As used in this article:
(a) “Information systems” means computer-based information equipment and related services designed for the automated transmission, storage, manipulation and retrieval of data by electronic or mechanical means;
(b) “Information technology” means data processing and telecommunications hardware, software, services, supplies, personnel, maintenance, training and includes the programs and routines used to employ and control the capabilities of data processing hardware;
(c) “Information equipment” includes central processing units, front-end processing units, miniprocessors, microprocessors and related peripheral equipment, including data storage devices, networking equipment, services, routers, document scanners, data entry equipment, terminal controllers, data terminal equipment and computer-based word processing systems other than memory typewriters;
(d) “Related services” includes feasibility studies, systems design, software development and time-sharing services whether provided by state employees or others;
(e) “Telecommunications” means any transmission, emission or reception of signs, signals, writings, images or sounds of intelligence of any nature by wire, radio or other electromagnetic or optical systems. The term includes all facilities and equipment performing those functions that are owned, leased or used by the executive agencies of state government;
(f) “Chief Technology Officer” means the person holding the position created in section three of this article and vested with authority to oversee state spending units in planning and coordinating information systems that serve the effectiveness and efficiency of the state and individual state spending units and further the overall management goals and purposes of government;
(g) “Technical infrastructure” means all information systems, information technology, information equipment, telecommunications and related services as defined in this section;
(h) “Information technology project” means the process by which telecommunications, automated data processing, databases, the Internet, management information systems and related information, equipment, goods and services are planned, procured and implemented;
(i) “Major information technology project” means any information technology project estimated to cost more than $250,000. Major information technology projects do not include equipment-only or software-only purchases in which labor is not necessary; and
(j) “Steering committee” means an internal agency oversight committee established jointly by the Chief Technology Officer and the agency requesting the project, which shall include representatives from the Office of Technology and at least one representative from the agency requesting the project.
(a) With respect to all state spending units the Chief Technology Officer may:
(1) Develop an organized approach to information resource management for this state;
(2) Provide technical assistance to the administrators of the various state spending units in the design and management of information systems;
(3) Evaluate the economic justification, system design and suitability of information equipment and related services, and review and make recommendations on the purchase, lease or acquisition of information equipment and contracts for related services by the state spending units;
(4) Develop a mechanism for identifying those instances where systems of paper forms should be replaced by direct use of information equipment and those instances where applicable state or federal standards of accountability demand retention of some paper processes;
(5) Develop a mechanism for identifying those instances where information systems should be linked and information shared, while providing for appropriate limitations on access and the security of information;
(6) Create new technologies to be used in government, convene conferences and develop incentive packages to encourage the utilization of technology;
(7) Engage in any other activities as directed by the Governor;
(8) Charge a fee to the state spending units for evaluations performed and technical assistance provided under the provisions of this section. All fees collected by the Chief Technology Officer shall be deposited in a special account in the State Treasury to be known as the Chief Technology Officer Administration Fund. Expenditures from the fund shall be made by the Chief Technology Officer for the purposes set forth in this article and are not authorized from collections but are to be made only in accordance with appropriation by the Legislature and in accordance with the provisions of article three, chapter twelve of this code and upon the fulfillment of the provisions set forth in article two, chapter eleven-b of this code: Provided, That the provisions of section eighteen, article two, chapter eleven-b of this code do not operate to permit expenditures in excess of the spending authority authorized by the Legislature. Amounts collected which are found to exceed the funds needed for purposes set forth in this article may be transferred to other accounts or funds and redesignated for other purposes by appropriation of the Legislature;
(9) Monitor trends and advances in information technology and technical infrastructure;
(10) Direct the formulation and promulgation of policies, guidelines, standards and specifications for the development and maintenance of information technology and technical infrastructure, including, but not limited to:
(A) Standards to support state and local government exchange, acquisition, storage, use, sharing and distribution of electronic information;
(B) Standards concerning the development of electronic transactions, including the use of electronic signatures;
(C) Standards necessary to support a unified approach to information technology across the totality of state government, thereby assuring that the citizens and businesses of the state receive the greatest possible security, value and convenience from investments made in technology;
(D) Guidelines directing the establishment of statewide standards for the efficient exchange of electronic information and technology, including technical infrastructure, between the public and private sectors;
(E) Technical and data standards for information technology and related systems to promote efficiency and uniformity;
(F) Technical and data standards for the connectivity, priorities and interoperability of technical infrastructure used for homeland security, public safety and health and systems reliability necessary to provide continuity of government operations in times of disaster or emergency for all state, county and local governmental units; and
(G) Technical and data standards for the coordinated development of infrastructure related to deployment of electronic government services among state, county and local governmental units;
(11) Periodically evaluate the feasibility of subcontracting information technology resources and services, and to subcontract only those resources that are feasible and beneficial to the state;
(12) Direct the compilation and maintenance of an inventory of information technology and technical infrastructure of the state, including infrastructure and technology of all state, county and local governmental units, which may include personnel, facilities, equipment, goods and contracts for service, wireless tower facilities, geographic information systems and any technical infrastructure or technology that is used for law enforcement, homeland security or emergency services;
(13) Develop job descriptions and qualifications necessary to perform duties related to information technology as outlined in this article; and
(14) Promulgate legislative rules, in accordance with the provisions of chapter twenty-nine-a of this code, as may be necessary to standardize and make effective the administration of the provisions of article six of this chapter.
(b) With respect to executive agencies, the Chief Technology Officer may:
(1) Develop a unified and integrated structure for information systems for all executive agencies;
(2) Establish, based on need and opportunity, priorities and time lines for addressing the information technology requirements of the various executive agencies of state government;
(3) Exercise authority delegated by the Governor by executive order to overrule and supersede decisions made by the administrators of the various executive agencies of government with respect to the design and management of information systems and the purchase, lease or acquisition of information equipment and contracts for related services;
(4) Draw upon staff of other executive agencies for advice and assistance in the formulation and implementation of administrative and operational plans and policies;
(5) Recommend to the Governor transfers of equipment and human resources from any executive agency and the most effective and efficient uses of the fiscal resources of executive agencies, to consolidate or centralize information-processing operations; and
(6) Ensure information technology equipment is properly cleansed before disposal or transfer to another agency or organization, and is responsible for the retirement or transfer of information technology equipment that may contain confidential or privileged electronic data. Information technology equipment shall be cleansed using appropriate and effective methods that are commensurate with the data, the decommissioning agency and the planned disposition of the information technology equipment. Following the cleansing, the Chief Technology Officer may distribute the information technology equipment for reuse by another state spending unit, send the information technology equipment to a state authorized recycler or send the information technology equipment to a certified information technology equipment refurbisher. Transfers and disposal of information technology equipment are specifically exempt from the surplus property requirements enumerated in sections forty-three through forty-six, article three of this chapter.
(c) The Chief Technology Officer may employ the personnel necessary to carry out the work of the Office of Technology and may approve reimbursement of costs incurred by employees to obtain education and training.
(d) The Chief Technology Officer shall develop a comprehensive, statewide, four-year strategic information technology and technical infrastructure policy and development plan to be submitted to the Governor and the Joint Committee on Government and Finance. A preliminary plan shall be submitted by December 1, 2006, and the final plan shall be submitted by June 1, 2007. The plan shall include, but not be limited to:
(A) A discussion of specific projects to implement the plan;
(B) A discussion of the acquisition, management and use of information technology by state agencies;
(C) A discussion of connectivity, priorities and interoperability of the state's technical infrastructure with the technical infrastructure of political subdivisions and encouraging the coordinated development of facilities and services regarding homeland security, law enforcement and emergency services to provide for the continuity of government operations in times of disaster or emergency;
(D) A discussion identifying potential market demand areas in which expanded resources and technical infrastructure may be expected;
(E) A discussion of technical infrastructure as it relates to higher education and health;
(F) A discussion of the use of public-private partnerships in the development of technical infrastructure and technology services; and
(G) A discussion of coordinated initiatives in website architecture and technical infrastructure to modernize and improve government to citizen services, government to business services, government-to-government relations and internal efficiency and effectiveness of services, including a discussion of common technical data standards and common portals to be utilized by state, county and local governmental units.
(e) The Chief Technology Officer shall oversee telecommunications services used by state spending units for the purpose of maximizing efficiency to the fullest possible extent. The Chief Technology Officer shall establish microwave or other networks and LATA hops; audit telecommunications services and usage; recommend and develop strategies for the discontinuance of obsolete or excessive utilization; participate in the renegotiation of telecommunications contracts; and encourage the use of technology and take other actions necessary to provide the greatest value to the state.
(a) To ensure the security of state government information and the data communications infrastructure from unauthorized uses, intrusions or other security threats, the Chief Technology Officer is authorized to develop policies, procedures, standards and legislative rules. At a minimum, these policies, procedures and standards shall identify and require the adoption of practices to safeguard information systems, data and communications infrastructures, as well as define the scope and regularity of security audits and which bodies are authorized to conduct security audits. The audits may include reviews of physical security practices.
(b) (1) The Chief Technology Officer shall at least annually perform security audits of all executive branch agencies regarding the protection of government databases and data communications.
(2) Security audits may include, but are not limited to, on- site audits as well as reviews of all written security procedures and documented practices.
(c) The Chief Technology Officer may contract with a private firm or firms that specialize in conducting these audits.
(d) All public bodies subject to the audits required by this section shall fully cooperate with the entity designated to perform the audit.
(e) The Chief Technology Officer may direct specific remediation actions to mitigate findings of insufficient administrative, technical and physical controls necessary to protect state government information or data communication infrastructures.
(f) The Chief Technology Officer shall propose rules for legislative approval in accordance with the provisions of chapter twenty-nine-a of this code to minimize vulnerability to threats and to regularly assess security risks, determine appropriate security measures and perform security audits of government information systems and data communications infrastructures.
(g) To ensure compliance with confidentiality restrictions and other security guidelines applicable to state law-enforcement agencies, emergency response personnel and emergency management operations, the provisions of this section do not apply to the West Virginia State Police, the Division of Protective Services, the West Virginia Intelligence Fusion Center or the Division of Homeland Security and Emergency Management.
(h) The provisions of this section do not infringe upon the responsibilities assigned to the state Comptroller, the Treasurer, the Auditor or the Legislative Auditor, or other statutory requirements.
(i) In consultation with the Adjutant General, Chairman of the Public Service Commission, the Superintendent of the State Police and the Director of the Division of Homeland Security and Emergency Management, the Chief Technology Officer is responsible for the development and maintenance of an information systems disaster recovery system for the State of West Virginia with redundant sites in two or more locations isolated from reasonably perceived threats to the primary operation of state government. The Chief Technology Officer shall develop specifications, funding mechanisms and participation requirements for all executive branch agencies to protect the state's essential data, information systems and critical government services in times of emergency, inoperativeness or disaster. Each executive branch agency shall assist the Chief Technology Officer in planning for its specific needs and provide to the Chief Technology Officer any information or access to information systems or equipment that may be required in carrying out this purpose. No statewide or executive branch agency procurement of disaster recovery services may be initiated, let or extended without the expressed consent of the Chief Technology Officer.
(1) Develop an approval process for proposed major information technology projects by state agencies to ensure that all projects conform to the statewide strategic plan and the information management plans of agencies;
(2) Establish a methodology for conceiving, planning, scheduling and providing appropriate oversight for information technology projects, including oversight for the projects and a process for approving the planning, development and procurement of information technology projects;
(3) Establish minimum qualifications and training standards for project managers;
(4) Direct the development of any statewide and multiagency enterprise project; and
(5) Develop and update a project management methodology to be used by agencies in the development of information technology.
(b) The Chief Technology Officer shall create a Project Management Office within the Office of Technology.
(c) The Director of the Project Management Office shall:
(1) Implement the approval process for information technology projects;
(2) Assist the Chief Technology Officer in the development and implementation of a project management methodology to be used in the development and implementation of information technology projects in accordance with this article;
(3) Provide ongoing assistance and support to state agencies and public institutions of higher education in the development of information technology projects;
(4) Establish a program providing training to agency project managers;
(5) Review information management and information technology plans submitted by agencies and recommend to the Chief Technology Officer the approval of the plans and any amendments thereto;
(6) Monitor the implementation of information management and information technology plans and periodically report its findings to the Chief Technology Officer;
(7) Assign project managers to review and recommend information technology project proposals.
(8) The director shall create criteria upon which information technology project proposal plans may be based including:
(A) The degree to which the project is consistent with the state's overall strategic plan;
(B) The technical feasibility of the project;
(C) The benefits of the project to the state, including customer service improvements;
(D) The risks associated with the project;
(E) Any continued funding requirements; and
(F) The past performance on other projects by the agency.
(9) Provide oversight for state agency information technology projects.
(b) The proposal will further include:
(1) A detailed business case plan, including a cost-benefit analysis;
(2) A business process analysis, if applicable;
(3) System requirements, if known;
(4) A proposed development plan and project management structure;
(5) Business goals and measurement criteria, as appropriate; and
(6) A proposed resource or funding plan.
(c) The project manager assigned to review the project development proposal shall recommend its approval or rejection to the Chief Technology Officer. If the Chief Technology Officer approves the proposal, then he or she shall notify the agency of its approval.
(d) Whenever an agency has received approval from the Chief Technology Officer to proceed with the development and acquisition of a major information technology project, the Chief Technology Officer shall establish a steering committee.
(e) The steering committee shall provide ongoing oversight for the major information technology project and have the authority to approve or reject any changes to the project's scope, schedule or budget.
(f) The Chief Technology Officer shall ensure that the major information technology project has in place adequate project management and oversight structures for addressing the project's scope, schedule or budget and shall address issues that cannot be resolved by the steering committee.
(b) If the Chief Technology Officer evaluates the suitability of the information technology and telecommunication equipment and related services under the provisions of subdivision (3), subsection (a), section four of this article and determines that the goods or services to be purchased are not suitable, he or she shall, within ten days of receiving the notice from the state spending unit, notify the state spending unit, in writing, of any recommendations he or she has regarding the proposed purchase of the goods or services. If the state spending unit receives a written notice from the Chief Technology Officer within the time period required by this section, the state spending unit shall not put the goods or services out for bid less than fifteen days following receipt of the notice from the Chief Technology Officer.
(b) Notwithstanding any other provision of this article to the contrary, except for participation in the compilation and maintenance of an inventory of information technology and technical infrastructure of the state authorized by section four of this article, the provisions of this article do not apply to the West Virginia Board of Education, the West Virginia Department of Education or the county boards of education. However, the West Virginia Board of Education, the West Virginia Department of Education and the county boards of education will attempt to cooperate and collaborate with the Chief Technology Officer to the extent feasible.
(c) The Governor may by executive order exempt from the provisions of this article any entity created and organized to facilitate the public and private use of health care information and the use of electronic medical records throughout the state.