HB 2305, Hse 2nd Rdg, Amnd #1

SECTION ____. (a) Section 552.139, Government Code, is amended by amending Subsection (b) and adding Subsection (b-1) to read as follows:

(b) Except as provided by Subsection (b-1), the [~~The~~] following information is confidential:

(1) a computer network vulnerability report;

(2) any other assessment of the extent to which data processing operations, a computer, a computer program, network, system, or system interface, or software of a governmental body or of a contractor of a governmental body is vulnerable to unauthorized access or harm, including an assessment of the extent to which the governmental body's or contractor's electronically stored information containing sensitive or critical information is vulnerable to alteration, damage, erasure, or inappropriate use; [~~and~~]

(3) a photocopy or other copy of an identification badge issued to an official or employee of a governmental body; and

(4) information directly arising from a governmental body's routine efforts to prevent, detect, or investigate a computer security incident, including information contained in or derived from an information security log.

(b-1) Subsection (b) does not apply to information related to a breach of system security as defined by Section 521.053, Business & Commerce Code.

(b) Subchapter C, Chapter 2054, Government Code, is amended by adding Section 2054.068 to read as follows:

Sec. 2054.068. INFORMATION TECHNOLOGY INFRASTRUCTURE REPORT. (a) In this section, "information technology" includes information resources and information resources technologies.

(b) The department shall collect from each state agency information on the status and condition of the agency's information technology infrastructure, including information regarding:

(1) the agency's information security program;

(2) an inventory of the agency's servers, mainframes, cloud services, and other information technology equipment;

(3) identification of vendors that operate and manage the agency's information technology infrastructure; and

(4) any additional related information requested by the department.

(c) A state agency shall provide the information required by Subsection (b) to the department according to a schedule determined by the department.

(d) Not later than November 15 of each even-numbered year, the department shall submit to the governor, chair of the house appropriations committee, chair of the senate finance committee, speaker of the house of representatives, lieutenant governor, and staff of the Legislative Budget Board a consolidated report of the information submitted by state agencies under Subsection (b).

(e) The consolidated report required by Subsection (d) must:

(1) include an analysis and assessment of each state agency's security and operational risks; and

(2) for a state agency found to be at higher security and operational risks, include a detailed analysis of, and an estimate of the costs to implement, the:

(A) requirements for the agency to address the risks and related vulnerabilities; and

(B) agency's efforts to address the risks through the:

(i) modernization of information technology systems;

(ii) use of cloud services; and

(iii) use of a statewide technology center established by the department.

(f) With the exception of information that is confidential under Chapter 552, including Section 552.139, or other state or federal law, the consolidated report submitted under Subsection (d) is public information and must be released or made available to the public on request. A governmental body as defined by Section 552.003 may withhold information confidential under Chapter 552, including Section 552.139, or other state or federal law that is contained in a consolidated report released under this subsection without the necessity of requesting a decision from the attorney general under Subchapter G, Chapter 552.

(g) This section does not apply to an institution of higher education or university system, as defined by Section 61.003, Education Code.

(a) Not later than March 31 [~~December 1~~] of each even-numbered [~~odd-numbered~~] year, a state agency shall complete a review of the operational aspects of the agency's information resources deployment following instructions developed by the department.

(d) Section 2157.007, Government Code, is amended by amending Subsection (b) and adding Subsection (e) to read as follows:

(b) A state agency shall [~~may~~] consider cloud computing service options, including any security benefits and cost savings associated with purchasing those service options from a cloud computing service provider and from a statewide technology center established by the department, when making purchases for a major information resources project under Section 2054.118.

(e) Not later than November 15 of each even-numbered year, the department, using existing resources, shall submit a report to the governor, lieutenant governor, and speaker of the house of representatives on the use of cloud computing service options by state agencies. The report must include use cases that provided cost savings and other benefits, including security enhancements. A state agency shall cooperate with the department in the creation of the report by providing timely and accurate information and any assistance required by the department.

(e) Section 552.139(b), Government Code, as amended by this section, applies only to a request for public information received on or after the effective date of this Act. A request received before the effective date of this Act is governed by the law in effect when the request was received, and the former law is continued in effect for that purpose.

SECTION ____. (a) Section 2054.1183, Government Code, is amended to read as follows:

Sec. 2054.1183. ANNUAL REPORT ON MAJOR INFORMATION RESOURCES PROJECTS. (a) Not later than December 1 of each year, the quality assurance team shall report on the status of major information resources projects to the:

(2) lieutenant governor;

(3) speaker of the house of representatives;

(4) presiding officer of the committee in the house of representatives with primary responsibility for appropriations; and

(5) presiding officer of the committee in the senate with primary responsibility for appropriations.

(b) The annual report must include:

(1) the current status of each major information resources project; and

(2) information regarding the performance indicators developed under Section 2054.159 for each major information resources project at each stage of the project's life cycle.

(b) Subchapter G, Chapter 2054, Government Code, is amended by adding Section 2054.159 to read as follows:

Sec. 2054.159. MAJOR INFORMATION RESOURCES PROJECT MONITORING. (a) For the entire life cycle of each major information resources project, the quality assurance team shall monitor and report on performance indicators for each project, including schedule, cost, scope, and quality.

(b) The department by rule shall develop the performance indicators the quality assurance team is required to monitor under Subsection (a). In adopting rules under this subsection, the department shall consider applicable information technology industry standards.

(c) If the quality assurance team determines that a major information resources project is not likely to achieve the performance objectives for the project, the quality assurance team shall place the project on a list for more intense monitoring by the quality assurance team.

(d) The quality assurance team shall closely monitor monthly reports for each major information resources project identified under Subsection (c) and, based on criteria developed by the department, determine whether to recommend to the executive director the need to initiate corrective action for the project.

(e) The department shall create and maintain on the department's Internet website a user-friendly data visualization tool that provides an analysis and visual representation of the performance indicators developed under Subsection (b) for each major information resources project.

(c) Not later than December 1, 2017, the Department of Information Resources shall adopt rules to implement Section 2054.159, Government Code, as added by this section.

(d) This section takes effect January 1, 2018.

SECTION ____. Subchapter C, Chapter 2171, Government Code, is amended by adding Section 2171.106 to read as follows:

Sec. 2171.106. MANAGEMENT OF VEHICLE FLEET BY STATE AGENCY. Each state agency shall:

(1) periodically evaluate the effectiveness and efficiency of the agency's vehicle fleet management, including the agency's vehicle acquisition methods and interagency agreements to operate vehicle maintenance and repair facilities that are owned or operated by this state; and

(2) establish and maintain a schedule for replacing the agency's vehicles.

SECTION ____. (a) The Department of Information Resources shall conduct an interim study on state reliance on the use of paper documents, including current requirements that certain state documents be mailed, for the purpose of reducing the state's volume of paper transactions and increasing governmental efficiency.

(b) The study must include:

(1) recommendations on opportunities to increase operational efficiency in state government through a reduction in the use of paper documents; and

(2) strategies to replace the use of paper documents with electronic documents and to automate state transactions to better meet the needs of residents of this state.

(c) The Department of Information Resources shall submit a report on the findings of the study to the governor, lieutenant governor, speaker of the house of representatives, and Legislative Budget Board.

This website will be unavailable from Thursday, May 30, 2024 at 6:00 p.m. through Monday, June 3, 2024 at 7:00 a.m. due to data center maintenance.