Iowa Code (Last Updated: December 05, 2016) |
Title I. STATE SOVEREIGNTY AND MANAGEMENT |
Chapter 8B. INFORMATION TECHNOLOGY |
Section 8B.21. Information technology services — office powers and duties — responsibilities.
-
1. Powers and duties of office. The powers and duties of the office as it relates to information technology services shall include but are not limited to all of the following:
a. Approving information technology for use by agencies and other governmental entities.
b. Implementing the strategic information technology plan.
c. Developing and implementing a business continuity plan, as the chief information officer determines is appropriate, to be used if a disruption occurs in the provision of information technology to participating agencies and other governmental entities.
d. Prescribing standards and adopting rules relating to cyber security, geospatial systems, application development, and information technology and procurement, including but not limited to system design and systems integration, and interoperability, which shall apply to all participating agencies except as otherwise provided in this chapter. The office shall implement information technology standards as established pursuant to this chapter which are applicable to information technology procurements for participating agencies.
e. Establishing an enterprise strategic and project management function for oversight of all information technology-related projects and resources of participating agencies.
f. (1) Developing and maintaining security policies and systems to ensure the integrity of the state’s information resources and to prevent the disclosure of confidential records. The office shall ensure that the security policies and systems be consistent with the state’s data transparency efforts by developing and implementing policies and systems for the sharing of data and information by participating agencies.
(2) Establishing statewide standards, to include periodic review and compliance measures, for information technology security to maximize the functionality, security, and interoperability of the state’s distributed information technology assets, including but not limited to communications and encryption technologies.
(3) Requiring all information technology security services, solutions, hardware, and software purchased or used by a participating agency to be subject to approval by the office in accordance with security standards.
g. Developing and implementing effective and efficient strategies for the use and provision of information technology and information technology staff for participating agencies and other governmental entities.
h. Coordinating and managing the acquisition of information technology services by participating agencies in furtherance of the purposes of this chapter. The office shall institute procedures to ensure effective and efficient compliance with the applicable standards established pursuant to this chapter.
i. Entering into contracts, leases, licensing agreements, royalty agreements, marketing agreements, memorandums of understanding, or other agreements as necessary and appropriate to administer this chapter.
j. Determining and implementing statewide efforts to standardize data elements, determine data ownership assignments, and implement the sharing of data.
k. Requiring that a participating agency provide such information as is necessary to establish and maintain an inventory of information technology used by participating agencies, and such participating agency shall provide such information to the office in a timely manner. The form and content of the information to be provided shall be determined by the office.
l. Requiring participating agencies to provide the full details of the agency’s information technology and operational requirements upon request, report information technology security incidents to the office in a timely manner, provide comprehensive information concerning the information technology security employed by the agency to protect the agency’s information technology, and forecast the parameters of the agency’s projected future information technology security needs and capabilities.
m. Charging reasonable fees, costs, expenses, charges, or other amounts to an agency, governmental entity, public official, or person or entity related to the provision, sale, use, or utilization of, or cost sharing with respect to, information technology and any intellectual property interests related thereto; research and development; proprietary hardware, software, and applications; and information technology architecture and design. The office may enter into nondisclosure agreements and take any other legal action reasonably necessary to secure a right to an interest in information technology development by or on behalf of the state of Iowa and to protect the state of Iowa’s proprietary information technology and intellectual property interests. The provisions of chapter 23A relating to noncompetition by state agencies and political subdivisions with private enterprise shall not apply to office activities authorized under this paragraph.
n. Charging reasonable fees, costs, expenses, charges, or other amounts to an agency, governmental entity, public official, or other person or entity to or for whom information technology or other services have been provided by or on behalf of, or otherwise made available through, the office.
o. Providing, selling, leasing, licensing, transferring, or otherwise conveying or disposing of information technology, or any intellectual property or other rights with respect thereto, to agencies, governmental entities, public officials, or other persons or entities.
p. Entering into partnerships, contracts, leases, or other agreements with public and private entities for the evaluation and development of information technology pilot projects.
q. Initiating and supporting the development of electronic commerce, electronic government, and internet applications across participating agencies and in cooperation with other governmental entities. The office shall foster joint development of electronic commerce and electronic government involving the public and private sectors, develop customer surveys and citizen outreach and education programs and material, and provide for citizen input regarding the state’s electronic commerce and electronic government applications.
2. Responsibilities. The responsibilities of the office as it relates to information technology services include the following:
a. Coordinate the activities of the office in promoting, integrating, and supporting information technology in all business aspects of state government.
b. Provide for server systems, including mainframe and other server operations, desktop support, and applications integration.
c. Provide applications development, support, and training, and advice and assistance in developing and supporting business applications throughout state government.
3. Information technology charges. The office shall render a statement to an agency, governmental entity, public official, or other person or entity to or for whom information technology, value-added services, or other items or services have been provided by or on behalf of, or otherwise made available through, the office. Such an agency, governmental entity, public official, or other person or entity shall pay an amount indicated on such statement in a manner determined by the office.
4. Dispute resolution. If a dispute arises between the office and an agency for which the office provides or refuses to provide information technology, the dispute shall be resolved as provided in section 679A.19.
a. The office shall adopt rules allowing for participating agencies to seek a temporary or permanent waiver from any of the requirements of this chapter concerning the acquisition, utilization, or provision of information technology. The rules shall provide that a waiver may be granted upon a written request by a participating agency and approval of the chief information officer. A waiver shall only be approved if the participating agency shows that a waiver would be in the best interests of the state.
b. Prior to approving or denying a request for a waiver, the chief information officer shall consider all of the following:
(1) Whether the failure to grant a waiver would violate any state or federal law or any published policy, standard, or requirement established by a governing body other than the office.
(2) Whether the failure to grant a waiver would result in the duplication of existing services, resources, or support.
(3) Whether the waiver would obstruct the state’s information technology strategic plan, enterprise architecture, security plans, or any other information technology policy, standard, or requirement.
(4) Whether the waiver would result in excessive expenditures or expenditures above market rates.
(5) The life cycle of the system or application for which the waiver is requested.
(6) Whether the participating agency can show that it can obtain or provide the information technology more economically than the information technology can be provided by the office. For purposes of determining if the participating agency can obtain or provide the information technology more economically, the chief information officer shall consider the impact on other participating agencies if the waiver is granted or denied.
(7) Whether the failure to grant a waiver would jeopardize federal funding.
c. Rules adopted pursuant to this subsection relating to a request for a waiver, at a minimum, shall provide for all of the following:
(1) The request shall be in writing and signed by the head of the participating agency seeking the waiver.
(2) The request shall include a reference to the specific policy, standard, or requirement for which the waiver is submitted.
(3) The request shall include a statement of facts including a description of the problem or issue prompting the request; the participating agency’s preferred solution; an alternative approach to be implemented by the participating agency intended to satisfy the waived policy, standard, or requirement; the business case for the alternative approach; a third party audit or report that compares the participating agency’s preferred solution to the information technology solution that can be provided by the office; the economic justification for the waiver or a statement as to why the waiver is in the best interests of the state; the time period for which the waiver is requested; and any other information deemed appropriate.
d. A participating agency may appeal the decision of the chief information officer to the director of the department of management within seven calendar days following the decision of the chief information officer. The director of the department of management shall respond within fourteen days following the receipt of the appeal.
e. The department of public defense shall not be required to obtain any information technology services pursuant to this chapter for the department of public defense that are provided by the office pursuant to this chapter without the consent of the adjutant general.
6. Annual report. On an annual basis, prepare a report to the governor, the department of management, and the general assembly regarding the total spending on technology for the previous fiscal year, the total amount appropriated for the current fiscal year, and an estimate of the amount to be requested for the succeeding fiscal year for all agencies. The report shall include a five-year projection of technology cost savings, an accounting of the level of technology cost savings for the current fiscal year, and a comparison of the level of technology cost savings for the current fiscal year with that of the previous fiscal year. The report shall be filed as soon as possible after the close of a fiscal year, and by no later than the second Monday of January of each year.