| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
| |
|
|
relating to the continuation and functions of the Department of |
|
|
Information Resources, including the composition of the governing |
|
|
body of the department and, in collaboration with the comptroller, |
|
|
the administration of state assistance opportunities. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subchapter C, Chapter 656, Government Code, is |
|
|
amended by adding Sections 656.0505 and 656.0506 to read as |
|
|
follows: |
|
|
Sec. 656.0505. VOLUNTARY CERTIFICATION COURSE ON |
|
|
PROCUREMENT OF INFORMATION RESOURCES TECHNOLOGIES. (a) In this |
|
|
section: |
|
|
(1) "Department" means the Department of Information |
|
|
Resources. |
|
|
(2) "Information resources technologies" has the |
|
|
meaning assigned by Section 2054.003. |
|
|
(b) In coordination with the comptroller, the department |
|
|
shall develop and implement a certification course on the |
|
|
procurement of information resources technologies and make the |
|
|
course available to a person who: |
|
|
(1) holds a purchasing certification issued under |
|
|
Section 656.051; |
|
|
(2) holds a contract management certification issued |
|
|
under Section 656.052; or |
|
|
(3) holds both certifications described by |
|
|
Subdivisions (1) and (2). |
|
|
(c) The department shall provide the course at least |
|
|
quarterly and must provide the course in person. |
|
|
(d) The department shall certify a state agency employee who |
|
|
successfully completes the course. |
|
|
(e) Successful completion of the course may be credited |
|
|
toward any continuing education requirements for maintaining a |
|
|
certification under Section 656.051 or 656.052, or both. |
|
|
Sec. 656.0506. TRAINING ON PURCHASES OF INFORMATION |
|
|
RESOURCES TECHNOLOGIES FOR CERTAIN STATE AGENCY OFFICERS AND |
|
|
EMPLOYEES. (a) In this section: |
|
|
(1) "Department" means the Department of Information |
|
|
Resources. |
|
|
(2) "Information resources technologies" has the |
|
|
meaning assigned by Section 2054.003. |
|
|
(b) The department shall develop and provide annual |
|
|
training for persons who serve in upper management positions at |
|
|
state agencies, including elected or appointed state officers and |
|
|
executive heads of state agencies on best practices and |
|
|
methodologies for purchasing information resources technologies. |
|
|
(c) The department shall include in the training provided |
|
|
under Subsection (b) information the department covers in the |
|
|
certification programs established by Sections 656.051 and 656.052 |
|
|
that is related to the purchase of information resources |
|
|
technologies. The department may include additional topics in the |
|
|
training. |
|
|
(d) The department may not require a person described by |
|
|
Subsection (b) to participate in the training. |
|
|
SECTION 2. Chapter 783, Government Code, is amended by |
|
|
designating Sections 783.001 through 783.010, Government Code, as |
|
|
Subchapter A and adding a subchapter heading to read as follows: |
|
|
SUBCHAPTER A. GENERAL PROVISIONS |
|
|
SECTION 3. Chapter 783, Government Code, is amended by |
|
|
adding Subchapter B to read as follows: |
|
|
SUBCHAPTER B. STATE ASSISTANCE OPPORTUNITIES |
|
|
Sec. 783.051. DEFINITIONS. In this subchapter: |
|
|
(1) "Health and human services agency" means: |
|
|
(A) the Department of Family and Protective |
|
|
Services; |
|
|
(B) the Department of State Health Services; and |
|
|
(C) the Health and Human Services Commission. |
|
|
(2) "Institution of higher education" and "university |
|
|
system" have the meanings assigned by Section 61.003, Education |
|
|
Code. |
|
|
(3) "State agency" has the meaning assigned by Section |
|
|
2054.003, except that the term does not include: |
|
|
(A) an institution of higher education or a |
|
|
university system; or |
|
|
(B) a health and human services agency. |
|
|
(4) "State assistance" includes a grant, contract, |
|
|
loan, loan guarantee, cooperative agreement, direct appropriation, |
|
|
property, or another method of disbursement awarded by a state |
|
|
agency. |
|
|
Sec. 783.052. STATE ASSISTANCE OPPORTUNITY ADVERTISEMENT. |
|
|
(a) The comptroller, in coordination with the Department of |
|
|
Information Resources, shall develop an electronic advertising |
|
|
system to post a state assistance opportunity on the electronic |
|
|
state business daily in a manner that: |
|
|
(1) provides a single location for all state agencies |
|
|
to post electronic summaries of state assistance opportunities; |
|
|
(2) provides a standard format for announcing a state |
|
|
assistance opportunity; and |
|
|
(3) enables a person to search for a state assistance |
|
|
opportunity provided by a state agency. |
|
|
(b) Subject to Chapter 2157, an institution of higher |
|
|
education, a university system, or a health and human services |
|
|
agency may elect to post state assistance opportunity |
|
|
advertisements in the same manner as a state agency under this |
|
|
section. |
|
|
SECTION 4. Section 2155.083(c), Government Code, is amended |
|
|
to read as follows: |
|
|
(c) The comptroller shall operate the electronic state |
|
|
business daily for state agencies and other eligible entities to |
|
|
advertise pre-solicitation notices, solicitations, [and] contract |
|
|
awards, and grants. |
|
|
SECTION 5. Section 2054.003(13), Government Code, is |
|
|
amended to read as follows: |
|
|
(13) "State agency" means, except as otherwise |
|
|
provided by this chapter, a department, commission, board, office, |
|
|
council, authority, or other agency in the executive or judicial |
|
|
branch of state government that is created by the constitution or a |
|
|
statute of this state, including a university system or institution |
|
|
of higher education as defined by Section 61.003, Education Code. |
|
|
SECTION 6. Section 2054.005, Government Code, is amended to |
|
|
read as follows: |
|
|
Sec. 2054.005. SUNSET PROVISION. [(a)] The Department of |
|
|
Information Resources is subject to Chapter 325 (Texas Sunset Act). |
|
|
Unless continued in existence as provided by that chapter, the |
|
|
department is abolished [and this chapter expires] September 1, |
|
|
2037 [2025]. |
|
|
SECTION 7. Section 2054.021, Government Code, is amended by |
|
|
amending Subsections (a), (c), (f), (g), and (h) and adding |
|
|
Subsections (a-1), (c-1), (c-2), and (i) to read as follows: |
|
|
(a) For purposes of this section, "state agency" has the |
|
|
meaning assigned by Section 2054.003 but does not include: |
|
|
(1) a department, commission, board, office, council, |
|
|
authority, or other agency in the judicial branch of state |
|
|
government; or |
|
|
(2) an institution of higher education or a university |
|
|
system, as those terms are defined by Section 61.003, Education |
|
|
Code. |
|
|
(a-1) The department is governed by a board composed of 11 |
|
|
members as follows: |
|
|
(1) seven voting members appointed by the governor |
|
|
with the advice and consent of the senate; and |
|
|
(2) four nonvoting members as provided by Subsection |
|
|
(c). [One member must be employed by an institution of higher |
|
|
education as defined by Section 61.003, Education Code.] |
|
|
(c) The governor shall appoint the four nonvoting members of |
|
|
the board as follows: |
|
|
(1) one member who is an employee of an institution of |
|
|
higher education, as defined by Section 61.003, Education Code; |
|
|
(2) two members who are employees of state agencies |
|
|
that are on the list provided under Subsection (c-1); and |
|
|
(3) one member who is an employee of a state agency |
|
|
with fewer than 500 full-time employees. |
|
|
(c-1) Not later than December 1 of each even-numbered year, |
|
|
the department shall provide the governor a list of the 10 state |
|
|
agencies that spent the most money on products and services of the |
|
|
department during the previous state fiscal year. |
|
|
(c-2) A nonvoting member of the board serves for a two-year |
|
|
term that expires February 1 of each odd-numbered year. [Two groups |
|
|
each composed of three ex officio members serve on the board on a |
|
|
rotating basis. The ex officio members serve as nonvoting members |
|
|
of the board. Only one group serves at a time. The first group is |
|
|
composed of the commissioner of insurance, the executive |
|
|
commissioner of the Health and Human Services Commission, and the |
|
|
executive director of the Texas Department of Transportation. |
|
|
Members of the first group serve for two-year terms that begin |
|
|
February 1 of every other odd-numbered year and that expire on |
|
|
February 1 of the next odd-numbered year. The second group is |
|
|
composed of the commissioner of education, the executive director |
|
|
of the Texas Department of Criminal Justice, and the executive |
|
|
director of the Parks and Wildlife Department. Members of the |
|
|
second group serve for two-year terms that begin February 1 of the |
|
|
odd-numbered years in which the terms of members of the first group |
|
|
expire and that expire on February 1 of the next odd-numbered year.] |
|
|
(f) A [To be eligible to take office or serve as a voting or |
|
|
nonvoting member of the board, a] person who is appointed to and |
|
|
qualifies for office as a member of the board may not vote, |
|
|
deliberate, or be counted as a member in attendance at a meeting of |
|
|
the board until the person: |
|
|
(1) completes [appointed to or scheduled to serve as |
|
|
an ex officio member of the board must complete at least one course |
|
|
of] a training program that complies with Subsection (g); and |
|
|
(2) signs and submits to the executive director a |
|
|
statement acknowledging that the member completed the training |
|
|
program and the training required under Section 656.053 [this |
|
|
section]. [A voting or nonvoting board member must complete a |
|
|
training program that complies with Subsection (g) not later than |
|
|
the 180th day after the date on which the person takes office or |
|
|
begins serving as a member of the board.] |
|
|
(g) The training program must provide the person with |
|
|
information [to the person] regarding: |
|
|
(1) the law governing department operations [this |
|
|
chapter] and the board to which the person is appointed to serve; |
|
|
(2) the programs, functions, rules, and budget of |
|
|
[operated by] the department; |
|
|
(3) the scope of and limitations on the rulemaking |
|
|
authority of the department [the role and functions of the |
|
|
department]; |
|
|
(4) the results of the most recent formal audit of the |
|
|
department [rules of the department, with an emphasis on the rules |
|
|
that relate to disciplinary and investigatory authority]; |
|
|
(5) the requirements of: |
|
|
(A) laws relating to open meetings, public |
|
|
information, administrative procedure, and disclosing conflicts of |
|
|
interest; and |
|
|
(B) other laws applicable to members of a state |
|
|
policy-making body in performing their duties [current budget for |
|
|
the department]; |
|
|
(6) [the results of the most recent formal audit of the |
|
|
department; |
|
|
[(7) the requirements of the: |
|
|
[(A) open meetings law, Chapter 551; |
|
|
[(B) open records law, Chapter 552; and |
|
|
[(C) administrative procedure law, Chapter 2001; |
|
|
[(8) the requirements of the conflict of interest laws |
|
|
and other laws relating to public officials; |
|
|
[(9)] any applicable ethics policies adopted by the |
|
|
department or the Texas Ethics Commission; and |
|
|
(7) [(10)] contract management training. |
|
|
(h) A person appointed to the board is entitled to |
|
|
reimbursement, as provided by the General Appropriations Act, for |
|
|
travel expenses incurred in attending the training program, |
|
|
regardless of whether the attendance at the program occurs before |
|
|
or after the person qualifies for office [as provided by the General |
|
|
Appropriations Act and as if the person were a member of the board]. |
|
|
(i) The executive director shall create a training manual |
|
|
that includes the information required by Subsection (g). The |
|
|
executive director shall distribute a copy of the training manual |
|
|
annually to each member of the board. Each member of the board |
|
|
shall sign and submit to the executive director a statement |
|
|
acknowledging that the member received and has reviewed the |
|
|
training manual. |
|
|
SECTION 8. Section 2054.024(c), Government Code, is amended |
|
|
to read as follows: |
|
|
(c) If the final result of an action brought in a court of |
|
|
competent jurisdiction is that a board [an ex officio or other] |
|
|
member [of the board] may not serve on the board under the Texas |
|
|
Constitution, the [appropriate individual shall promptly submit a |
|
|
list to the] governor shall appoint [for the appointment of] a |
|
|
replacement who may serve. |
|
|
SECTION 9. The heading to Section 2054.033, Government |
|
|
Code, is amended to read as follows: |
|
|
Sec. 2054.033. ESTABLISHMENT OF ADVISORY COMMITTEES; |
|
|
ADMINISTRATION AND REQUIREMENTS. |
|
|
SECTION 10. Section 2054.033, Government Code, is amended |
|
|
by amending Subsection (a) and adding Subsections (e), (f), and (g) |
|
|
to read as follows: |
|
|
(a) The board and the executive director, if authorized by |
|
|
the board, by rule may establish [appoint] advisory committees as |
|
|
the department considers necessary to provide expertise to the |
|
|
department. |
|
|
(e) With respect to an advisory committee whose |
|
|
jurisdiction covers a service provided by the department to state |
|
|
agencies, in appointing members to the advisory committee the board |
|
|
shall: |
|
|
(1) to the extent practicable, ensure that the |
|
|
advisory committee is composed of a cross-section of the |
|
|
department's customers who use the service; and |
|
|
(2) appoint, in addition to the member required by |
|
|
Subsection (d), at least one member who is an employee of a state |
|
|
agency with 500 or fewer full-time employees. |
|
|
(f) The board shall adopt rules to govern each advisory |
|
|
committee of the department. The rules must include: |
|
|
(1) the purpose, role, goals, composition, and |
|
|
duration of the advisory committee; |
|
|
(2) as to the advisory committee members: |
|
|
(A) the appointment procedures, terms, and |
|
|
quorum requirements; |
|
|
(B) conflict-of-interest policies; and |
|
|
(C) as advisable, member qualifications or |
|
|
training requirements; |
|
|
(3) as appropriate, a method the department must use |
|
|
to receive public input on issues considered by the advisory |
|
|
committee; and |
|
|
(4) as appropriate, a method for sharing findings and |
|
|
information of the advisory committee with the public and the |
|
|
board. |
|
|
(g) Except as otherwise provided by this chapter, an |
|
|
advisory committee of the department is subject to Chapter 2110. |
|
|
SECTION 11. Subchapter B, Chapter 2054, Government Code, is |
|
|
amended by adding Sections 2054.0333, 2054.0335, and 2054.0337 to |
|
|
read as follows: |
|
|
Sec. 2054.0333. ADVISORY COMMITTEES ON DEPARTMENT |
|
|
FUNCTIONS REQUIRED. The board by rule shall establish advisory |
|
|
committees under Section 2054.033 that advise the board on |
|
|
governing the department and cover in subject matter the |
|
|
department's primary functions, including at least one advisory |
|
|
committee for each of the following subjects: |
|
|
(1) procurement under Subchapter B, Chapter 2157; |
|
|
(2) the development and implementation of information |
|
|
security programs; and |
|
|
(3) the preparation of the state strategic plan |
|
|
required by Section 2054.091. |
|
|
Sec. 2054.0335. STATEWIDE INFORMATION SECURITY ADVISORY |
|
|
COMMITTEE. (a) The board by rule shall establish an advisory |
|
|
committee under Section 2054.033 to make recommendations to the |
|
|
department on improving the effectiveness of the department's and |
|
|
this state's information security operations. |
|
|
(b) The advisory committee must include members who are |
|
|
information security professionals employed by state agencies and |
|
|
local governments. |
|
|
(c) The presiding officer of the advisory committee is the |
|
|
chief information security officer under Section 2054.510. |
|
|
Sec. 2054.0337. CUSTOMER ADVISORY COMMITTEE. (a) The |
|
|
board by rule shall establish an advisory committee under Section |
|
|
2054.033 to report to and advise the board on improving the |
|
|
effectiveness and efficiency of services provided by the department |
|
|
to customers. |
|
|
(b) The board shall appoint advisory committee members who |
|
|
are employees of state agencies that: |
|
|
(1) use the department's services; and |
|
|
(2) have 500 or fewer full-time employees, including |
|
|
at least three members who are employees of state agencies that have |
|
|
150 or fewer full-time employees. |
|
|
SECTION 12. Section 2054.035(b), Government Code, is |
|
|
amended to read as follows: |
|
|
(b) The department shall prepare information of public |
|
|
interest describing the functions of the department [and the |
|
|
procedures by which complaints are filed with and resolved by the |
|
|
department]. The department shall make the information available |
|
|
to the public and appropriate state agencies. |
|
|
SECTION 13. Section 2054.036, Government Code, is amended |
|
|
to read as follows: |
|
|
Sec. 2054.036. COMPLAINTS. (a) The department shall |
|
|
maintain a system to promptly and efficiently act on complaints |
|
|
filed with the department. The department shall maintain |
|
|
information about parties to the complaint, the subject matter of |
|
|
the complaint, and a summary of the results of the review or |
|
|
investigation of the complaint, and its disposition. [keep a file |
|
|
about each written complaint filed with the department that the |
|
|
department has authority to resolve. The department shall provide |
|
|
to the person filing the complaint and the persons or entities |
|
|
complained about the department's policies and procedures |
|
|
pertaining to complaint investigation and resolution. The |
|
|
department, at least quarterly and until final disposition of the |
|
|
complaint, shall notify the person filing the complaint and the |
|
|
persons or entities complained about of the status of the complaint |
|
|
unless the notice would jeopardize an undercover investigation.] |
|
|
(b) The department shall make information available |
|
|
describing its procedures for complaint investigation and |
|
|
resolution [keep information about each complaint filed with the |
|
|
department]. [The information shall include: |
|
|
[(1) the date the complaint is received; |
|
|
[(2) the name of the complainant; |
|
|
[(3) the subject matter of the complaint; |
|
|
[(4) a record of all persons contacted in relation to |
|
|
the complaint; |
|
|
[(5) a summary of the results of the review or |
|
|
investigation of the complaint; and |
|
|
[(6) for complaints for which the department took no |
|
|
action, an explanation of the reason the complaint was closed |
|
|
without action.] |
|
|
(c) The department shall periodically notify the complaint |
|
|
parties of the status of the complaint until final disposition |
|
|
unless the notice would jeopardize an ongoing investigation. |
|
|
SECTION 14. Sections 2054.055(b) and (b-2), Government |
|
|
Code, are amended to read as follows: |
|
|
(b) The report must: |
|
|
(1) assess the progress made toward meeting the goals |
|
|
and objectives of the state strategic plan for information |
|
|
resources management; |
|
|
(2) describe major accomplishments of the state or a |
|
|
specific state agency in information resources management; |
|
|
(3) describe major problems in information resources |
|
|
management confronting the state or a specific state agency; |
|
|
(4) provide a summary of the total expenditures for |
|
|
information resources and information resources technologies by |
|
|
the state; |
|
|
(5) make recommendations for improving the |
|
|
effectiveness and cost-efficiency of the state's use of information |
|
|
resources; |
|
|
(6) describe the status, progress, benefits, and |
|
|
efficiency gains of the state electronic Internet portal project, |
|
|
including any significant issues regarding contract performance; |
|
|
(7) provide a financial summary of the state |
|
|
electronic Internet portal project, including project costs and |
|
|
revenues; |
|
|
(8) [provide a summary of the amount and use of |
|
|
Internet-based training conducted by each state agency and |
|
|
institution of higher education; |
|
|
[(9)] provide a summary of agency and statewide |
|
|
results in providing access to electronic and information resources |
|
|
to individuals with disabilities as required by Subchapter M; |
|
|
(9) [(10)] assess the progress made toward |
|
|
accomplishing the goals of the plan for a state telecommunications |
|
|
network and developing a system of telecommunications services as |
|
|
provided by Subchapter H; and |
|
|
(10) [(11)] identify proposed major information |
|
|
resources projects for the next state fiscal biennium, including |
|
|
project costs through stages of the project and across state fiscal |
|
|
years from project initiation to implementation. |
|
|
(b-2) The information required under Subsection (b)(10) |
|
|
[(b)(11)] must include: |
|
|
(1) final total cost of ownership budget data for the |
|
|
entire life cycle of the major information resources project, |
|
|
including capital and operational costs that itemize staffing |
|
|
costs, contracted services, hardware purchased or leased, software |
|
|
purchased or leased, travel, and training; |
|
|
(2) the original project schedule and the final actual |
|
|
project schedule; |
|
|
(3) data on the progress toward meeting the original |
|
|
goals and performance measures of the project, specifically those |
|
|
related to operating budget savings; |
|
|
(4) lessons learned on the project, performance |
|
|
evaluations of any vendors used in the project, and reasons for |
|
|
project delays or cost increases; and |
|
|
(5) the benefits, cost avoidance, and cost savings |
|
|
generated by major technology resources projects. |
|
|
SECTION 15. Subchapter C, Chapter 2054, Government Code, is |
|
|
amended by adding Section 2054.057 to read as follows: |
|
|
Sec. 2054.057. PROCUREMENT SERVICES PILOT PROGRAM. (a) In |
|
|
this section: |
|
|
(1) "Participating state agency" means a state agency |
|
|
that the department has approved to participate in the pilot |
|
|
program. |
|
|
(2) "Pilot program" means the procurement services |
|
|
pilot program established under this section. |
|
|
(3) "State agency" means a board, commission, office, |
|
|
department, or other agency in the executive, judicial, or |
|
|
legislative branch of state government. The term does not include |
|
|
an institution of higher education, as defined by Section 61.003, |
|
|
Education Code. |
|
|
(b) The department shall establish a pilot program under |
|
|
which the department provides assistance in the procurement of |
|
|
information resources technologies on request by a participating |
|
|
state agency. |
|
|
(c) A state agency may participate in the pilot program only |
|
|
if the department approves of the participation in writing. |
|
|
(d) The department may limit the: |
|
|
(1) number of participating state agencies in the |
|
|
pilot program; and |
|
|
(2) types of information resources technologies for |
|
|
which procurement assistance is provided under the pilot program. |
|
|
(e) Services under the pilot program may include assistance |
|
|
with: |
|
|
(1) procurement planning; |
|
|
(2) developing a cost estimate for an information |
|
|
resources technologies project; and |
|
|
(3) drafting and developing a solicitation. |
|
|
(f) With respect to any procurement assistance provided by |
|
|
the department under the pilot program, the department: |
|
|
(1) may not control the procurement for which the |
|
|
assistance is provided or the management of any resulting contract; |
|
|
and |
|
|
(2) is not civilly liable for damages resulting from |
|
|
the provision of procurement assistance unless the damages result |
|
|
from intentional conduct or gross negligence. |
|
|
(g) Not later than December 1, 2028, the department shall |
|
|
submit a report to the legislature that includes a summary of the |
|
|
pilot program's activities and a recommendation of whether to |
|
|
continue or expand the program. |
|
|
(h) This section expires January 1, 2029. |
|
|
SECTION 16. Section 2054.075(b), Government Code, is |
|
|
amended to read as follows: |
|
|
(b) Each state agency information resources manager is part |
|
|
of the agency's executive management and reports directly to the |
|
|
executive head or deputy executive head of the agency. Each state |
|
|
agency shall report to the department the extent and results of its |
|
|
compliance with this subsection and include with the report an |
|
|
organizational chart showing the structure of the personnel in the |
|
|
agency's executive management. [The department shall report the |
|
|
extent and results of state agencies' compliance with this |
|
|
subsection to the legislature.] |
|
|
SECTION 17. Section 2054.097, Government Code, is amended |
|
|
by adding Subsections (c), (d), and (e) to read as follows: |
|
|
(c) Once every two years, the department shall conduct a |
|
|
limited evaluation of the information resources deployment review |
|
|
of at least five state agencies to verify the accuracy of those |
|
|
reviews. The department may limit the evaluation to review |
|
|
responses on subjects that represent the highest risks or greatest |
|
|
opportunities for improvement regarding the state agency's |
|
|
software, hardware, compliance, and cybersecurity. |
|
|
(d) The department is not required to conduct site visits as |
|
|
part of the limited evaluation required by Subsection (c). |
|
|
(e) The department shall use information received from the |
|
|
limited evaluation required by Subsection (c) to: |
|
|
(1) update trainings for and outreach to information |
|
|
resources managers on accurately completing the information |
|
|
resources deployment review; and |
|
|
(2) recommend information resources technology |
|
|
solutions to state agencies as needed. |
|
|
SECTION 18. Section 2054.2606(c), Government Code, is |
|
|
amended to read as follows: |
|
|
(c) A licensing entity that establishes a profile system |
|
|
under this section shall determine the information to be included |
|
|
in the system and the manner for collecting and reporting the |
|
|
information. At a minimum, the entity shall include the following |
|
|
information in the profile system: |
|
|
(1) the name of the license holder and the address and |
|
|
telephone number of the license holder's primary practice location; |
|
|
(2) whether the license holder's patient, client, |
|
|
user, customer, or consumer service areas, as applicable, are |
|
|
accessible to [disabled] persons with disabilities, as defined by |
|
|
federal law; |
|
|
(3) the type of language translating services, |
|
|
including translating services for a person who is deaf or hard |
|
|
[with impairment] of hearing, that the license holder provides for |
|
|
patients, clients, users, customers, or consumers, as applicable; |
|
|
(4) if applicable, insurance information, including |
|
|
whether the license holder participates in the state child health |
|
|
plan under Chapter 62, Health and Safety Code, or the Medicaid |
|
|
program; |
|
|
(5) the education and training received by the license |
|
|
holder, as required by the licensing entity; |
|
|
(6) any specialty certification held by the license |
|
|
holder; |
|
|
(7) the number of years the person has practiced as a |
|
|
license holder; and |
|
|
(8) if applicable, any hospital affiliation of the |
|
|
license holder. |
|
|
SECTION 19. Section 2054.376(b), Government Code, is |
|
|
amended to read as follows: |
|
|
(b) This subchapter applies [does not apply] to the |
|
|
following only on the election of the state agency operating the |
|
|
system, database, or network: |
|
|
(1) the uniform statewide accounting system, as that |
|
|
term is used in Subchapter C, Chapter 2101; |
|
|
(2) the state treasury cash and treasury management |
|
|
system; |
|
|
(3) a database or network managed by the comptroller |
|
|
to: |
|
|
(A) collect and process multiple types of taxes |
|
|
imposed by the state; or |
|
|
(B) manage or administer fiscal, financial, |
|
|
revenue, and expenditure activities of the state under Chapter 403 |
|
|
and Chapter 404; or |
|
|
(4) a database or network managed by the Department of |
|
|
Agriculture. |
|
|
SECTION 20. Section 2054.456(a), Government Code, is |
|
|
amended to read as follows: |
|
|
(a) Each state agency shall, in developing, procuring, |
|
|
maintaining, or using electronic and information resources, ensure |
|
|
that state employees with disabilities have access to and the use of |
|
|
those resources comparable to the access and use available to state |
|
|
employees without disabilities, unless compliance with this |
|
|
section imposes a significant difficulty or expense on the agency |
|
|
under Section 2054.460. Subject to Section 2054.460, the agency |
|
|
shall take reasonable steps to ensure that an [a disabled] employee |
|
|
with a disability has reasonable access to perform the employee's |
|
|
duties. |
|
|
SECTION 21. The heading to Section 2054.515, Government |
|
|
Code, is amended to read as follows: |
|
|
Sec. 2054.515. AGENCY DATA GOVERNANCE [INFORMATION |
|
|
SECURITY] ASSESSMENT AND REPORT. |
|
|
SECTION 22. Section 2054.515, Government Code, is amended |
|
|
by amending Subsections (a), (c), and (d) and adding Subsection |
|
|
(a-1) to read as follows: |
|
|
(a) At least once every two years, each state agency shall |
|
|
conduct an [information security] assessment of the agency's[: |
|
|
[(1) information resources systems, network systems, |
|
|
digital data storage systems, digital data security measures, and |
|
|
information resources vulnerabilities; and |
|
|
[(2)] data governance program with participation from |
|
|
the agency's data management officer, if applicable, and in |
|
|
accordance with requirements established by department rule. |
|
|
(a-1) Not later than June 1 of each even-numbered year, each |
|
|
state agency shall report the results of the assessment conducted |
|
|
under Subsection (a) to: |
|
|
(1) the department; and |
|
|
(2) on request, the governor, the lieutenant governor, |
|
|
and the speaker of the house of representatives. |
|
|
(c) The department by rule shall establish the requirements |
|
|
for the [information security] assessment and report required by |
|
|
this section. |
|
|
(d) The report and all documentation related to the |
|
|
[information security] assessment and report are confidential and |
|
|
not subject to disclosure under Chapter 552. The state agency or |
|
|
department may redact or withhold the information as confidential |
|
|
under Chapter 552 without requesting a decision from the attorney |
|
|
general under Subchapter G, Chapter 552. |
|
|
SECTION 23. Sections 2054.5191(a), (a-1), and (a-2), |
|
|
Government Code, are amended to read as follows: |
|
|
(a) At least once each year, each employee of a [Each] state |
|
|
agency [shall identify state employees who use a computer to |
|
|
complete at least 25 percent of the employee's required duties. At |
|
|
least once each year, an employee identified by the state agency] |
|
|
and each elected or appointed officer of the agency shall complete a |
|
|
cybersecurity training program certified under Section 2054.519. |
|
|
(a-1) At least once each year, each employee and each |
|
|
elected or appointed official of a local government shall[: |
|
|
[(1) identify local government employees and elected |
|
|
and appointed officials who have access to a local government |
|
|
computer system or database and use a computer to perform at least |
|
|
25 percent of the employee's or official's required duties; and |
|
|
[(2) require the employees and officials identified |
|
|
under Subdivision (1) to] complete a cybersecurity training program |
|
|
certified under Section 2054.519. |
|
|
(a-2) The governing body of a local government or the |
|
|
governing body's designee may deny access to the local government's |
|
|
computer system or database to an employee or official of the local |
|
|
government [an individual described by Subsection (a-1)(1)] who the |
|
|
governing body or the governing body's designee determines is |
|
|
noncompliant with the requirements of Subsection (a-1) [(a-1)(2)]. |
|
|
SECTION 24. Subchapter N-1, Chapter 2054, Government Code, |
|
|
is amended by adding Section 2054.5195 to read as follows: |
|
|
Sec. 2054.5195. INFORMATION SECURITY ASSESSMENT AND |
|
|
PENETRATION TEST REQUIRED. (a) This section does not apply to a |
|
|
university system or institution of higher education as defined by |
|
|
Section 61.003, Education Code. |
|
|
(b) At least once every two years, the department shall |
|
|
require each state agency to complete an information security |
|
|
assessment and a penetration test to be performed by the department |
|
|
or, at the department's discretion, a vendor selected by the |
|
|
department. |
|
|
(c) The department shall establish rules as necessary to |
|
|
implement this section, including rules for the procurement of a |
|
|
vendor under Subsection (b). |
|
|
SECTION 25. Section 2157.068(a), Government Code, is |
|
|
amended to read as follows: |
|
|
(a) In this section: |
|
|
(1) "Commodity[, "commodity] items" means commercial |
|
|
software, hardware, or technology services, other than |
|
|
telecommunications services, that are generally available to |
|
|
businesses or the public and for which the department determines |
|
|
that a reasonable demand exists from an eligible entity listed in[, |
|
|
as defined by] Section 2054.0525 [2054.375,] that purchases the |
|
|
items through the department. The term includes seat management, |
|
|
through which an eligible entity transfers its personal computer |
|
|
equipment and service responsibilities to a private vendor to |
|
|
manage the personal computing needs for each desktop of the |
|
|
eligible entity, including all necessary hardware, software, and |
|
|
support services. |
|
|
(2) "Technology services" means services, regardless |
|
|
of the method of charging fees for those services, that: |
|
|
(A) relate to the development, configuration, |
|
|
review, assessment, acquisition, implementation, or maintenance of |
|
|
information technology hardware, software, or services; or |
|
|
(B) consist of other routine technology services |
|
|
not described by Paragraph (A). |
|
|
SECTION 26. Section 2170.005(c), Government Code, is |
|
|
amended to read as follows: |
|
|
(c) Telephone directories published by the department under |
|
|
this section and Section 2170.059 must be revised regularly and |
|
|
must list state telephone numbers alphabetically by the subject |
|
|
matter of agency programs as well as alphabetically by agency. The |
|
|
subject matter listing of programs and telephone numbers in the |
|
|
telephone directories must be consistent with the categorization |
|
|
developed by the Records Management Interagency Coordinating |
|
|
Council under Section 441.203. The department may authorize, under |
|
|
procedures and rules considered appropriate by the department, a |
|
|
method [yellow pages advertising section in the directories] to |
|
|
recover development, publication, and distribution costs of the |
|
|
directories. |
|
|
SECTION 27. Section 2170.059(a), Government Code, is |
|
|
amended to read as follows: |
|
|
(a) The department shall provide centralized telephone |
|
|
service for state agencies, each house of the legislature, and |
|
|
legislative agencies in the capitol complex. State agencies in the |
|
|
capitol complex may [shall] use the service. Each house of the |
|
|
legislature and each legislative agency may [shall] use the service |
|
|
at the discretion of the legislature. The department may provide |
|
|
the service to other state agencies that subscribe to it. |
|
|
SECTION 28. The following provisions of the Government Code |
|
|
are repealed: |
|
|
(1) Section 441.010; |
|
|
(2) Section 2054.021(d); |
|
|
(3) Section 2054.023(c); |
|
|
(4) Section 2054.0331; |
|
|
(5) Section 2054.091(d); |
|
|
(6) Section 2054.0925(c); |
|
|
(7) Section 2054.515(b), as amended by Chapter 567 |
|
|
(S.B. 475), Acts of the 87th Legislature, Regular Session, 2021; |
|
|
(8) Section 2054.515(b), as amended by Chapter 856 |
|
|
(S.B. 800), Acts of the 87th Legislature, Regular Session, 2021; |
|
|
(9) Chapter 2055; |
|
|
(10) Section 2170.009; |
|
|
(11) Section 2170.010; and |
|
|
(12) Section 2170.059(c). |
|
|
SECTION 29. (a) In this section, "institution of higher |
|
|
education" has the meaning assigned by Section 61.003, Education |
|
|
Code. |
|
|
(b) As soon as possible after the effective date of this |
|
|
Act, as the terms of members of the governing board of the |
|
|
Department of Information Resources expire or as vacancies occur, |
|
|
the governor shall appoint members to the board so that the board is |
|
|
composed in accordance with Section 2054.021, Government Code, as |
|
|
amended by this Act, except that the term of the member of the board |
|
|
serving on the board immediately before the effective date of this |
|
|
Act who holds the position of the member who is employed by an |
|
|
institution of higher education expires on that date. A member of |
|
|
the governing board whose term expires under this subsection is |
|
|
eligible for reappointment under Subsection (c) of this section. |
|
|
(c) Not later than December 1, 2025, the governor shall |
|
|
appoint the following members to the governing board of the |
|
|
Department of Information Resources in accordance with Section |
|
|
2054.021, Government Code, as amended by this Act: |
|
|
(1) one voting member to serve a term that expires |
|
|
February 1, 2031; and |
|
|
(2) one nonvoting member to the position of the member |
|
|
who is employed by an institution of higher education to serve a |
|
|
term that expires February 1, 2027. |
|
|
SECTION 30. (a) Except as provided by Subsection (b) of |
|
|
this section, Section 2054.021(f), Government Code, as amended by |
|
|
this Act, applies to a member of the governing board of the |
|
|
Department of Information Resources appointed before, on, or after |
|
|
the effective date of this Act. |
|
|
(b) A member of the governing board of the Department of |
|
|
Information Resources who, before the effective date of this Act, |
|
|
completed the training program required by Section 2054.021(f), |
|
|
Government Code, and described in Section 2054.021(g), Government |
|
|
Code, as that law existed before the effective date of this Act, is |
|
|
only required to complete additional training on the subjects added |
|
|
by this Act to the training program described by Section |
|
|
2054.021(g), Government Code. A member described by this |
|
|
subsection may not vote, deliberate, or be counted as a member in |
|
|
attendance at a meeting of the board held on or after December 1, |
|
|
2025, until the member completes the additional training. |
|
|
SECTION 31. If any provision of this Act conflicts with a |
|
|
provision of another Act of the 89th Legislature, Regular Session, |
|
|
2025, relating to the establishment of the Texas Cyber Command as a |
|
|
component institution of The University of Texas System and the |
|
|
transfer to it of certain powers and duties of the Department of |
|
|
Information Resources, the provision of the other Act prevails to |
|
|
the extent of the conflict, regardless of the relative dates of |
|
|
enactment. |
|
|
SECTION 32. This Act takes effect September 1, 2025. |
|
|
|
|
|
* * * * * |