
framework that governs information technology investments.
This architecture framework shall include the following, as
appropriate:
A10030 - 7 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(i) The development of standards, policies,
processes and strategic technology roadmaps.
(ii) The performance of technical reviews and
capability assessments of services, technologies and
State agency systems.
(iii) The evaluation of requests for information
technology policy exceptions.
(17) Develop and implement efforts to standardize data
elements and determine data ownership assignments.
(18) Develop and maintain a comprehensive information
technology inventory.
(19) Monitor compliance with information technology
policy and standards through an architectural review process.
(20) Maintain and strengthen the Commonwealth's
cybersecurity posture through security governance.
(21) Develop security solutions, services and programs
to protect data and infrastructure.
(22) Identify and remediate security risks and maintain
citizen trust in securing computerized personal information.
(23) Implement programs, processes and solutions to
maintain cybersecurity situational awareness and effectively
respond to cybersecurity attacks and information technology
security incidents.
(24) Foster a culture of situational and risk awareness.
(25) Conduct evaluations and compliance audits of State
agency security infrastructure.
(26) Recommend and conduct the consolidation of State
agency information technology services, including, but not
limited to, infrastructure, personnel, investments,
operations and support services.
A10030 - 8 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(27) Establish and facilitate a process for the
identification, evaluation and optimization of information
technology shared services.
(28) Establish, maintain and communicate service level
agreements for shared services.
(29) Establish a process for:
(i) the development and implementation of
telecommunications policies, services and infrastructure;
and
(ii) reviewing and authorizing State agency requests
for enhanced services.
(30) Identify opportunities for convergence and
leveraging existing assets to reduce or eliminate duplicative
telecommunication networks.
(31) Establish and maintain an information technology
service management process library to govern the services
provided to each State agency.
(32) Establish a formal governance body to evaluate the
introduction of new information technology services and the
retiring of existing information technology services.
(33) Establish metrics to monitor the health of the
services provided and make appropriate corrections as
necessary.
(34) Establish information technology data management
and development policy frameworks for each State agency that
include policies, processes and standards that adhere to
commonly-accepted principles for, among other things, data
governance, data development and the quality, sourcing, use,
accessibility, content, ownership and licensing of open data.
(35) Create and maintain a comprehensive open data
A10030 - 9 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
portal for public accessibility.
(36) Provide guidance regarding the procurement of
supplies and services related to the subject matter of this
chapter.
(37) Facilitate communication with the public by
publishing open data plans and policies and by soliciting or
allowing for public input on the subject matter of this
chapter.
(38) Ensure the internal examination of Commonwealth
data sets for business, confidentiality, privacy and security
issues and the reasonable mitigation of those issues, prior
to the data's release for open data purposes.
(39) Develop and facilitate the engagement with private
and other public stakeholders, including, but not limited to,
arranging for and expediting data-sharing agreements and
encouraging and facilitating cooperation and substantive and
administrative efficiencies.
(40) Develop and facilitate data sharing and data
analytics.
(41) Oversee and manage the information technology
contracts of each State agency. The following shall apply:
(i) The office shall obtain, review and maintain, on
an ongoing basis, records of the appropriations,
allotments, expenditures and revenues of each State
agency for information technology.
(ii) The office shall not manage but shall
coordinate efforts as necessary and appropriate regarding
the information technology contracts of an independent
department, the General Assembly and its agencies or the
agencies of the judicial branch.
A10030 - 10 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
§ 4313. Transfer of duties.
Upon the effective date of this chapter, information
technology functions, powers, duties, obligations and services
shall be transferred to and vested in the office. The following
shall apply:
(1) The c hief information officer of each State agency
shall:
(i) Report directly to the director.
(ii) Work within the chief information officer's
respective State agency on behalf of the office as an
employee of the office.
(2) The salary and costs related to the chief
information officer of each State agency shall be paid by the
chief information officer's respective State agency from
funds appropriated for general government operations.
(3) The following shall apply for an employee of a State
agency who handles or otherwise has responsibility for the
State agency's information technology services:
(i) Except as provided in subparagraph (ii), the
employee shall be transferred to the office as an
employee of the State agency and operate in the physical
location of the State agency, but the employee shall
report matters to the office and be supervised by the
office.
(ii) Subparagraph (i) shall not apply to an employee
who handles proprietary information technology programs.
The employee shall remain an employee of the State agency
and shall coordinate with the office.
§ 4314. Director.
(a) Appointment and salary.--The secretary shall appoint the
A10030 - 11 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
director and set the salary of the director.
(b) Qualifications.--The director shall be qualified by
education and experience for the office.
(c) Duties.--In addition to other duties specified under
this chapter, the director shall manage the operations of the
office and do all of the following:
(1) Develop and administer a comprehensive long-range
plan to ensure the proper management of the Commonwealth's
information technology resources.
(2) Set technical standards for information technology
and review and approve information technology projects and
budgets.
(3) Establish information technology security standards.
(4) Provide for the procurement of information
technology resources.
(5) Develop a schedule for the replacement or
modification of information technology systems.
(6) Require and review reports by each State agency
concerning information technology assets, systems, personnel
and projects and prescribe the form of the reports.
(7) Prescribe the manner in which information technology
assets, systems and personnel shall be provided and
distributed among State agencies.
(8) Prescribe the manner of inspecting or testing
information technology assets, systems or personnel to
determine compliance with information technology plans,
specifications and requirements.
(9) Hire personnel as necessary to perform the functions
of the office.
§ 4315. P lanning and financing information technology
A10030 - 12 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
resources.
(a) Development of policies.--The director shall develop
necessary policies for State agency information technology
planning and financing to achieve the purposes of this chapter.
(b) Development of plan.--
(1) T he director shall analyze the information
technology systems and develop a plan to ascertain the needs,
costs and time frame required for State agencies to
efficiently use information technology systems, resources,
security and data management to achieve the purposes of this
chapter. The plan may include current applications and
infrastructure, migration from current environments and other
information necessary for fiscal or technology planning.
(2) The director shall develop strategic plans for
information technology as necessary.
(c) Consultation and cooperation.--
(1) In determining whether a strategic plan is necessary
for a State agency, the director shall consider the State
agency's operational needs, functions and performance
capabilities.
(2) The director shall consult with and assist State
agencies in the preparation of plans under this subsection.
(3) Each State agency shall actively participate in
preparing, testing and implementing an information technology
plan as determined by the director. A State agency shall
provide all financial information to the director necessary
to determine full costs and expenditures for information
technology assets, including resources provided by the State
agency or through contracts or grants.
(4) Each State agency shall prepare and submit plans as
A10030 - 13 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
required by the director.
(5) A plan by a State agency shall be submitted to the
director no later than October 1 of each even-numbered year.
(d) Biennial plan.--
(1) The director shall develop a biennial State
Information Technology Plan, which shall be transmitted to
the General Assembly in conjunction with the Governor's
budget submission that year.
(2) The biennial plan shall include the following
elements:
(i) An inventory of current information technology
assets and major projects.
(ii) An inventory of significant unmet needs for
information technology resources over a five-year time
period, along with a ranking of the unmet needs in
priority order according to their urgency.
(iii) A statement of the financial requirements,
together with a recommended funding schedule for major
projects in progress or anticipated for approval during
the upcoming fiscal biennium.
(iv) An analysis of opportunities for Statewide
initiatives that would yield significant efficiencies or
improve effectiveness in State programs.
(3) As used in this subsection, the term "major project"
includes a project costing more than $500,000 to implement.
§ 4316. Information Technology Fund.
(a) Establishment.-- A restricted An account is established
in the State Treasury General Fund to be known as the
Information Technology Fund.
(b) Receipt of money.--The fund may receive money for the
A10030 - 14 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
operations of the office and to fulfill the duties of the office
under this chapter by the following methods:
(1) The transfer of encumbered funds from each State
agency which were designated for information technology
purposes prior to the effective date of this section.
(2) Transfers as authorized by the General Assembly that
are not already provided for under this section.
(3) Appropriations from the General Fund.
(4) (3) The transfer of a portion of a State agency's
funds regarding general government operations for information
technology employees.
(c) Use of fund money.--
(1) Subject to paragraph (2), the director shall approve
the disbursement of money from the fund, which shall be used
for the following purposes and other legitimate purposes:
(i) P roject management.
(ii) Security.
(iii) E-mail operations.
(iv) State portal operations.
(2) Expenditures made from the fund which involve money
appropriated from the General Fund shall be approved by the
director.
§ 4317. Information technology reports.
(a) Report on office operations.--By February 1 of each
year, the director shall issue an annual report regarding the
office, which shall, at a minimum, include the following:
(1) Current cash balances.
(2) Line-item details on expenditures which occurred
following the previous biennial report.
(3) Anticipated expenditures and revenues.
A10030 - 15 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(4) The financial activities of the fund, including fund
expenditures, during the immediately prior fiscal year.
(b) Issuance.--A report under subsection (a) shall be
submitted to the following:
(1) The Secretary of the Budget.
(2) The Independent Fiscal Office.
(3) The chairperson and minority chairperson of the
Appropriations Committee of the Senate.
(4) The chairperson and minority chairperson of the
Appropriations Committee of the House of Representatives.
§ 4318 4317 . Financial reporting and accountability and
information technology .
(a) Development of processes.--The office, along with the
Secretary of the Budget and the State Treasurer, shall develop
processes for budgeting and accounting of expenditures for
information technology operations, services, projects,
infrastructure and assets across all State agencies.
(b) Included information.--T he budgeting and accounting
processes under subsection (a) may include information regarding
the following:
(1) Hardware.
(2) S oftware.
(3) Personnel.
(4) Training.
(5) Contractual services.
(6) Other items relevant to information technology.
(c) Reports.--By February 1 of each year, the director shall
also report to the General Assembly the following information:
(1) Services currently provided and associated
transaction volumes or other relevant indicators of
A10030 - 16 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
utilization by user type.
(2) New services added during the previous year.
(3) Services added that are currently available in other
states.
(4) The total amount collected for each service.
(5) The total amount remitted to the State for each
service.
(3) The total appropriation for each service.
(6) (4) The total amount remitted to the vendor for each
service.
(7) (5) Any other use of State data by the vendor and
the total amount of revenue collected per use and in total.
(8) (6) User satisfaction with each service.
(9) (7) Any other issues associated with the provision of
each service.
(d) Financial information.--The director shall, at a
minimum, include in the report under subsection (c) the
following financial information:
(1) Current budgetary balances for the fund and each
information technology project.
(2) Line-item details on expenditures.
(3) Anticipated expenditures for the next three years.
(4) The financial activities of the fund, including fund
expenditures, during the immediately prior fiscal year.
(e) Issuance.--In addition to the General Assembly, a report
under subsection (c) shall be submitted to the following:
(1) The Secretary of the Budget.
(2) The Independent Fiscal Office.
(3) The General Assembly.
§ 4319 4318 . Statewide electronic portal and annual report.
A10030 - 17 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
The office shall develop and operate a Statewide electronic
portal to increase the convenience of the public in conducting
online transactions with and obtaining information from State
government. The portal shall be designed to facilitate and
improve public interactions along with communications between
State agencies.
§ 4320 4319 . B udget for information technology.
The office, along with the Secretary of the Budget, shall
develop and implement a plan to manage all information
technology funding, including State and other receipts, as soon
as practicable. As part of the plan and implementation, the
following shall apply:
(1) F unding for information technology resources,
projects and contracts shall be appropriated to and managed
by the office.
(2) Funding for the office's information technology
shared services and approved contracts shall remain with the
State agencies.
(3) Information technology budget codes and fund codes
shall be created as required.
§ 4321 4320 . Commonwealth portal.
Each State agency shall functionally link its Internet or
electronic services to a centralized web portal system
established under this chapter.
§ 4322 4321 . Information technology request.
A State agency may request significant resources, as defined
by the director, for the purpose of acquiring, operating or
maintaining information technology for the State agency. In
addition to other information that may be required by the
director, the State agency shall submit the following to
A10030 - 18 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
accompany the request:
(1) A s tatement setting forth the following:
(i) The needs of the State agency for information
technology and related resources, including expected
improvements to programmatic or business operations.
(ii) The requirements for State resources, together
with an evaluation of those requirements by the chief
information officer assigned to the State agency which
takes into consideration the following:
(A) The State's current technology.
(B) The opportunities for technology sharing.
(C) Any other factors relevant to the analysis
by the director.
(2) A review and evaluation of the statement under
paragraph (1) which is prepared by the chief information
officer assigned to the State agency.
(3) In cases of an acquisition, an explanation of the
method by which the acquisition is to be financed.
(4) A statement by the chief information officer
assigned to the State agency which sets forth viable
alternatives, if any, for meeting the State agency needs in
an economical and efficient manner.
§ 4322. Status of information technology projects and
corrective action plans.
(a) Portal.--Within one year of the effective date of this
act, the director shall develop a web-based portal detailing the
status of each of the Commonwealth's information technology
projects. The portal shall include the following:
(1) A brief summary of each information technology
project.
A10030 - 19 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(2) The approved budget of each project.
(3) The total and percent of the project's approved
budget which has been expended by the agency based on the end
balance from the prior business day, along with a color
designation as follows:
(i) If an information technology project is under
the project's approved budget, the project shall be
designated as the color green.
(ii) If an information technology project is over
the project's approved budget, the project shall be
designated as the color red.
(4) The completion date in the original contract along
with the total percent of work for the project that has been
completed, along with a color designation as follows:
(i) If an information technology project has not
exceeded the completion date in the original contract,
the project shall be designated as green.
(ii) If an information technology project has
exceeded the completion date in the original contract,
the project shall be designated as red.
(5) A summary of the scope of work, along with a color
designation as follows:
(i) If an information technology project is meeting
the scope of work in the original contract, the project
shall be designated as the color green.
(ii) If an information technology project is not
meeting the scope of work in the original contract, the
project shall be designated as the color red.
(6) A summary of the performance requirements of the
contract, along with a color designation as follows:
A10030 - 20 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(i) If an information technology project is meeting
the performance requirements in the original contract,
the project shall be designated as the color green.
(ii) If an information technology project is not
meeting the performance measures in the original
contract, the project shall be designated as the color
red.
(b) Notification.--The following shall apply:
(1) Upon determining that an information technology
project will be designated red, the director shall notify the
Governor's Office, the Independent Fiscal Office and the
General Assembly.
(2) Upon being notified that the information technology
project is designated as red, the director shall develop a
corrective action plan to ensure that the information
technology project moves back to green status.
(3) The corrective action plan shall be finalized within
20 days from the notification. The finalized corrective
action plan shall be sent to the General Assembly, the
Independent Fiscal Office and the Auditor General.
SUBCHAPTER C
PROCUREMENT AND BUSINESS OPERATIONS
Sec.
4331. Reporting requirements regarding procurement.
4332. Business continuity planning.
4333. Information technology operations.
4334. Communications services.
4335. Project approval standards.
4336. Project management standards.
4337. Dispute resolution.
A10030 - 21 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
4338. Procurement of information technology.
4339. Contractor verification.
4339 4340 . Review and approval of contracts.
4340 4341 . Purchase of certain equipment prohibited.
4341 4342 . Refurbished computer equipment purchasing program.
4342 4343 . Data on reliability and other matters.
§ 4331. Reporting requirements regarding procurement.
(a) Bids.--A vendor submitting a bid or proposal shall
disclose in a statement, provided contemporaneously with the bid
or proposal , where services will be performed under the contract
sought, including any subcontracts, and whether any services
under that contract, including any subcontracts, are anticipated
to be performed outside the United States.
(b) Retention and reports.--The di rector shall:
(1) retain the statements required by this section
regardless of the State agency that awards the contract; and
(2) report annually to the secretary on the number of
contracts.
(c) Records of purchases.--Each State agency which makes a
direct purchase of information technology through the office
shall report directly to the director, who shall keep annual
records of information technology purchases.
(d) Effect of section.--Nothing in this section is intended
to contravene any existing treaty, law, agreement or regulation
of the United States.
§ 4332. B usiness continuity planning.
(a) Oversight.--The director shall oversee the manner and
means by which information technology business and disaster
recovery plans for State agencies are created, reviewed and
updated.
A10030 - 22 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(b) Disaster recovery planning team.--Each State agency
shall establish a disaster recovery planning team to work with
the office to develop the disaster recovery plan and administer
and implement the plan.
(c) Components of plan.--In developing a disaster recovery
plan, all of the following shall be completed:
(1) Consideration of the organizational, managerial and
technical environments in which the plan must be implemented.
(2) An assessment of the types and likely parameters of
disasters most likely to occur and the resultant impacts on
the State agency's ability to perform its mission.
(3) The listing of the protective measures to be
implemented in anticipation of a natural or manmade disaster.
(4) A determination whether the plan is adequate to
address information technology security incidents.
(d) Submittal.--Each State agency shall submit its disaster
recovery plan to the director on an annual basis and as
otherwise requested by the director.
§ 4333. I nformation technology operations.
(a) Functions.--In addition to other functions authorized or
required by this chapter, the office shall do the following:
(1) Submit all rates and fees for common, shared and
Statewide information technology services provided by the
office to the Budget Office for approval.
(2) (1) Establish and operate centers of expertise for
specific information technologies and services to serve two
or more State agencies on a cost-sharing basis, if the
director, after consultation with the Budget Office, decides
it is advisable from the standpoint of efficiency and
economy to establish these centers and services.
A10030 - 23 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(3) Charge each State agency for which services are
performed its proportionate part of the cost of maintaining
and operating the shared centers and services, subject to
approval by the Budget Office.
(4) (2) Require a State agency served to transfer to the
department ownership, custody or control of information
processing equipment, supplies and positions required by the
shared centers and services.
(5) (3) Adopt plans, policies and procedures for the
acquisition, management and use of information technology
resources in State agencies to facilitate more efficient and
economic use of information technology in the State agencies.
(6) (4) Develop and promote training programs to
efficiently implement, use and manage information technology
resources throughout State government.
(b) Confidentiality.--No data of a confidential nature shall
be entered into or processed through an information technology
system or network established under this chapter until
appropriate safeguards and other security measures are approved
by the director and installed and fully operational.
(c) Cost sharing.--Notwithstanding any other provision of
law, the office shall provide information technology services on
a cost-sharing basis to:
(1) An independent department as requested by the head
of the independent department.
(2) The General Assembly and its agencies as requested
by the President pro tempore of the Senate and the Speaker of
the House of Representatives.
(3) The judicial branch as requested by the Chief
Justice.
A10030 - 24 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(d) Estimates and actual expenditures.--Each State agency
shall furnish to the director upon request and on forms
prescribed:
(1) estimates of all information technology goods and
services needed and required by the State agency; and
(2) actual expenditures for all information technology
goods and services needed and required by the State agency
for the periods after the expenditures have been made.
§ 4334. Communications services.
The director shall exercise authority for telecommunications
and other communications included in information technology
relating to the internal management and operations of a State
agency. In discharging this responsibility, the director shall
do the following:
(1) Provide for the establishment, management and
operation, through State ownership, by contract or through
commercial leasing, of the following systems and services as
they affect the internal management and operation of State
agencies:
(i) C entral telephone systems and telephone
networks, including Voice over Internet Protocol and
commercial mobile radio systems.
(ii) Satellite services.
(iii) Closed-circuit television systems.
(iv) Two-way radio systems.
(v) Microwave systems.
(vi) Related systems based on telecommunication
technologies.
(vii) Broadband.
(2) Coordinate the development of cost-sharing systems
A10030 - 25 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
for respective State agencies for their proportionate parts
of the cost of maintenance and operation of the systems and
services listed in this section.
(3) A ssist in the development of coordinated
telecommunications services or systems within and among all
State agencies and recommend, where appropriate, cooperative
utilization of telecommunication facilities by aggregating
users.
(4) Perform traffic analysis and engineering for all
telecommunications services and systems listed in this
section.
(5) Establish telecommunications specifications and
designs so as to promote and support compatibility of the
systems within State agencies.
(6) Provide every three years an inventory of
telecommunications costs, facilities, systems and personnel
within State agencies.
(7) Promote, coordinate and assist in the design and
engineering of emergency telecommunications systems,
including, but not limited to, the 911 emergency telephone
number program, emergency medical services, and other
emergency telecommunications services.
(8) Perform frequency coordination and management for
State agencies and municipalities, including all public
safety radio service frequencies, in accordance with the
rules and regulations of the Federal Communications
Commission or any successor Federal agency.
(9) Advise all State agencies on telecommunications
management planning and related matters and provide
opportunities for training to users within State agencies in
A10030 - 26 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
telecommunications technology and systems.
(10) Assist and coordinate the development of policies
and long-range plans, consistent with the protection of
residents' rights to privacy and access to information, for
the acquisition and use of telecommunications systems. All
policies and plans shall be based on current information
about the Commonwealth's telecommunications activities in
relation to the full range of emerging technologies.
§ 4335. Project approval standards.
(a) Review and approval.--The director shall review all
proposed information technology projects for each State agency.
Project approval may be granted upon the director's
determination that:
(1) the project conforms to project management
procedures and policies and to procurement rules and
policies; and
(2) sufficient funds are available for implementation.
(b) Implementation.--Unless expressly exempt within this
chapter, no State agency shall proceed with an information
technology project until the director approves the project.
(c) Disapproval.--If a project is not approved, the director
shall specify in writing the grounds for the disapproval no
later than 15 business days after making the determination. The
director shall provide notice of the disapproval, along with the
grounds for the disapproval, to all of the following:
(1) The State agency.
(2) The Secretary of the Budget.
(3) The Independent Fiscal Office.
(4) The chairperson and minority chairperson of the
Appropriations Committee of the Senate.
A10030 - 27 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(5) The chairperson and minority chairperson of the
Appropriations Committee of the House of Representatives.
(4) The General Assembly.
(d) Suspension.--
(1) The director may suspend an information technology
project if the project:
(i) does not continue to meet the applicable quality
assurance standards;
(ii) has exceeded its projected costs; or
(iii) has failed to meet its projected completion
date.
(2) If the director suspends a project for a reason
under paragraph (1), the director shall specify in writing
the grounds for suspending the project no later than five
business days after making the determination. The director
shall provide notice of the suspension, along with the
grounds for suspension, to all of the following:
(i) The State agency.
(ii) The Secretary of the Budget.
(iii) The Independent Fiscal Office.
(iv) The chairperson and minority chairperson of the
Appropriations Committee of the Senate.
(v) The chairperson and minority chairperson of the
Appropriations Committee of the House of Representatives.
(ii) The Independent Fiscal Office.
(iii) The Auditor General.
(iv) The Secretary of the Budget.
(v) The State Treasurer.
(vi) The General Assembly.
(3) After a project has been suspended, the State
A10030 - 28 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Treasurer may not allow the transfer of money from the State
agency to further implement the project unless the director
approves an amended version of the plan for the project.
(4) If a State agency attempts to continue to implement
a project that is no longer approved by the director and
expend additional money for the project, the State Treasurer
shall prevent the transfer of funds and remit the intended
expenditures into the fund. After remitting the unauthorized
expenditure, the State Treasurer shall immediately notify the
following:
(i) The director.
(ii) The Secretary of the Budget.
(iii) The chairperson and minority chairperson of
the Appropriations Committee of the Senate.
(iv) The chairperson and minority chairperson of the
Appropriations Committee of the House of Representatives.
(ii) The Governor.
(iii) The Secretary of the Budget.
(iv) The General Assembly.
(e) Quality assurance.--Information technology projects
authorized under this chapter shall meet all project standards
and requirements established under this chapter.
(f) Performance contracting.--All contracts between a State
agency and a private party for information technology projects
shall include provisions for vendor performance review and
accountability, contract suspension or termination and
termination of funding.
(g) Contract provisions.--
(1) The director may require the following contract
provisions:
A10030 - 29 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
(i) A performance bond.
(ii) Monetary penalties.
(iii) Other performance assurance measures for
projects that are not completed within the specified time
period or that involve costs in excess of those specified
in the contract.
(2) Notwithstanding the provisions under paragraph (1)
which are included in the contract, the director shall have
the authority to suspend the project that is the basis of the
contract.
(h) Cost savings.--The director may utilize cost savings
realized on government vendor partnerships as performance
incentives for an information technology vendor.
(i) Use of experts.--
(1) Notwithstanding any other provision of this chapter
to the contrary, the director may require a State agency to
engage the services of private counsel or other experts with
information technology and intellectual property expertise on
a particular subject matter if the State agency is developing
and implementing an information technology project with a
total cost of ownership in excess of $5,000,000.
(2) At the director's discretion, the private counsel or
other expert under paragraph (1) may:
(i) Review requests for proposals or invitation for
bids .
(ii) Review and provide advice and assistance during
the evaluation of proposals or bids and selection of
vendors contractors .
(iii) Review and negotiate contracts associated with
the development, implementation, operation and
A10030 - 30 -
1
2
3
4
5
6
7
8
9
10
11