78R6571 MXM-D
By: Ellis S.B. No. 1355
A BILL TO BE ENTITLED
AN ACT
relating to the Department of Information Resources' management of
information technology at state agencies.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Subchapter C, Chapter 2054, Government Code, is
amended by adding Section 2054.065, Government Code, to read as
follows:
Sec. 2054.065. STANDARD INFORMATION TECHNOLOGY
ARCHITECTURE. (a) The department shall develop, implement, and
enforce a standard information technology architecture for all
state agencies.
(b) The department shall establish a phased implementation
plan for state agency compliance with this section. The
implementation plan must identify specific compliance standards
for computer hardware and software, telecommunications, and
related system components.
(c) The department shall establish a waiver process for
state agencies that provide a compelling business case for pursuing
alternative information technology.
(d) The comptroller, at the request of the department, shall
deny a state agency access to information technology appropriations
if the state agency does not comply with the standard information
technology architecture implemented under this section.
SECTION 2. Section 2054.153, Government Code, is amended to
read as follows:
Sec. 2054.153. DEPARTMENT GUIDELINES. (a) The department
by rule shall establish model guidelines for state agencies to use
in implementing Capability Maturity Model-Integrated or a
comparable program for developing and maintaining information
technology systems, as determined by the department, when
developing their own internal quality assurance standards and
guidelines [procedures].
(b) The department's guidelines must address:
(1) planning project development;
(2) determining the projected benefits of a project;
(3) developing and implementing management control
processes;
(4) projecting the budget for a project;
(5) analyzing the risks of a project;
(6) establishing standards by which the effectiveness
and efficiency of a project can be evaluated; [and]
(7) evaluating and reporting on the project after
implementation; and
(8) compliance requirements for internal quality
assurance when using Capability Maturity Model-Integrated or a
comparable program for developing and maintaining information
technology systems, as determined by the department.
SECTION 3. Section 2054.154, Government Code, is amended to
read as follows:
Sec. 2054.154. DEPARTMENT ASSISTANCE; TRAINING. (a) The
department shall establish a comprehensive technical assistance
program to aid state agencies in [developing and] implementing
Capability Maturity Model-Integrated or a comparable program for
developing and maintaining information technology systems, as
determined by the department, when developing their own internal
quality assurance standards and guidelines [procedures].
(b) The department shall develop, implement, and enforce a
plan for training state agencies to use Capability Maturity
Model-Integrated quality assurance standards and guidelines or a
comparable program for developing and maintaining information
technology systems, as determined by the department.
SECTION 4. Section 2054.155, Government Code, is amended to
read as follows:
Sec. 2054.155. EXEMPTION FOR CERTAIN PROJECTS. (a) The
department by rule may exempt state agency projects from the
requirement to implement internal quality assurance procedures for
projects that fall below:
(1) a cost of $1 million; [minimum cost] and
(2) risk thresholds established by the department
[from the requirement to implement internal quality assurance
procedures].
(b) The department by rule may exempt state agency projects
that procure only hardware, regardless of cost, from the
requirement to implement Capability Maturity Model-Integrated or a
comparable program for developing and maintaining information
technology systems, as determined by the department, when
developing their own internal quality assurance standards and
guidelines.
SECTION 5. Section 2054.156, Government Code, is amended by
amending Subsection (a) and adding Subsection (d) to read as
follows:
(a) Each state agency shall develop its own internal quality
assurance procedures using the standards and guidelines of
Capability Maturity Model-Integrated or the standards and [based on
the department's model] guidelines of a comparable program for
developing and maintaining information technology systems, as
determined by the department. Each state agency shall use its
internal quality assurance procedures to evaluate each of its
projects that is not exempt under Section 2054.155.
(d) Each state agency shall comply with the standards and
guidelines of Capability Maturity Model-Integrated or the
standards and guidelines of a comparable program for developing and
maintaining information technology systems, as determined by the
department, for projects valued at $1 million or more and that are
not exempt under Section 2054.155.
SECTION 6. Section 2054.157(b), Government Code, is amended
to read as follows:
(b) The department shall report on state agencies' progress
in using Capability Maturity Model-Integrated or a comparable
program for developing and maintaining information technology
systems, as determined by the department, when developing and
implementing internal quality assurance standards and guidelines
[procedures] as part of the department's biennial performance
report.
SECTION 7. Chapter 2054, Government Code, is amended by
adding Subchapters L, M, N, and O to read as follows:
SUBCHAPTER L. ELECTRONIC MAIL
Sec. 2054.401. DEFINITION. In this subchapter, "e-mail"
means electronic mail.
Sec. 2054.402. STATEWIDE CONSOLIDATION PLAN. (a) The
department shall develop, modify, and implement a statewide e-mail
consolidation plan to merge the state's agency-specific e-mail
services into a unified and centrally managed and supported e-mail
system.
(b) The plan must address:
(1) compliance with current e-mail guidelines adopted
by the Texas State Library and Archives Commission for
establishment of a common reference for all agencies;
(2) compliance with the records management and records
retention requirements adopted by the Texas State Library and
Archives Commission;
(3) creation of an automated e-mail classification
system using metadata created by e-mail messaging systems;
(4) adoption of the open archival information system
framework as guidance for the development of a long-term repository
for e-mail and other digital records;
(5) development of a prototype repository with
features that can be phased in over time;
(6) use of a state data center for e-mail hosting and
archive operations;
(7) administration of e-mail services and archive
operations; and
(8) management and oversight of e-mail services and
archive operations, including responding to requests made under
Chapter 552 and other requests for retrieval of archived e-mail.
Sec. 2054.403. USE BY STATE AGENCIES; FUNDING. (a) Each
state agency shall use the e-mail services provided through the
department based on a cost-recovery model developed by the
department.
(b) A state agency may not spend appropriated money for
e-mail services that are not provided by the department.
Sec. 2054.404. STATE DATA CENTER. The department shall use
a state data center for the hosting of e-mail services.
Sec. 2054.405. COST-BENEFIT ANALYSIS. The department shall
develop or modify a cost-benefit analysis to determine what type of
e-mail hosting system provides the least expensive method of
consolidation, including an analysis of whether a system run by a
private vendor or the state provides the least expensive system.
The analysis may also consider a combination of state and private
vendor participation.
[Sections 2054.406-2054.450 reserved for expansion]
SUBCHAPTER M. PEOPLE SOFTWARE
Sec. 2054.451. APPLICABILITY. This subchapter applies to
PeopleSoft or a comparable product approved by the department.
Sec. 2054.452. STATEWIDE CONSOLIDATION PLAN. (a) The
department shall develop, modify, and implement a consolidation
plan to provide for centralized management of PeopleSoft deployment
and operations at each state agency.
(b) The plan must address:
(1) use of a state data center for PeopleSoft hosting;
(2) use of an Internet-based application service
provider;
(3) a schedule for deployment of PeopleSoft to state
agencies;
(4) a schedule for PeopleSoft upgrades for existing
state agencies; and
(5) an approval process by which the department may
authorize state agencies to spend money related to PeopleSoft
deployment, operations, and maintenance.
Sec. 2054.453. COMPLIANCE BY STATE AGENCIES; FUNDING. (a)
Each state agency shall comply with the consolidation plan
developed under Section 2054.452.
(b) A state agency must obtain department approval before
the agency may spend appropriated money to:
(1) install or operate PeopleSoft; or
(2) contract for any goods or services related to
PeopleSoft.
(c) The comptroller, at the request of the department, shall
deny a state agency access to PeopleSoft and related information
technology appropriations if the state agency does not comply with
the consolidation plan.
Sec. 2054.454. STATE DATA CENTER. The department shall use
a state data center for the hosting of PeopleSoft applications.
[Sections 2054.455-2054.500 reserved for expansion]
SUBCHAPTER N. SMALL STATE AGENCIES
Sec. 2054.501. DEFINITION. In this subchapter, "small
state agency" means a state agency with not more than 100 full-time
equivalent employees.
Sec. 2054.502. SMALL STATE AGENCIES CONSOLIDATION PLAN.
(a) The department shall develop, modify, and implement a plan to
consolidate information technology at small state agencies.
(b) The plan must include:
(1) a description of the technology services that the
department will provide under the consolidation plan;
(2) a schedule for the implementation of the
consolidation plan; and
(3) a schedule for routine technology upgrades and
maintenance regarding projects.
Sec. 2054.503. COMPLIANCE BY SMALL STATE AGENCIES; FUNDING.
(a) Each small state agency shall comply with the consolidation
plan developed under Section 2054.502.
(b) The comptroller, at the request of the department, shall
deny a small state agency access to information technology
appropriations if the agency does not comply with the consolidation
plan.
Sec. 2054.504. CONTRACTS FOR TECHNOLOGY SERVICES BY SMALL
STATE AGENCIES; FUNDING. (a) Each small state agency shall
contract with the department for the agency's technology services
based on a cost-recovery model developed by the department.
(b) A small state agency may not spend appropriated money
for technology services from other providers of services if the
services are otherwise provided by the department.
Sec. 2054.505. SMALL AGENCY INFORMATION RESOURCE MANAGER:
RULES. (a) The department shall designate a department employee to
serve as information resources manager for small state agencies.
(b) The department by rule may exempt small state agencies
from compliance with Section 2054.075.
[Sections 2054.506-2054.550 reserved for expansion]
SUBCHAPTER O. STATE DATA CENTER
Sec. 2054.551. DEFINITION. In this subchapter, "data
center" means the state data center operated under this subchapter.
Sec. 2054.552. OPERATION OF STATE DATA CENTER. On the
campus of Angelo State University, the department shall operate or
through cooperative agreement manage operations of the data center,
including disaster recovery and operations.
Sec. 2054.553. CONSOLIDATION PLAN. The department shall
develop, modify, and implement a plan to consolidate the state's
agency-specific data centers and ancillary services into a unified
and centrally managed and supported data center.
Sec. 2054.554. USE BY STATE AGENCIES; FUNDING. (a) Each
state agency shall use the data center for:
(1) testing disaster recovery plans;
(2) disaster recovery services; and
(3) data center operations.
(b) Unless a state agency receives a waiver under Subsection
(c), the agency may not spend appropriated money:
(1) to purchase from providers other than the
department goods or services that could be performed by the
department at the data center, including the testing of disaster
recovery plans or for other disaster recovery services; or
(2) to enter into or renew a contract or issue a
purchase order for disaster recovery plan testing services or
disaster recovery services or data center operations from other
state agencies or other providers of these services, except for the
department.
(c) The department shall establish a waiver process for
state agencies based on service standards that provide the best
value to the state.
Sec. 2054.555. COST-BENEFIT ANALYSIS. The department shall
develop or modify a cost-benefit analysis to determine what type of
data center provides the least expensive method of consolidation,
including an analysis of whether a system run by a private vendor or
the state provides the least expensive system. The analysis may
also consider a combination of state and private vendor
participation.
Sec. 2054.556. ANNUAL REPORT REQUIRED. The department
shall report annually to the legislature on the progress of the
consolidation plan. The report must include:
(1) the number and names of state agencies applying
for waivers;
(2) the number and names of state agencies granted
waivers;
(3) the number and names of state agencies using the
data center;
(4) the number of full-time equivalent employees that
should be reduced from each agency's employee cap in the next
biennium based on the state agency's use of the data center; and
(5) the effect of any other statewide consolidation
efforts on the operations of the data center.
SECTION 8. The heading to Subchapter D, Chapter 2157,
Government Code, is amended to read as follows:
SUBCHAPTER D. [PREAPPROVED] CONTRACT TERMS AND CONDITIONS
SECTION 9. Subchapter D, Chapter 2157, Government Code, is
amended by adding Section 2157.185 to read as follows:
Sec. 2157.185. CERTAIN TECHNOLOGY CONTRACTS. (a) In this
section, "department" means the Department of Information
Resources.
(b) The department shall develop rules and guidelines to
administer automated information systems contracts in this state,
including:
(1) standard contract terms and conditions for use by
all state agencies subject to the rules and guidelines developed by
the department; and
(2) standard scopes of work, where possible.
(c) Each automated information systems contract with a
value of $50,000 or more must be approved by the department.
(d) The department shall consider approval of contracts
under this section based on:
(1) best value to the state;
(2) compliance with state consolidation efforts; and
(3) compliance with department rules and guidelines
regarding automated information systems contracts.
(e) The department shall provide to agencies contract
management services on a cost-recovery basis, including:
(1) full contract management services if the
department provides contract management throughout the contract's
term; and
(2) requirements and scope of work definition
development if:
(A) the department provides contract development
services only; and
(B) contract management remains with the state
agency.
SECTION 10. Effective September 1, 2004, Section 2055.059,
Government Code, is repealed.
SECTION 11. (a) Not later than February 1, 2004, the
Department of Information Resources shall develop the plan and
other information necessary to consolidate e-mail services as
required by Subchapter L, Chapter 2054, Government Code, as added
by this Act.
(b) Not later than September 1, 2004, the Department of
Information Resources shall implement the plan necessary to
consolidate e-mail services as required by Subchapter L, Chapter
2054, Government Code, as added by this Act. A state agency is not
required to comply with Section 2054.403, Government Code, as added
by this Act, until the plan is implemented.
SECTION 12. (a) Not later than February 1, 2004, the
Department of Information Resources shall develop the plan required
by Section 2054.452, Government Code, as added by this Act.
(b) Not later than September 1, 2004, the Department of
Information Resources shall implement the plan as required by
Section 2054.452, Government Code, as added by this Act. A state
agency is not required to comply with Section 2054.453, Government
Code, as added by this Act, until the plan is implemented.
SECTION 13. (a) Not later than February 1, 2004, the
Department of Information Resources shall develop:
(1) the plan required by Section 2054.502, Government
Code, as added by this Act; and
(2) the model required by Section 2054.504, Government
Code, as added by this Act.
(b) Not later than September 1, 2004, the Department of
Information Resources shall implement the plan as required by
Section 2054.502, Government Code, as added by this Act, and
develop the model as required by Section 2054.504, Government Code,
as added by this Act. A state agency is not required to comply with:
(1) Section 2054.503, Government Code, as added by
this Act, until the plan is implemented; or
(2) Section 2054.504, Government Code, as added by
this Act, until the model is developed.
SECTION 14. (a) Not later than February 1, 2004, the
Department of Information Resources shall develop the plan and
other information necessary to establish the state data center as
required by Section 2054.553, Government Code, as added by this
Act.
(b) Not later than September 1, 2004, the Department of
Information Resources shall implement the plan and establish the
data center as required by Subchapter O, Chapter 2054, Government
Code, as added by this Act. A state agency is not required to comply
with Section 2054.554, Government Code, as added by this Act, until
the plan is implemented and the state data center is established.
SECTION 15. Section 2157.185, Government Code, as added by
this Act, applies only to a contract entered into on or after the
effective date of this Act. A contract entered into before the
effective date of this Act is covered by the law in effect when the
contract was entered into, and the former law is continued in effect
for that purpose.
SECTION 16. This Act takes effect September 1, 2003.