This website will be unavailable from Friday, April 26, 2024 at 6:00 p.m. through Monday, April 29, 2024 at 7:00 a.m. due to data center maintenance.

BILL ANALYSIS

 

 

Senate Research Center

C.S.S.B. 532

85R13840 AAF-F

By: Nelson

 

Finance

 

2/28/2017

 

Committee Report (Substituted)

 

 

 

AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

 

S.B. 532 promotes cybersecurity and cost saving within state agencies by requiring an assessment of information technology risks and encouraging agencies to explore cloud computing innovations. (Original Author's / Sponsor's Statement of Intent)

 

C.S.S.B. 532 amends current law relating to information collected about and purchases of information technology by governmental entities.

 

RULEMAKING AUTHORITY

 

This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

 

SECTION BY SECTION ANALYSIS

 

SECTION 1. Amends Section 552.139(b), Government Code, to provide that information collected, assembled, or maintained by or for a governmental entity to prevent, detect, or investigate a security incident related to computerized data is confidential.

 

SECTION 2. Amends Subchapter C, Chapter 2054, Government Code, by adding Section 2054.068, as follows:

 

Sec. 2054.068. INFORMATION TECHNOLOGY INFRASTRUCTURE REPORT.� (a) Defines "information technology."

 

(b) Requires the Department of Information Resources (DIR) to collect certain information from each state agency on the status and condition of the agency's information technology infrastructure.

 

(c) Requires a state agency to provide the required information to DIR according to a schedule determined by DIR.

 

(d) Requires DIR, not later than November 15 of each even-numbered year, to submit to the governor, chair of the house appropriations committee, chair of the senate finance committee, speaker of the house of representatives, lieutenant governor, and staff of the Legislative Budge Board a consolidated report of the information submitted by state agencies.

 

(e) Requires the required consolidated report to include an analysis and assessment of each state agency's security and operational risks and, for a state agency found to be at higher security and operational risks, to include a detailed analysis of the requirements for the agency to address the risks and related vulnerabilities and the cost estimates to implement those requirements.

 

(f) Provides that the consolidated report, with the exception of information that is confidential under Chapter 552 (Public Information), including Section 552.139 (Exception: Confidentiality of Government Information Related to Security or Infrastructure Issues for Computers), or other state or federal law, is public information and requires that the report be released or made available to the public upon request. Authorizes a state agency to withhold certain confidential information that is contained in a released consolidated report without requesting a decision from the attorney general under Subchapter G (Attorney General Decisions), Chapter 552.

 

(g) Provides that this section does not apply to an institution of higher education or university system, as defined by Section 61.003 (Definitions), Education Code.

 

SECTION 3. Amends Section 2054.0965(a), Government Code, by requiring a state agency, not later than March 31 of each even-numbered year, rather than December 1 of each odd-numbered year, to complete a review of operational aspects of the agency's information resources deployment following instructions developed by DIR.

 

SECTION 4. Amends Section 2157.007, Government Code, by amending Subsection (b) and adding Subsection (e), as follows:

 

(b) Requires a state agency, rather than authorizes a state agency, to consider cloud computing service options, including any cost savings associated with purchasing those service options from a cloud computing service provider and from a statewide technology center established by DIR, when making purchases for a major information resources project under Section 2054.118 (Major Information Resources Project).

 

(e) Requires DIR, using existing resources, not later than November 15 of each even-numbered year, to submit a report to the governor, lieutenant governor, and speaker of the house of representatives on state agencies' use of cloud computing service options. Requires the report to include use cases that provided cost savings and other benefits, including security enhancements. Requires a state agency to cooperate with DIR in the creation of the report by providing timely and accurate information and any assistance required by DIR.

 

SECTION 5. Makes application of Section 552.139(b), Government Code, as amended by this Act, prospective.

 

SECTION 6. Effective date: September 1, 2017.