The bill creates the Agency for Enterprise Information Technology (AEIT) within the Executive Office of the Governor. The executive director of AEIT is the state chief information officer (SCIO) of the state and the executive sponsor for all IT projects. AEIT will have the following responsibilities and duties:
- Develop and implement strategies for the design, delivery, and management of IT services for executive branch agencies;
- Make recommendations to the SCIO and Legislature concerning other IT services that should be designed, delivered, and managed;
- Develop a work plan describing the activities the AEIT intends to undertake and the proposed outcomes;
- Develop policy recommendations and implementation plans for current and proposed IT services; and
- Assess and recommend minimum operating procedures for ensuring an adequate level of security for all data and IT resources for executive branch agencies.
The bill also:
- Removes the Technology Resource Center (TRC) from the State Technology Office (STO);
- Establishes the TRC in the Department of Management Services (DMS);
- Requires AEIT to designate a chief information security officer;
- Provides for DMS to assume the duties and responsibilities of STO;
- Requires AEIT to publish annually, no later than September 30 each year, standards, templates, guidelines, and procedures to enable agencies to incorporate them in their planning for the following fiscal year;
- Requires AEIT to develop implementation plans for up to three of the proposed enterprise IT services beginning fiscal year 2008-2009; and
- Requires each agency head to develop written internal policies and procedures for notifying AEIT when an information security incident occurs or data is compromised.
Vote: Senate 39-0; House 119-0
