ENROLLED
COMMITTEE SUBSTITUTE
FOR
COMMITTEE SUBSTITUTE
FOR
Senate Bill No. 653
(By Senators Tomblin, Mr. President, and Sprouse,
By Request of the Executive)
____________
[Passed March 11, 2006; in effect ninety days from passage.]
____________

AN ACT to amend and reenact §5A-6-1, §5A-6-2, §5A-6-4, §5A-6-5, §5A-6-6 and §5A-6-8 of the Code of West Virginia, 1931, as amended; to amend said code by adding thereto three new sections, designated §5A-6-4a, §5A-6-4b and §5A-6-4c; and to amend and reenact §5A-7-4 of said code, all relating to the Office of Technology; making legislative findings; defining terms; providing duties, powers and authority of the Chief Technology Officer; requiring a four-year strategic plan; authorizing promulgation of legislative rules; providing authority over security of state government information; managing information technology and establishing a Project Management Office; requiring state spending units to provide notice and obtain approval of Chief Technology Officer for certain information technology and telecommunication projects; limiting when fees may be charged; disallowing certain expenditures in excess of spending authority; transferring duties relating to disaster recovery centers to the Chief Technology Officer; requiring at least two redundant sites for disaster recovery centers; and exempting and limiting application to certain state entities.

Be it enacted by the Legislature of West Virginia:
That §5A-6-1, §5A-6-2, §5A-6-4, §5A-6-5, §5A-6-6 and §5A-6-8 of the Code of West Virginia, 1931, as amended, be amended and reenacted; that said code be amended by adding thereto three new sections, designated §5A-6-4a, §5A-6-4b and º5A-6-4c; and that §5A- 7-4 of said code be amended and reenacted, all to read as follows:
ARTICLE 6. OFFICE OF TECHNOLOGY.
§5A-6-1. Findings and purposes.

The Legislature finds and declares that information technology is essential to finding practical solutions to the everyday problems of government and that the management goals and purposes of government are furthered by the development of compatible, linked information systems across government. Therefore, it is the purpose of this article to create, as an integral part of the Department of Administration, the Office of Technology with the authority to advise and make recommendations to all state spending units on their information systems and to have the authority to oversee coordination of the state's technical infrastructure.
§5A-6-2. Definitions.

As used in this article:

(a) "Information systems" means computer-based information equipment and related services designed for the automated transmission, storage, manipulation and retrieval of data by electronic or mechanical means;

(b) "Information technology" means data processing and telecommunications hardware, software, services, supplies, personnel, maintenance, training and includes the programs and routines used to employ and control the capabilities of data processing hardware;

(c) "Information equipment" includes central processing units, front-end processing units, miniprocessors, microprocessors and related peripheral equipment, including data storage devices, networking equipment, services, routers, document scanners, data entry equipment, terminal controllers, data terminal equipment, computer-based word processing systems other than memory typewriters;

(d) "Related services" includes feasibility studies, systems design, software development and time-sharing services whether provided by state employees or others;

(e) "Telecommunications" means any transmission, emission or reception of signs, signals, writings, images or sounds of intelligence of any nature by wire, radio or other electromagnetic or optical systems. The term includes all facilities and equipment performing those functions that are owned, leased or used by the executive agencies of state government;

(f) "Chief Technology Officer" means the person holding the position created in section three of this article and vested with authority to oversee state spending units in planning and coordinating information systems that serve the effectiveness and efficiency of the state and individual state spending units and further the overall management goals and purposes of government;

(g) "Technical infrastructure" means all information systems, information technology, information equipment, telecommunications and related services as defined in this section;

(h) "Information technology project" means the process by which telecommunications, automated data processing, databases, the internet, management information systems and related information, equipment, goods and services are planned, procured and implemented;

(i) "Major information technology project" means any information technology project estimated to cost more than one hundred thousand dollars or require more than three hundred man hours to complete; and

(j) "Steering committee" means an internal agency oversight committee established jointly by the Chief Technology Officer and the agency requesting the project, which shall include representatives from the Office of Technology and at least one representative from the agency requesting the project.
§5A-6-4. Powers and duties of the Chief Technology Officer; generally.

(a) With respect to all state spending units the Chief Technology Officer may:

(1) Develop an organized approach to information resource management for this state;

(2) Provide, with the assistance of the Information Services and Communications Division of the Department of Administration, technical assistance to the administrators of the various state spending units in the design and management of information systems;

(3) Evaluate, in conjunction with the Information Services and Communications Division, the economic justification, system design and suitability of information equipment and related services, and review and make recommendations on the purchase, lease or acquisition of information equipment and contracts for related services by the state spending units;

(4) Develop a mechanism for identifying those instances where systems of paper forms should be replaced by direct use of information equipment and those instances where applicable state or federal standards of accountability demand retention of some paper processes;

(5) Develop a mechanism for identifying those instances where information systems should be linked and information shared, while providing for appropriate limitations on access and the security of information;

(6) Create new technologies to be used in government, convene conferences and develop incentive packages to encourage the utilization of technology;

(7) Engage in any other activities as directed by the Governor;

(8) Charge a fee to the state spending units for evaluations performed and technical assistance provided under the provisions of this section, to be based entirely on direct personnel costs incurred in providing the evaluation or technical assistance and charged only after the evaluation or technical assistance has been provided. All fees collected by the Chief Technology Officer shall be deposited in a special account in the State Treasury to be known as the Chief Technology Officer Administration Fund. Expenditures from the fund shall be made by the Chief Technology Officer for the purposes set forth in this article and are not authorized from collections but are to be made only in accordance with appropriation by the Legislature and in accordance with the provisions of article three, chapter twelve of this code and upon the fulfillment of the provisions set forth in article two, chapter eleven-b of this code: Provided, That the provisions of section eighteen, article two, chapter eleven-b of this code shall not operate to permit expenditures in excess of the spending authority authorized by the Legislature. Amounts collected which are found to exceed the funds needed for purposes set forth in this article may be transferred to other accounts or funds and redesignated for other purposes by appropriation of the Legislature;

(9) Monitor trends and advances in information technology and technical infrastructure;

(10) Direct the formulation and promulgation of policies, guidelines, standards and specifications for the development and maintenance of information technology and technical infrastructure, including, but not limited to:

(A) Standards to support state and local government exchange, acquisition, storage, use, sharing and distribution of electronic information;

(B) Standards concerning the development of electronic transactions, including the use of electronic signatures;

(C) Standards necessary to support a unified approach to information technology across the totality of state government, thereby assuring that the citizens and businesses of the state receive the greatest possible security, value and convenience from investments made in technology;

(D) Guidelines directing the establishment of statewide standards for the efficient exchange of electronic information and technology, including technical infrastructure, between the public and private sectors;

(E) Technical and data standards for information technology and related systems to promote efficiency and uniformity;

(F) Technical and data standards for the connectivity, priorities and interoperability of technical infrastructure used for homeland security, public safety and health and systems reliability necessary to provide continuity of government operations in times of disaster or emergency for all state, county and local governmental units; and

(G) Technical and data standards for the coordinated development of infrastructure related to deployment of electronic government services among state, county and local governmental units;

(11) Periodically evaluate the feasibility of subcontracting information technology resources and services, and to subcontract only those resources that are feasible and beneficial to the state;

(12) Direct the compilation and maintenance of an inventory of information technology and technical infrastructure of the state, including infrastructure and technology of all state, county and local governmental units, which may include personnel, facilities, equipment, goods and contracts for service, wireless tower facilities, geographic information systems and any technical infrastructure or technology that is used for law enforcement, homeland security or emergency services;

(13) Develop job descriptions and qualifications necessary to perform duties related to information technology as outlined in this article; and

(14) Promulgate legislative rules, in accordance with the provisions of chapter twenty-nine-a of this code, as may be necessary to standardize and make effective the administration of the provisions of article six of this chapter.

(b) With respect to executive agencies, the Chief Technology Officer may:

(1) Develop a unified and integrated structure for information systems for all executive agencies;

(2) Establish, based on need and opportunity, priorities and time lines for addressing the information technology requirements of the various executive agencies of state government;

(3) Exercise authority delegated by the Governor by executive order to overrule and supersede decisions made by the administrators of the various executive agencies of government with respect to the design and management of information systems and the purchase, lease or acquisition of information equipment and contracts for related services;

(4) Draw upon staff of other executive agencies for advice and assistance in the formulation and implementation of administrative and operational plans and policies; and

(5) Recommend to the Governor transfers of equipment and human resources from any executive agency and the most effective and efficient uses of the fiscal resources of executive agencies, to consolidate or centralize information-processing operations.

(c) The Chief Technology Officer may employ the personnel necessary to carry out the work of the Office of Technology and may approve reimbursement of costs incurred by employees to obtain education and training.

(d) The Chief Technology Officer shall develop a comprehensive, statewide, four-year strategic information technology and technical infrastructure policy and development plan to be submitted to the Governor and the Joint Committee on Government and Finance. A preliminary plan shall be submitted by the first day of December, two thousand six,and the final plan shall be submitted by the first day of June, two thousand seven. The plan shall include, but not limited to:

(A) A discussion of specific projects to implement the plan;

(B) A discussion of the acquisition, management and use of information technology by state agencies;

(C) A discussion of connectivity, priorities and interoperability of the state's technical infrastructure with the technical infrastructure of political subdivisions and encouraging the coordinated development of facilities and services regarding homeland security, law enforcement and emergency services to provide for the continuity of government operations in times of disaster or emergency;

(D) A discussion identifying potential market demand areas in which expanded resources and technical infrastructure may be expected;

(E) A discussion of technical infrastructure as it relates to higher education and health;

(F) A discussion of the use of public-private partnerships in the development of technical infrastructure and technology services; and

(G) A discussion of coordinated initiatives in website architecture and technical infrastructure to modernize and improve government to citizen services, government to business services, government to government relations and internal efficiency and effectiveness of services, including a discussion of common technical data standards and common portals to be utilized by state, county and local governmental units.

(e) The Chief Technology Officer shall oversee telecommunications services used by state spending units for the purpose of maximizing efficiency to the fullest possible extent. The Chief Technology Officer shall establish microwave or other networks and LATA hops; audit telecommunications services and usage; recommend and develop strategies for the discontinuance of obsolete or excessive utilization; participate in the renegotiation of telecommunications contracts; and encourage the use of technology and take other actions necessary to provide the greatest value to the state.

§5A-6-4a. Duties of the Chief Technology Officer relating to security of government information.

(a) To ensure the security of state government information and the data communications infrastructure from unauthorized uses, intrusions or other security threats. At a minimum, these policies, procedures and standards shall identify and require the adoption of practices to safeguard information systems, data and communications infrastructures, as well as define the scope and regularity of security audits and which bodies are authorized to conduct security audits. The audits may include reviews of physical security practices.

(b) (1) The Chief Technology Officer shall at least annually perform security audits of all executive branch agencies regarding the protection of government databases and data communications.

(2) Security audits may include, but are not limited to, on- site audits as well as reviews of all written security procedures and documented practices.

(d) All public bodies subject to the audits required by this section shall fully cooperate with the entity designated to perform the audit.

(e) The Chief Technology Officer may direct specific remediation actions to mitigate findings of insufficient administrative, technical and physical controls necessary to protect state government information or data communication infrastructures.

(f) The Chief Technology Officer shall promulgate legislative rules in accordance with the provisions of chapter twenty-nine-a of this code to minimize vulnerability to threats and to regularly assess security risks, determine appropriate security measures and perform security audits of government information systems and data communications infrastructures.

(g) To ensure compliance with confidentiality restrictions and other security guidelines applicable to state law-enforcement agencies, emergency response personnel and emergency management operations, the provisions of this section may not apply to the West Virginia State Police or the Division of Homeland Security and Emergency Management.

(h) The provisions of this section shall not infringe upon the responsibilities assigned to the State Comptroller, the Auditor or the Legislative Auditor, or other statutory requirements.
(i) In consultation with the Adjutant General, Chairman of the Public Service Commission, the Superintendent of the State Police and the Director of the Division of Homeland Security and Emergency Management, the Chief Technology Officer is responsible for the development and maintenance of an information systems disaster recovery system for the State of West Virginia with redundant sites in two or more locations isolated from reasonably perceived threats to the primary operation of state government. The Chief Technology Officer shall develop specifications, funding mechanisms and participation requirements for all executive branch agencies to protect the state's essential data, information systems and critical government services in times of emergency, inoperativeness or disaster. Each executive branch agency shall assist the Chief Technology Officer in planning for its specific needs and provide to the Chief Technology Officer any information or access to information systems or equipment that may be required in carrying out this purpose. No statewide or executive branch agency procurement of disaster recovery services may be initiated, let or extended without the expressed consent of the Chief Technology Officer.

§5A-6-4b. Project management duties of the Chief Technology Officer; establishment of the Project Management Office and duties of the director of the Project Management Office.

(a) Concerning the management of information technology projects, the Chief Technology Officer shall:

(1) Develop an approval process for proposed major information technology projects by state agencies to ensure that all projects conform to the statewide strategic plan and the information management plans of agencies;

(2) Establish a methodology for conceiving, planning, scheduling and providing appropriate oversight for information technology projects, including oversight for the projects and a process for approving the planning, development and procurement of information technology projects;

(3) Establish minimum qualifications and training standards for project managers;

(4) Direct the development of any statewide and multiagency enterprise project; and

(5) Develop and update a project management methodology to be used by agencies in the development of information technology.

(b) The Chief Technology Officer shall create a Project Management Office within the Office of Technology.

(1) Implement the approval process for information technology projects;

(2) Assist the Chief Technology Officer in the development and implementation of a project management methodology to be used in the development and implementation of information technology projects in accordance with this article;

(3) Provide ongoing assistance and support to state agencies and public institutions of higher education in the development of information technology projects;

(4) Establish a program providing training to agency project managers;

(5) Review information management and information technology plans submitted by agencies and recommend to the Chief Technology Officer the approval of the plans and any amendments thereto;

(6) Monitor the implementation of information management and information technology plans and periodically report its findings to the Chief Technology Officer;

(7) Assign project managers to review and recommend information technology project proposals.

(8) The director shall create criteria upon which information technology project proposal plans may be based including:

(A) The degree to which the project is consistent with the state's overall strategic plan;

(B) The technical feasibility of the project;

(D) The risks associated with the project;

(E) Any continued funding requirements; and

(F) The past performance on other projects by the agency.

(9) Provide oversight for state agency information technology projects.
§5A-6-4c. Major information technology projects proposals and the establishment of steering committees.

(a) Prior to proceeding with a major information technology project, an agency shall submit a project proposal, outlining the business need for the project, the proposed technology solution, if known, and an explanation of how the project will support the agency's business objective and the state's strategic plan for information technology. The project manager may require the submission of additional information as needed to adequately review any proposal.

(b) The proposal will further include:

(1) A detailed business case plan, including a cost-benefit analysis;

(2) A business process analysis, if applicable;

(3) System requirements, if known;

(4) A proposed development plan and project management structure;

(5) Business goals and measurement criteria, as appropriate; and

(6) A proposed resource or funding plan.

(c) The project manager assigned to review the project development proposal shall recommend its approval or rejection to the Chief Technology Officer. If the Chief Technology Officer approves the proposal, then he or she shall notify the agency of its approval.

(d) Whenever an agency has received approval from the Chief Technology Officer to proceed with the development and acquisition of a major information technology project, the Chief Technology Officer shall establish a steering committee.

(e) The steering committee shall provide ongoing oversight for the major information technology project and have the authority to approve or reject any changes to the project's scope, schedule or budget.

(f) The Chief Technology Officer shall ensure that the major information technology project has in place adequate project management and oversight structures for addressing the project's scope, schedule or budget and shall address issues that cannot be resolved by the steering committee.

§5A-6-5. Notice of request for proposals by state spending units required to make purchases through the State Purchasing Division.

Any state spending unit that pursues an information technology purchase that does not meet the definition of a "major technology project" and that is required to submit a request for proposal to the State Purchasing Division prior to purchasing goods or services shall obtain the approval of the Chief Technology Officer, in writing, of any proposed purchase of goods or services related to its information technology and telecommunication systems. The notice shall contain a brief description of the goods and services to be purchased. The state spending unit shall provide the notice to the Chief Technology Officer prior to the time it submits its request for proposal to the State Purchasing Division.

§5A-6-6. Notice of request for proposals by state spending units exempted from submitting purchases to the State Purchasing Division.

(a) Any state spending unit that is not required to submit a request for proposal to the State Purchasing Division prior to purchasing goods or services shall notify the Chief Technology Officer, in writing, of any proposed purchase of goods or services related to its information technology or telecommunication systems. The notice shall contain a detailed description of the goods and services to be purchased. The state spending unit shall provide the notice to the Chief Technology Officer a minimum of ten days prior to the time it requests bids on the provision of the goods or services.

(b) If the Chief Technology Officer evaluates the suitability of the information technology and telecommunication equipment and related services under the provisions of subdivision (3), subsection (a), section four of this article and determines that the goods or services to be purchased are not suitable, he or she shall, within ten days of receiving the notice from the state spending unit, notify the state spending unit, in writing, of any recommendations he or she has regarding the proposed purchase of the goods or services. If the state spending unit receives a written notice from the Chief Technology Officer within the time period required by this section, the state spending unit shall not put the goods or services out for bid less than fifteen days following receipt of the notice from the Chief Technology Officer.
§5A-6-8. Exemptions.

(a) The provisions of this article do not apply to the Legislature, the judiciary or any state constitutional officer designated in section two, article seven, chapter six of this code.

(b) Notwithstanding any other provision of this article to the contrary, except for participation in the compilation and maintenance of an inventory of information technology and technical infrastructure of the state authorized by section four of this article, the provisions of this article do not apply to the West Virginia Board of Education, the West Virginia Department of Education or the county boards of education. However, the West Virginia Board of Education, the West Virginia Department of Education and the county boards of education will attempt to cooperate and collaborate with the Chief Technology Officer to the extent feasible.

(c) The Governor may by executive order exempt from the provisions of this article any entity created and organized to facilitate the public and private use of health care information and the use of electronic medical records throughout the state.
ARTICLE 7. INFORMATION SERVICES AND COMMUNICATIONS DIVISIONS.

§5A-7-4. Powers and duties of division generally; professional staff; telephone service.

(a) The division is responsible for providing technical services and assistance to the various state spending units with respect to developing and improving data processing and telecommunications functions. The division may provide training and direct data processing services to the various state agencies. The division shall, upon request of the Chief Technology Officer, provide technical assistance in evaluating the economic justification, system design and suitability of equipment and systems used in state government. The director shall report to the Chief Technology Officer.

(b) The director is responsible for the development of personnel to carry out the technical work of the division and may approve reimbursement of costs incurred by employees to obtain education and training.

(c) The director may assess each state spending unit for the cost of any evaluation of the economic justification, system design and suitability of equipment and systems used by the state spending unit or any other technical assistance that is provided or performed by the Chief Technology Officer and the division under the provisions of section four, article six of this chapter.

(d) The director shall transfer any moneys received as a result of the assessments that he or she makes under subsection (c) of this section to the Office of Technology. The director shall report quarterly to the Joint Committee on Government and Finance on all assessments made pursuant to subsection (c) of this section.

(e) The director shall maintain an accounting system for all telephone service to the state.

(f) The provisions of this article do not apply to the Legislature or the judiciary.