CSSB 201(STA): "An Act establishing the office of information technology; relating to information technology projects undertaken by state agencies; and providing for an effective date."
00 CS FOR SENATE BILL NO. 201(STA) 01 "An Act establishing the office of information technology; relating to information 02 technology projects undertaken by state agencies; and providing for an effective date." 03 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF ALASKA: 04 * Section 1. AS 44.21 is amended by adding new sections to read: 05 Article 7. Office of Information Technology. 06 Sec. 44.21.600. Office of information technology and chief information 07 officer. The office of information technology is created in the Department of 08 Administration. The director of the office is the chief information officer of the state. 09 Sec. 44.21.610. Duties of office and director. (a) The office shall 10 (1) oversee all information technology services and resources in the 11 executive branch of state government; 12 (2) ensure that information technology services are acquired, and 13 information resources are managed, in a manner that effectively implements standard 14 policies, procedures, security controls, and the business priorities established by
01 executive branch agencies; 02 (3) promote the effective and efficient design and operation of all 03 major information resources and management processes for the state; 04 (4) oversee the development, implementation, and enforcement of 05 information technology security policies, standards, and practices in all executive 06 branch agencies, contractors of executive branch agencies, and third-party, 07 information-sharing partners of executive branch agencies; 08 (5) employ a chief information security officer to assist the chief 09 information officer; the chief information security officer is chosen by the chief 10 information officer and serves at the pleasure of the chief information officer; 11 (6) develop strategies and specific plans for hiring, training, and 12 professional development to rectify deficiencies in information technology security 13 policies, standards, and practices; 14 (7) identify and inventory all computer equipment owned by the state 15 and determine, in consultation with department heads, the equipment that should be 16 disposed of as surplus property under AS 44.68.110; 17 (8) adopt, fully document, and implement a standardized process for 18 managing information technology projects; 19 (9) manage information technology projects using a standardized, fully 20 documented process established and overseen by the director as described in 21 AS 44.21.630; 22 (10) ensure that major information technology projects are completed 23 on time and within budget and meet all defined business requirements upon 24 completion; 25 (11) ensure that minor information technology projects follow 26 processes established by the office; 27 (12) establish procedures to limit the need for change requests. 28 (b) The director shall review, approve or reject, and monitor all information 29 technology projects undertaken by a state agency. The director may approve an 30 information technology project 31 (1) that conforms to project management procedures and policies;
01 (2) that does not duplicate a capability already existing in the state; 02 (3) that conforms to procurement rules and policies; and 03 (4) for which sufficient funds are available. 04 (c) The director shall ensure that state agency information technology project 05 requirements are documented in biennial information technology plans. If a state 06 agency updates a biennial information technology plan to add a new project, the 07 director shall immediately report to the office of management and budget the reasons 08 for the new requirement and the costs and funding sources associated with the new 09 requirement. 10 (d) The director may adopt regulations that the director considers necessary to 11 implement AS 44.21.600 - 44.21.660. 12 Sec. 44.21.620. Approval, suspension, and cancellation of projects. (a) A 13 state agency may not begin an information technology project unless the director 14 approves the project. If the director rejects a proposed information technology project, 15 the director shall indicate the specific reasons the project was rejected in writing. The 16 director shall, within five business days after rejecting a project, deliver the written 17 rejection to the state agency and provide a copy of the rejection to the office of 18 management and budget. 19 (b) The director may suspend or cancel an information technology project that 20 does not continue to meet applicable quality assurance standards. The director shall 21 immediately suspend or cancel an information technology project that is initiated 22 without the director's approval. A project suspended or canceled because the project 23 lacks the director's approval may not proceed until the state agency completes all 24 required project management documentation and the director approves the project. If 25 the director suspends or cancels a project, the director shall, within five business days 26 after ordering the suspension or cancellation, provide in writing to the state agency 27 and the office of management and budget the specific grounds for the suspension or 28 cancellation of the project. 29 (c) A state agency may request that the governor review the director's decision 30 to reject, suspend, or cancel an information technology project, or the director's 31 decision not to enter into an agreement under AS 44.21.650, by submitting a written
01 request for review to the governor within 15 business days after receiving written 02 notice of the director's decision. The agency's request for review must specify the 03 grounds for the disagreement with the director's determination and include a copy of 04 the director's written notice. The governor may request additional information from 05 the agency or the director. Within 30 days after receiving the agency's request for 06 review, the governor shall provide written notice to the agency and the director of the 07 governor's decision and the specific grounds for the decision. The governor may 08 (1) affirm the director's decision; 09 (2) reverse or modify the director's decision if the governor finds that 10 the decision is not supported by substantial evidence; or 11 (3) remand the decision to the director for additional findings. 12 (d) A contract between a state agency and a private entity for an information 13 technology project must include provisions for vendor performance review and 14 accountability, contract suspension or termination, and termination of funding. The 15 director may require that a contract with a private entity include a performance bond, 16 monetary penalties, or other performance assurance measures for a project that is not 17 completed within the specified time or that exceeds the contracted price. The director 18 may use cost savings realized on government vendor partnerships as performance 19 incentives for an information technology vendor. 20 Sec. 44.21.630. Project management. (a) The director shall establish 21 standardized documentation requirements for information technology projects, 22 including requests for proposals and contracts. The director shall establish standards 23 for project managers and project management assistants. The director shall develop 24 performance measures for project reporting and make project reports available to the 25 public on the office's Internet website. 26 (b) The director shall establish a clearly defined, standardized process for 27 project management that includes timelines for completion of process requirements for 28 both the office and state agencies. The director shall also establish reporting 29 requirements for information technology projects during the planning, development, 30 and implementation phases of the project and following completion of the project. The 31 director shall continue to monitor system performance and financial aspects of each
01 project after implementation. 02 (c) For a major information technology project, the director shall designate a 03 project manager from the office. The project manager shall select qualified personnel 04 from the state agency undertaking the project to participate in information technology 05 project management, implementation, testing, and other activities. The project 06 manager shall provide periodic reports to the director. The reports must include 07 information regarding the state agency's business requirements, applicable laws and 08 regulations, project costs, issues related to hardware and software, training, projected 09 and actual completion dates, and other information relevant to the implementation of 10 the information technology project. 11 (d) The director may require a state agency developing or undertaking a major 12 information technology project to engage the services of private counsel or a subject 13 matter expert with the appropriate information technology expertise. The private 14 counsel or subject matter expert may review requests for proposals, review and 15 provide advice and assistance during the evaluation of proposals and selection of 16 vendors, and review and negotiate contracts associated with the project. This 17 subsection applies to minor information technology projects that are related and 18 separated into individual projects if the total cost of ownership of the individual 19 projects exceeds $5,000,000. 20 (e) For a minor information technology project, the state agency undertaking 21 the project shall provide one or more project managers. A state agency project 22 manager is subject to review and approval by the director. A state agency project 23 manager shall ensure that applicable quality assurance standards are met, as 24 determined by the director. A state agency project manager shall provide periodic 25 reports to a project management assistant assigned to the project under (f) of this 26 section. The reports must include information regarding project costs, issues related to 27 hardware and software, training, projected and actual completion dates, and other 28 information relevant to the implementation of the information technology project. 29 (f) For a minor information technology project, the director shall designate a 30 project management assistant from the office. The director may designate a project 31 management assistant from the office to a major information technology project. A
01 project management assistant designated under this subsection shall advise the state 02 agency undertaking an information technology project on the initial planning of a 03 project, the content and design of requests for proposals, contracts, procurement, and 04 architectural and other technical reviews. The project management assistant shall also 05 monitor progress in the development and implementation of the project and provide 06 status reports to the state agency and the director, including recommendations 07 regarding continued approval of the project. 08 Sec. 44.21.640. Standards for purchases. The director shall establish 09 standards for the purchase of state agency hardware and software that are consistent 10 with AS 36.30 (State Procurement Code) and reflect identified and documented state 11 agency needs. 12 Sec. 44.21.650. Exemptions. (a) The director may enter into a written 13 agreement with a state agency that exempts the state agency from the requirements of 14 AS 44.21.600 - 44.21.660 and authorizes the state agency to approve and monitor all 15 information technology projects undertaken by the state agency. The written 16 agreement must 17 (1) require the state agency to comply with 18 (A) standardized processes adopted under AS 44.21.610(a); 19 (B) standardized processes adopted under AS 44.21.610(a) 20 with a list of variations; or 21 (C) standardized processes adopted by the state agency; 22 (2) require the state agency to comply with 23 (A) standardized processes established under AS 44.21.630; 24 (B) standardized processes established under AS 44.21.630 25 with a list of variations; or 26 (C) standardized processes adopted by the state agency that 27 include documentation requirements, project management processes, and 28 qualifications for project managers; 29 (3) include a plan for the state agency to fulfill obligations with 30 contractors; 31 (4) allow the state agency to designate an employee of the state agency
01 or a contractor as a project manager; and 02 (5) require the state agency to submit periodic reports to the director, 03 including updates to the state agency's biennial information technology plan as 04 provided in AS 44.21.610(c). 05 (b) The director may enter into a written agreement with a state agency that 06 exempts an information technology project undertaken by the state agency from a 07 requirement of AS 44.21.600 - 44.21.660. The written agreement must detail the 08 requirement that is waived, how the state agency will deviate from the requirement, 09 and the purpose of the deviation. 10 (c) If the director decides not to enter into a written agreement with a state 11 agency under (a) or (b) of this section, the director shall provide in writing to the state 12 agency and the office of management and budget the specific grounds for the decision. 13 The state agency may request that the governor review the director's decision as 14 provided in AS 44.21.620(c). 15 (d) The director shall include a copy of an agreement entered into with a state 16 agency under (a) or (b) of this section in the biennial information technology plan 17 required under AS 44.21.610(c) and shall deliver the agreement to the senate secretary 18 and the chief clerk of the house of representatives and notify the legislature that the 19 agreement is available. 20 Sec. 44.21.660. Definitions. In AS 44.21.600 - 44.21.660, 21 (1) "change request" means a formal proposal requesting deviations in 22 the project processes, cost, scope, or timeline; 23 (2) "director" means the director of the office of information 24 technology; 25 (3) "information technology project" means an effort of defined and 26 limited duration that implements, effects a change in, or addresses a risk to processes, 27 services, security, systems, records, data, human resources, or architecture related to 28 technology used for the processing and transmission of information; "information 29 technology project" does not include a broadband project managed by the office of 30 broadband under AS 44.33.910; 31 (4) "major information technology project" means an information
01 technology project undertaken by a state agency that has a total lifetime cost of 02 ownership of $5,000,000 or more or an information technology project jointly 03 undertaken by two or more state agencies; 04 (5) "minor information technology project" means an information 05 technology project undertaken by a single state agency that has a total lifetime cost of 06 ownership of less than $5,000,000; 07 (6) "office" means the office of information technology; 08 (7) "state agency" has the meaning given to "state agencies" in 09 AS 44.21.390. 10 * Sec. 2. The uncodified law of the State of Alaska is amended by adding a new section to 11 read: 12 TRANSITION: REGULATIONS. The Department of Administration shall adopt 13 regulations necessary to implement this Act. The regulations take effect under AS 44.62 14 (Administrative Procedure Act), but not before the effective date of the law implemented by 15 the regulation. 16 * Sec. 3. Section 2 of this Act takes effect immediately under AS 01.10.070(c). 17 * Sec. 4. Except as provided in sec. 3 of this Act, this Act takes effect January 1, 2025.