Florida Senate - 2011 CS for SB 102
By the Committee on Governmental Oversight and Accountability;
and Senator Ring
585-03915-11 2011102c1
1 A bill to be entitled
2 An act relating to the Agency for Enterprise
3 Information Technology; transferring, renumbering, and
4 amending s. 14.204, F.S.; renaming the agency the
5 Department of Information Technology; requiring that
6 the department director have a degree from an
7 accredited postsecondary institution in certain
8 fields, be appointed by the Governor, and serve at the
9 pleasure of the Governor; establishing divisions
10 within the department; amending ss. 17.0315, 110.205,
11 215.322, and 216.235, F.S.; conforming provisions to
12 changes made by the act; repealing s. 282.0041, F.S.,
13 to delete reference to the agency; amending s.
14 282.0055, F.S.; conforming provisions to changes made
15 by the act; amending s. 282.0056, F.S.; specifying
16 proposals that must be included in the department’s
17 annual work plan; amending ss. 282.201, 282.203,
18 282.204, 282.205, 282.3055, 282.315, 282.318, 282.33,
19 282.34, 287.057, 445.011, 445.045, and 668.50, F.S.;
20 conforming provisions to changes made by the act;
21 requiring the department and state agencies to
22 identify all positions and resources related to
23 information technology by a certain date; requiring
24 the department to submit a plan to the Governor and
25 Legislature transferring all information technology
26 operations to the department; transferring the agency
27 from the Executive Office of the Governor to the
28 department by a type two transfer; providing an
29 effective date.
30
31 Be It Enacted by the Legislature of the State of Florida:
32
33 Section 1. Section 14.204, Florida Statutes, is
34 transferred, renumbered as section 20.51, Florida Statutes, and
35 amended to read:
36 20.51 14.204 Department of Agency for Enterprise
37 Information Technology.—The Department of Agency for Enterprise
38 Information Technology is created within the Executive Office of
39 the Governor.
40 (1) The head of the agency shall be the Governor and
41 Cabinet.
42 (2) The agency is a separate budget entity and is not
43 subject to control, supervision, or direction by the Executive
44 Office of the Governor, including, but not limited to,
45 purchasing, transactions involving real or personal property,
46 personnel, or budgetary matters.
47 (1)(3) The department agency shall have an executive
48 director who is the state’s Chief Technology Information Officer
49 and who must, at a minimum:
50 (a) Have a degree from an accredited postsecondary
51 institution in engineering, computer science, information
52 science, or information systems;
53 (b) Have at least 7 years of executive-level experience in
54 managing information technology organizations; and
55 (c) Be appointed by the Governor and confirmed by the
56 Cabinet, subject to confirmation by the Senate, and serve at the
57 pleasure of the Governor and Cabinet.
58 (2) The department shall consist of the following
59 divisions:
60 (a) The Division of Strategic Procurement, which includes
61 the development of all enterprise information technology
62 procurement and acquisition-management systems across state
63 agencies, whether owned or contracted, and has the objective of
64 achieving unified accountability.
65 (b) The Division of Policy Formation, Development, and
66 Standards, which, by rule, sets the technical and architectural
67 expectations for current and emerging technologies and
68 establishes new human capital skill sets, competency
69 expectations, and total compensation for all information
70 technology professions within state agencies.
71 (c) The Division of Implementation, which is responsible
72 for the execution, timing, and integration of specific
73 technology components and business domain management and the
74 retention of agency expertise in key legacy applications in
75 nonstrategic management systems.
76 (3)(4) The department agency shall have the following
77 duties and responsibilities:
78 (a) Develop strategies for the design, delivery, and
79 management of the enterprise information technology services
80 established in law.
81 (b) Monitor the delivery and management of the enterprise
82 information technology services as established in law.
83 (c) Make recommendations to the agency head and the
84 Legislature concerning other information technology services
85 that should be designed, delivered, and managed as enterprise
86 information technology services as defined in s. 282.0041.
87 (d) Plan and establish policies for managing proposed
88 statutorily authorized enterprise information technology
89 services, which includes:
90 1. Developing business cases that, when applicable, include
91 the components identified in s. 287.0571;
92 2. Establishing and coordinating project-management teams;
93 3. Establishing formal risk-assessment and mitigation
94 processes; and
95 4. Providing for independent monitoring of projects for
96 recommended corrective actions.
97 (e) Beginning October 1, 2010, develop, publish, and
98 biennially update a long-term strategic enterprise information
99 technology plan that identifies and recommends strategies and
100 opportunities to improve the delivery of cost-effective and
101 efficient enterprise information technology services to be
102 proposed for establishment pursuant to s. 282.0056.
103 (f) Perform duties related to the state data center system
104 as provided in s. 282.201.
105 (g) Coordinate acquisition planning and procurement
106 negotiations for hardware and software products and services in
107 order to improve the efficiency and reduce the cost of
108 enterprise information technology services.
109 (h) Conduct procurements In consultation with the Division
110 of Purchasing in the Department of Management Services,
111 coordinate procurement negotiations for information technology
112 products as defined in s. 282.0041 which will be used by
113 multiple agencies.
114 (i) In coordination with, and through the services of, the
115 Division of Purchasing in the Department of Management Services,
116 establish best practices for the procurement of information
117 technology products as defined in s. 282.0041 in order to
118 achieve savings for the state.
119 (j) Develop information technology standards for enterprise
120 information technology services.
121 (k) Provide annually, by December 31, recommendations to
122 the Legislature relating to techniques for consolidating the
123 purchase of information technology commodities and services,
124 which result in savings for the state, and for establishing a
125 process to achieve savings through consolidated purchases.
126 (4)(5) The Office of Information Security shall be created
127 within the department agency. The department agency shall
128 designate a state Chief Information Security Officer who shall
129 oversee the office and report directly to the executive
130 director.
131 (5)(6) The department agency shall operate in a manner that
132 ensures the participation and representation of state agencies
133 and the Agency Chief Information Officers Council established in
134 s. 282.315.
135 (6)(7) The department agency may adopt rules to carry out
136 its statutory duties.
137 Section 2. Subsection (1) and paragraph (g) of subsection
138 (2) of section 17.0315, Florida Statutes, are amended to read:
139 17.0315 Financial and cash management system; task force.—
140 (1) The Chief Financial Officer, as the constitutional
141 officer responsible for settling and approving accounts against
142 the state and keeping all state funds pursuant to s. 4, Art. IV
143 of the State Constitution, shall be the head of and appoint
144 members to a task force established to develop a strategic
145 business plan for a successor financial and cash management
146 system. The task force shall include the executive director of
147 the Department of Agency for Enterprise Information Technology
148 and the director of the Office of Policy and Budget in the
149 Executive Office of the Governor. Any member of the task force
150 may appoint a designee.
151 (2) The strategic business plan for a successor financial
152 and cash management system must:
153 (g) Be coordinated with the information technology strategy
154 development efforts of the Department of Agency for Enterprise
155 Information Technology;
156 Section 3. Paragraph (e) of subsection (2) of section
157 110.205, Florida Statutes, is amended to read:
158 110.205 Career service; exemptions.—
159 (2) EXEMPT POSITIONS.—The exempt positions that are not
160 covered by this part include the following:
161 (e) The Chief Information Officer in the Department of
162 Agency for Enterprise Information Technology. Unless otherwise
163 fixed by law, the Department of Agency for Enterprise
164 Information Technology shall set the salary and benefits of this
165 position in accordance with the rules of the Senior Management
166 Service.
167 Section 4. Subsections (2) and (9) of section 215.322,
168 Florida Statutes, are amended to read:
169 215.322 Acceptance of credit cards, charge cards, debit
170 cards, or electronic funds transfers by state agencies, units of
171 local government, and the judicial branch.—
172 (2) A state agency as defined in s. 216.011, or the
173 judicial branch, may accept credit cards, charge cards, debit
174 cards, or electronic funds transfers in payment for goods and
175 services with the prior approval of the Chief Financial Officer.
176 If the Internet or other related electronic methods are to be
177 used as the collection medium, the Department of Agency for
178 Enterprise Information Technology shall review and recommend to
179 the Chief Financial Officer whether to approve the request with
180 regard to the process or procedure to be used.
181 (9) For payment programs in which credit cards, charge
182 cards, or debit cards are accepted by state agencies, the
183 judicial branch, or units of local government, the Chief
184 Financial Officer, in consultation with the Department of Agency
185 for Enterprise Information Technology, may adopt rules to
186 establish uniform security safeguards for cardholder data and to
187 ensure compliance with the Payment Card Industry Data Security
188 Standards.
189 Section 5. Paragraph (c) of subsection (4) and subsection
190 (6) of section 216.235, Florida Statutes, are amended to read:
191 216.235 Innovation Investment Program.—
192 (4) There is hereby created the State Innovation Committee,
193 which shall have final approval authority as to which innovative
194 investment projects submitted under this section shall be
195 funded. Such committee shall be comprised of seven members.
196 Appointed members shall serve terms of 1 year and may be
197 reappointed. The committee shall include:
198 (c) The executive director of the Department of Agency for
199 Enterprise Information Technology.
200 (6) Any agency developing an innovative investment project
201 proposal that involves information technology resources may
202 consult with and seek technical assistance from the Agency for
203 Enterprise Information Technology. The office shall consult with
204 the Department of Agency for Enterprise Information Technology
205 concerning any project proposal that involves enterprise
206 information technology resources. The department Agency for
207 Enterprise Information Technology shall evaluate the project and
208 advise the committee and review board of the technical
209 feasibility and any transferable benefits of the proposed
210 technology. In addition to the requirements of subsection (5),
211 the agencies shall provide to the department Agency for
212 Enterprise Information Technology any information requested by
213 the department Agency for Enterprise Information Technology to
214 aid in determining whether the proposed technology is
215 appropriate for the project’s success.
216 Section 6. Subsection (4) of section 282.0041, Florida
217 Statutes, is repealed.
218 Section 7. Section 282.0055, Florida Statutes, is amended
219 to read:
220 282.0055 Assignment of information technology.—In order to
221 ensure the most effective and efficient use of the state’s
222 information technology and information technology resources and
223 notwithstanding other provisions of law to the contrary,
224 policies for the design, planning, project management, and
225 implementation of enterprise information technology services
226 shall be the responsibility of the Department of Agency for
227 Enterprise Information Technology for executive branch agencies
228 created or authorized in statute to perform legislatively
229 delegated functions. The supervision, design, delivery, and
230 management of agency information technology shall remain within
231 the responsibility and control of the individual state agency.
232 Section 8. Section 282.0056, Florida Statutes, is amended
233 to read:
234 282.0056 Development of work plan; development of
235 implementation plans; and policy recommendations.—
236 (1) For the purposes of carrying out its responsibilities
237 under s. 282.0055, the Department of Agency for Enterprise
238 Information Technology shall develop an annual work plan within
239 60 days after the beginning of the fiscal year describing the
240 activities that the department agency intends to undertake for
241 that year, including proposed outcomes and completion
242 timeframes. The work plan must be presented at a public hearing
243 that includes the Agency Chief Information Officers Council,
244 which may review and comment on the plan. The work plan must
245 thereafter be approved by the Governor and Cabinet and submitted
246 to the President of the Senate and the Speaker of the House of
247 Representatives. The work plan may be amended as needed, subject
248 to approval by the Governor and Cabinet. The work plan must, at
249 a minimum, include proposals for:
250 (a) The development of a revised financial management
251 infrastructure for state government which causes the
252 reengineering of subsystem components, including, but not
253 limited to, the legislative appropriations and planning and
254 budget system, cash management, human resources, a successor
255 accounting system, and strategic and tactical procurement and
256 acquisition management;
257 (b) Creation of successor customer-relationship management
258 systems, including, but not limited to, professional licensure,
259 facility licensure, regulatory inspections, and compliance and
260 monitoring systems;
261 (c) Consolidation of all state data centers by January 1,
262 2014; and
263 (d) Moving the provision of all state data needs to a cloud
264 computing infrastructure by January 1, 2016.
265 (2) The Department of Information Technology agency may
266 develop and submit to the President of the Senate, the Speaker
267 of the House of Representatives, and the Governor by October 1
268 of each year implementation plans for proposed enterprise
269 information technology services to be established in law.
270 (3) In developing policy recommendations and implementation
271 plans for established and proposed enterprise information
272 technology services, the Department of Information Technology
273 agency shall describe the scope of operation, conduct costs and
274 requirements analyses, conduct an inventory of all existing
275 information technology resources that are associated with each
276 service, and develop strategies and timeframes for statewide
277 migration.
278 (4) For the purpose of completing its work activities, each
279 state agency shall provide to the Department of Information
280 Technology agency all requested information, including, but not
281 limited to, the state agency’s costs, service requirements, and
282 equipment inventories.
283 (5) Within 60 days after the end of each fiscal year, the
284 Department of Information Technology agency shall report to the
285 Governor and Cabinet, the President of the Senate, and the
286 Speaker of the House of Representatives on what was achieved or
287 not achieved in the prior year’s work plan.
288 Section 9. Subsection (2), paragraphs (a), (b), and (c) of
289 subsection (3), paragraph (b) and (d) of subsection (4), and
290 subsection (5) of section 282.201, Florida Statutes, are amended
291 to read:
292 282.201 State data center system; agency duties and
293 limitations.—A state data center system that includes all
294 primary data centers, other nonprimary data centers, and
295 computing facilities, and that provides an enterprise
296 information technology service as defined in s. 282.0041, is
297 established.
298 (2) DEPARTMENT OF AGENCY FOR ENTERPRISE INFORMATION
299 TECHNOLOGY DUTIES.—The department Agency for Enterprise
300 Information Technology shall:
301 (a) Collect and maintain information necessary for
302 developing policies relating to the data center system,
303 including, but not limited to, an inventory of facilities.
304 (b) Annually approve cost-recovery mechanisms and rate
305 structures for primary data centers which recover costs through
306 charges to customer entities.
307 (c) By December 31 of each year, submit to the Legislature
308 recommendations to improve the efficiency and effectiveness of
309 computing services provided by state data center system
310 facilities. Such recommendations may include, but need not be
311 limited to:
312 1. Policies for improving the cost-effectiveness and
313 efficiency of the state data center system.
314 2. Infrastructure improvements supporting the consolidation
315 of facilities or preempting the need to create additional data
316 centers or computing facilities.
317 3. Standards for an objective, credible energy performance
318 rating system that data center boards of trustees can use to
319 measure state data center energy consumption and efficiency on a
320 biannual basis.
321 4. Uniform disaster recovery standards.
322 5. Standards for primary data centers providing transparent
323 financial data to user agencies.
324 6. Consolidation of contract practices or coordination of
325 software, hardware, or other technology-related procurements.
326 7. Improvements to data center governance structures.
327 (d) By October 1 of each year beginning in 2009, recommend
328 to the Governor and Legislature at least two nonprimary data
329 centers for consolidation into a primary data center or
330 nonprimary data center facility.
331 1. The consolidation proposal must provide a transition
332 plan that includes:
333 a. Estimated transition costs for each data center or
334 computing facility recommended for consolidation;
335 b. Detailed timeframes for the complete transition of each
336 data center or computing facility recommended for consolidation;
337 c. Proposed recurring and nonrecurring fiscal impacts,
338 including increased or decreased costs and associated budget
339 impacts for affected budget entities;
340 d. Substantive legislative changes necessary to implement
341 the transition; and
342 e. Identification of computing resources to be transferred
343 and those that will remain in the agency. The transfer of
344 resources must include all hardware, software, staff, contracted
345 services, and facility resources performing data center
346 management and operations, security, backup and recovery,
347 disaster recovery, system administration, database
348 administration, system programming, job control, production
349 control, print, storage, technical support, help desk, and
350 managed services but excluding application development.
351 2. Recommendations shall be based on the goal of maximizing
352 current and future cost savings. The department agency shall
353 consider the following criteria in selecting consolidations that
354 maximize efficiencies by providing the ability to:
355 a. Consolidate purchase decisions;
356 b. Leverage expertise and other resources to gain economies
357 of scale;
358 c. Implement state information technology policies more
359 effectively;
360 d. Maintain or improve the level of service provision to
361 customer entities; and
362 e. Make progress towards the state’s goal of consolidating
363 data centers and computing facilities into primary data centers.
364 3. The department agency shall establish workgroups as
365 necessary to ensure participation by affected agencies in the
366 development of recommendations related to consolidations.
367 (e) By December 31, 2010, the department agency shall
368 develop and submit to the Legislature an overall consolidation
369 plan for state data centers. The plan shall indicate a timeframe
370 for the consolidation of all remaining nonprimary data centers
371 into primary data centers, including existing and proposed
372 primary data centers, by 2019.
373 (f) Develop and establish rules relating to the operation
374 of the state data center system which comply with applicable
375 federal regulations, including 2 C.F.R. part 225 and 45 C.F.R.
376 The rules may address:
377 1. Ensuring that financial information is captured and
378 reported consistently and accurately.
379 2. Requiring the establishment of service-level agreements
380 executed between a data center and its customer entities for
381 services provided.
382 3. Requiring annual full cost recovery on an equitable
383 rational basis. The cost-recovery methodology must ensure that
384 no service is subsidizing another service and may include
385 adjusting the subsequent year’s rates as a means to recover
386 deficits or refund surpluses from a prior year.
387 4. Requiring that any special assessment imposed to fund
388 expansion is based on a methodology that apportions the
389 assessment according to the proportional benefit to each
390 customer entity.
391 5. Requiring that rebates be given when revenues have
392 exceeded costs, that rebates be applied to offset charges to
393 those customer entities that have subsidized the costs of other
394 customer entities, and that such rebates may be in the form of
395 credits against future billings.
396 6. Requiring that all service-level agreements have a
397 contract term of up to 3 years, but may include an option to
398 renew for up to 3 additional years contingent on approval by the
399 board, and require at least a 180-day notice of termination.
400 7. Designating any nonstate data center as a primary data
401 center if the center:
402 a. Has an established governance structure that represents
403 customer entities proportionally.
404 b. Maintains an appropriate cost-allocation methodology
405 that accurately bills a customer entity based on the actual
406 direct and indirect costs to the customer entity, and prohibits
407 the subsidization of one customer entity’s costs by another
408 entity.
409 c. Has sufficient raised floor space, cooling, and
410 redundant power capacity, including uninterruptible power supply
411 and backup power generation, to accommodate the computer
412 processing platforms and support necessary to host the computing
413 requirements of additional customer entities.
414 8. Removing a nonstate data center from primary data center
415 designation if the nonstate data center fails to meet standards
416 necessary to ensure that the state’s data is maintained pursuant
417 to subparagraph 7.
418 (3) STATE AGENCY DUTIES.—
419 (a) For the purpose of completing its work activities as
420 described in subsection (1), each state agency shall provide to
421 the Department of Agency for Enterprise Information Technology
422 all requested information and any other information relevant to
423 the agency’s ability to effectively transition its computer
424 services into a primary data center. The agency shall also
425 participate as required in workgroups relating to specific
426 consolidation planning and implementation tasks as assigned by
427 the department Agency for Enterprise Information Technology and
428 determined necessary to accomplish consolidation goals.
429 (b) Each state agency shall submit to the department Agency
430 for Enterprise Information Technology information relating to
431 its data centers and computing facilities as required in
432 instructions issued by July 1 of each year by the Department of
433 Agency for Enterprise Information Technology. The information
434 required may include:
435 1. Amount of floor space used and available.
436 2. Numbers and capacities of mainframes and servers.
437 3. Storage and network capacity.
438 4. Amount of power used and the available capacity.
439 5. Estimated expenditures by service area, including
440 hardware and software, numbers of full-time equivalent
441 positions, personnel turnover, and position reclassifications.
442 6. A list of contracts in effect for the fiscal year,
443 including, but not limited to, contracts for hardware, software
444 and maintenance, including the expiration date, the contract
445 parties, and the cost of the contract.
446 7. Service-level agreements by customer entity.
447 (c) The chief information officer of each state agency
448 shall assist the Department of Agency for Enterprise Information
449 Technology at the department’s request of the Agency for
450 Enterprise Information Technology.
451 (4) AGENCY LIMITATIONS.—
452 (b) Exceptions to the limitations in subparagraphs (a)1.,
453 2., and 4. may be granted by the Department of Agency for
454 Enterprise Information Technology if there is insufficient
455 capacity in a primary data center to absorb the workload
456 associated with agency computing services.
457 1. A request for an exception must be submitted in writing
458 to the Department of Agency for Enterprise Information
459 Technology. The department agency must accept, accept with
460 conditions, or deny the request within 60 days after receipt of
461 the written request. The department’s agency’s decision is not
462 subject to chapter 120.
463 2. At a minimum, the department agency may not approve a
464 request unless it includes:
465 a. Documentation approved by the primary data center’s
466 board of trustees which confirms that the center cannot meet the
467 capacity requirements of the agency requesting the exception
468 within the current fiscal year.
469 b. A description of the capacity requirements of the agency
470 requesting the exception.
471 c. Documentation from the agency demonstrating why it is
472 critical to the agency’s mission that the expansion or transfer
473 must be completed within the fiscal year rather than when
474 capacity is established at a primary data center.
475 (d) Upon the termination of or transfer of agency computing
476 services from the primary data center, the primary data center
477 shall require information sufficient to determine compliance
478 with this section. If a primary data center determines that an
479 agency is in violation of this section, it shall report the
480 violation to the Department of Agency for Enterprise Information
481 Technology.
482 (5) RULES.—The Department of Agency for Enterprise
483 Information Technology may is authorized to adopt rules pursuant
484 to ss. 120.536(1) and 120.54 to administer the provisions of
485 this part relating to the state data center system including the
486 primary data centers.
487 Section 10. Paragraphs (c), (d), (h), and (i) of subsection
488 (1), paragraph (e) of subsection (2), and paragraphs (b), (e),
489 (h), and (k) of subsection (3) of section 282.203, Florida
490 Statutes, are amended to read:
491 282.203 Primary data centers.—
492 (1) DATA CENTER DUTIES.—Each primary data center shall:
493 (c) Comply with rules adopted by the Department of Agency
494 for Enterprise Information Technology, pursuant to this section,
495 and coordinate with the agency in the consolidation of data
496 centers.
497 (d) Provide transparent financial statements to customer
498 entities, the center’s board of trustees, and the Department of
499 Agency for Enterprise Information Technology. The financial
500 statements shall be provided as follows:
501 1. Annually, by July 30 for the current fiscal year and by
502 December 1 for the subsequent fiscal year, the data center must
503 provide the total annual budgeted costs by major expenditure
504 category, including, but not limited to, salaries, expense,
505 operating capital outlay, contracted services, or other
506 personnel services, which directly relate to the provision of
507 each service and which separately indicate the administrative
508 overhead allocated to each service.
509 2. Annually, by July 30 for the current fiscal year and by
510 December 1 for the subsequent fiscal year, the data center must
511 provide total projected billings for each customer entity which
512 are required to recover the costs of the data center.
513 3. Annually, by January 31, the data center must provide
514 updates of the financial statements required under subparagraphs
515 1. and 2. for the current fiscal year.
516 4. By February 15, for proposed legislative budget
517 increases, the data center must provide updates of the financial
518 statements required under subparagraphs 1. and 2. for the
519 subsequent fiscal year.
520
521 The financial information required under subparagraphs 1., 2.,
522 and 3. must be based on current law and current appropriations.
523 (h) Develop a business continuity plan and conduct a live
524 exercise of the plan at least annually. The plan must be
525 approved by the board and the Department of Agency for
526 Enterprise Information Technology.
527 (i) Enter into a service-level agreement with each customer
528 entity to provide services as defined and approved by the board
529 in compliance with rules of the Department of Agency for
530 Enterprise Information Technology. A service-level agreement may
531 not have a term exceeding 3 years but may include an option to
532 renew for up to 3 years contingent on approval by the board.
533 1. A service-level agreement, at a minimum, must:
534 a. Identify the parties and their roles, duties, and
535 responsibilities under the agreement;
536 b. Identify the legal authority under which the service
537 level agreement was negotiated and entered into by the parties;
538 c. State the duration of the contractual term and specify
539 the conditions for contract renewal;
540 d. Prohibit the transfer of computing services between
541 primary data center facilities without at least 180 days’ notice
542 of service cancellation;
543 e. Identify the scope of work;
544 f. Identify the products or services to be delivered with
545 sufficient specificity to permit an external financial or
546 performance audit;
547 g. Establish the services to be provided, the business
548 standards that must be met for each service, the cost of each
549 service, and the process by which the business standards for
550 each service are to be objectively measured and reported;
551 h. Identify applicable funds and funding streams for the
552 services or products under contract;
553 i. Provide a timely billing methodology for recovering the
554 cost of services provided to the customer entity;
555 j. Provide a procedure for modifying the service-level
556 agreement to address changes in projected costs of service;
557 k. Provide that a service-level agreement may be terminated
558 by either party for cause only after giving the other party and
559 the department Agency for Enterprise Information Technology
560 notice in writing of the cause for termination and an
561 opportunity for the other party to resolve the identified cause
562 within a reasonable period; and
563 l. Provide for mediation of disputes by the Division of
564 Administrative Hearings pursuant to s. 120.573.
565 2. A service-level agreement may include:
566 a. A dispute resolution mechanism, including alternatives
567 to administrative or judicial proceedings;
568 b. The setting of a surety or performance bond for service
569 level agreements entered into with nonstate agency primary data
570 centers, which may be designated by the department Agency for
571 Enterprise Information Technology; or
572 c. Additional terms and conditions as determined advisable
573 by the parties if such additional terms and conditions do not
574 conflict with the requirements of this section or rules adopted
575 by the department Agency for Enterprise Information Technology.
576 3. The failure to execute a service-level agreement within
577 60 days after service commencement shall, in the case of an
578 existing customer entity, result in a continuation of the terms
579 of the service-level agreement from the prior fiscal year,
580 including any amendments that were formally proposed to the
581 customer entity by the primary data center within the 3 months
582 before service commencement, and a revised cost-of-service
583 estimate. If a new customer entity fails to execute an agreement
584 within 60 days after service commencement, the data center may
585 cease services.
586 (2) BOARD OF TRUSTEES.—Each primary data center shall be
587 headed by a board of trustees as defined in s. 20.03.
588 (e) The executive director of the Department of Agency for
589 Enterprise Information Technology shall be the advisor to the
590 board.
591 (3) BOARD DUTIES.—Each board of trustees of a primary data
592 center shall:
593 (b) Establish procedures for the primary data center to
594 ensure that budgeting and accounting procedures, cost-recovery
595 methodologies, and operating procedures are in compliance with
596 laws governing the state data center system, rules adopted by
597 the Department of Agency for Enterprise Information Technology,
598 and applicable federal regulations, including 2 C.F.R. part 225
599 and 45 C.F.R.
600 (e) Ensure the sufficiency and transparency of the primary
601 data center financial information by:
602 1. Establishing policies that ensure that cost-recovery
603 methodologies, billings, receivables, expenditure, budgeting,
604 and accounting data are captured and reported timely,
605 consistently, accurately, and transparently and, upon adoption
606 of rules by the Department of Agency for Enterprise Information
607 Technology, are in compliance with such rules.
608 2. Requiring execution of service-level agreements by the
609 data center and each customer entity for services provided by
610 the data center to the customer entity.
611 3. Requiring cost recovery for the full cost of services,
612 including direct and indirect costs. The cost-recovery
613 methodology must ensure that no service is subsidizing another
614 service without an affirmative vote of approval by the customer
615 entity providing the subsidy.
616 4. Establishing special assessments to fund expansions
617 based on a methodology that apportions the assessment according
618 to the proportional benefit to each customer entity.
619 5. Providing rebates to customer entities when revenues
620 exceed costs and offsetting charges to those who have subsidized
621 other customer entity costs based on actual prior year final
622 expenditures. Rebates may be credited against future billings.
623 6. Approving all expenditures committing over $50,000 in a
624 fiscal year.
625 7. Projecting costs and revenues at the beginning of the
626 third quarter of each fiscal year through the end of the fiscal
627 year. If in any given fiscal year the primary data center is
628 projected to earn revenues that are below costs for that fiscal
629 year after first reducing operating costs where possible, the
630 board shall implement any combination of the following remedies
631 to cover the shortfall:
632 a. The board may direct the primary data center to adjust
633 current year chargeback rates through the end of the fiscal year
634 to cover the shortfall. The rate adjustments shall be
635 implemented using actual usage rate and billing data from the
636 first three quarters of the fiscal year and the same principles
637 used to set rates for the fiscal year.
638 b. The board may direct the primary data center to levy
639 one-time charges on all customer entities to cover the
640 shortfall. The one-time charges shall be implemented using
641 actual usage rate and billing data from the first three quarters
642 of the fiscal year and the same principles used to set rates for
643 the fiscal year.
644 c. The customer entities represented by each board member
645 may provide payments to cover the shortfall in proportion to the
646 amounts each entity paid in the prior fiscal year.
647 (h) By July 1 of each year, submit to the Department of
648 Agency for Enterprise Information Technology proposed cost
649 recovery mechanisms and rate structures for all customer
650 entities for the fiscal year including the cost-allocation
651 methodology for administrative expenditures and the calculation
652 of administrative expenditures as a percent of total costs.
653 (k) Coordinate with other primary data centers and the
654 Department of Agency for Enterprise Information Technology in
655 order to consolidate purchases of goods and services and lower
656 the cost of providing services to customer entities.
657 Section 11. Subsection (2) of section 282.204, Florida
658 Statutes, is amended to read:
659 282.204 Northwood Shared Resource Center.—The Northwood
660 Shared Resource Center is an agency established within the
661 Department of Children and Family Services for administrative
662 purposes only.
663 (2) The center shall be headed by a board of trustees as
664 provided in s. 282.203, who shall comply with all requirements
665 of that section related to the operation of the center and with
666 the rules of the Department of Agency for Enterprise Information
667 Technology related to the design and delivery of enterprise
668 information technology services.
669 Section 12. Subsection (2) of section 282.205, Florida
670 Statutes, is amended to read:
671 282.205 Southwood Shared Resource Center.—The Southwood
672 Shared Resource Center is an agency established within the
673 department for administrative purposes only.
674 (2) The center shall be headed by a board of trustees as
675 provided in s. 282.203, who shall comply with all requirements
676 of that section related to the operation of the center and with
677 the rules of the Department of Agency for Enterprise Information
678 Technology related to the design and delivery of enterprise
679 information technology services.
680 Section 13. Paragraphs (b) and (e) of subsection (2) of
681 section 282.3055, Florida Statutes, are amended to read:
682 282.3055 Agency chief information officer; appointment;
683 duties.—
684 (2) The duties of the agency chief information officer
685 include, but are not limited to:
686 (b) Implementing agency information technology planning and
687 management procedures, guidelines, and standards that are
688 consistent with the procedures and standards adopted by the
689 Department of Agency for Enterprise Information Technology.
690 (e) Assisting the Department of Agency for Enterprise
691 Information Technology in the development of strategies for
692 implementing the enterprise information technology services
693 established in law and developing recommendations for enterprise
694 information technology policy.
695 Section 14. Subsections (1) and (3) of section 282.315,
696 Florida Statutes, are amended to read:
697 282.315 Agency Chief Information Officers Council;
698 creation.—The Legislature finds that enhancing communication,
699 consensus building, coordination, and facilitation with respect
700 to issues concerning enterprise information technology resources
701 are essential to improving the management of such resources.
702 (1) There is created an Agency Chief Information Officers
703 Council to:
704 (a) Enhance communication and collaboration among the
705 Agency Chief Information Officers and the Department of Agency
706 for Enterprise Information Technology.
707 (b) Identify and recommend best practices that are
708 characteristic of highly successful technology organizations, as
709 well as exemplary information technology applications for use by
710 state agencies, and assist the Department of Agency for
711 Enterprise Information Technology in developing strategies for
712 implementing the enterprise information technology services
713 established in law and developing recommendations for enterprise
714 information technology policy.
715 (c) Identify efficiency opportunities among state agencies
716 and make recommendations for action to the Department of Agency
717 for Enterprise Information Technology. This includes
718 recommendations relating to the consolidation of agency data
719 center and computing facilities, including operational policies,
720 procedures and standards for the consolidated facilities, and
721 procedures and standards for planning the migration to
722 consolidated facilities.
723 (d) Assist the Department of Agency for Enterprise
724 Information Technology in identifying critical enterprise
725 information technology issues and, when appropriate, make
726 recommendations for solving enterprise resource planning and
727 management deficiencies.
728 (e) Annually, by October 1, identify information technology
729 products, as defined in s. 282.0041, which, if purchased in a
730 consolidated manner, would result in savings to the state, and
731 develop recommendations regarding a process for consolidating
732 such purchases. The council shall transmit its recommendations
733 to the Department of Agency for Enterprise Information
734 Technology.
735 (3) The Department of Agency for Enterprise Information
736 Technology shall provide administrative support to the council.
737 Section 15. Subsection (3), paragraphs (c), (d), and (f) of
738 subsection (4), and subsections (6) and (7) of section 282.318,
739 Florida Statutes, are amended to read:
740 282.318 Enterprise security of data and information
741 technology.—
742 (3) The Office of Information Security within the
743 Department of Agency for Enterprise Information Technology is
744 responsible for establishing rules and publishing guidelines for
745 ensuring an appropriate level of security for all data and
746 information technology resources for executive branch agencies.
747 The office shall also perform the following duties and
748 responsibilities:
749 (a) Develop, and annually update by February 1, an
750 enterprise information security strategic plan that includes
751 security goals and objectives for the strategic issues of
752 information security policy, risk management, training, incident
753 management, and survivability planning.
754 (b) Develop enterprise security rules and published
755 guidelines for:
756 1. Comprehensive risk analyses and information security
757 audits conducted by state agencies.
758 2. Responding to suspected or confirmed information
759 security incidents, including suspected or confirmed breaches of
760 personal information or exempt data.
761 3. Agency security plans, including strategic security
762 plans and security program plans.
763 4. The recovery of information technology and data
764 following a disaster.
765 5. The managerial, operational, and technical safeguards
766 for protecting state government data and information technology
767 resources.
768 (c) Assist agencies in complying with the provisions of
769 this section.
770 (d) Pursue appropriate funding for the purpose of enhancing
771 domestic security.
772 (e) Provide training for agency information security
773 managers.
774 (f) Annually review the strategic and operational
775 information security plans of executive branch agencies.
776 (4) To assist the Office of Information Security in
777 carrying out its responsibilities, each agency head shall, at a
778 minimum:
779 (c) Conduct, and update every 3 years, a comprehensive risk
780 analysis to determine the security threats to the data,
781 information, and information technology resources of the agency.
782 The risk analysis information is confidential and exempt from
783 the provisions of s. 119.07(1), except that such information
784 shall be available to the Auditor General and the Department of
785 Agency for Enterprise Information Technology for performing
786 postauditing duties.
787 (d) Develop, and periodically update, written internal
788 policies and procedures, which include procedures for notifying
789 the office when a suspected or confirmed breach, or an
790 information security incident, occurs. Such policies and
791 procedures must be consistent with the rules and guidelines
792 established by the office to ensure the security of the data,
793 information, and information technology resources of the agency.
794 The internal policies and procedures that, if disclosed, could
795 facilitate the unauthorized modification, disclosure, or
796 destruction of data or information technology resources are
797 confidential information and exempt from s. 119.07(1), except
798 that such information shall be available to the Auditor General
799 and the Department of Agency for Enterprise Information
800 Technology for performing postauditing duties.
801 (f) Ensure that periodic internal audits and evaluations of
802 the agency’s security program for the data, information, and
803 information technology resources of the agency are conducted.
804 The results of such audits and evaluations are confidential
805 information and exempt from s. 119.07(1), except that such
806 information shall be available to the Auditor General and the
807 Department of Agency for Enterprise Information Technology for
808 performing postauditing duties.
809 (6) The Department of Agency for Enterprise Information
810 Technology may adopt rules relating to information security and
811 to administer the provisions of this section.
812 (7) By December 31, 2010, the Agency for Enterprise
813 Information Technology shall develop, and submit to the
814 Governor, the President of the Senate, and the Speaker of the
815 House of Representatives a proposed implementation plan for
816 information technology security. The agency shall describe the
817 scope of operation, conduct costs and requirements analyses,
818 conduct an inventory of all existing security information
819 technology resources, and develop strategies, timeframes, and
820 resources necessary for statewide migration.
821 Section 16. Subsections (1) through (3) of section 282.33,
822 Florida Statutes, are amended to read:
823 282.33 Objective standards for data center energy
824 efficiency.—
825 (1) By July 1, 2009, The Department of Agency for
826 Enterprise Information Technology shall define objective
827 standards for:
828 (a) Measuring data center energy consumption and
829 efficiency, including, but not limited to, airflow and cooling,
830 power consumption and distribution, and environmental control
831 systems in a data center facility.
832 (b) Calculating total cost of ownership of energy-efficient
833 information technology products, including initial purchase,
834 installation, ongoing operation and maintenance, and disposal
835 costs over the life cycle of the product.
836 (2) State shared resource data centers and other data
837 centers that the Department of Agency for Enterprise Information
838 Technology has determined will be recipients for consolidating
839 data centers, which are designated by the department Agency for
840 Enterprise Information Technology, shall evaluate their data
841 center facilities for energy efficiency using the standards
842 established in this section.
843 (a) Results of these evaluations shall be reported to the
844 department Agency for Enterprise Information Technology, the
845 President of the Senate, and the Speaker of the House of
846 Representatives. Reports shall enable the tracking of energy
847 performance over time and comparisons between facilities.
848 (b) By December 31, 2010, and biennially thereafter, the
849 department Agency for Enterprise Information Technology shall
850 submit to the Legislature recommendations for reducing energy
851 consumption and improving the energy efficiency of state primary
852 data centers.
853 (3) The primary means of achieving maximum energy savings
854 across all state data centers and computing facilities shall be
855 the consolidation of data centers and computing facilities as
856 determined by the Department of Agency for Enterprise
857 Information Technology. State data centers and computing
858 facilities in the state data center system shall be established
859 as an enterprise information technology service as defined in s.
860 282.0041. The department Agency for Enterprise Information
861 Technology shall make recommendations on consolidating state
862 data centers and computing facilities, pursuant to s. 282.0056,
863 by December 31, 2009.
864 Section 17. Subsection (2) through (5), (7), and (9)
865 through (11) of section 282.34, Florida Statutes, are amended to
866 read:
867 282.34 Statewide e-mail service.—A state e-mail system that
868 includes the delivery and support of e-mail, messaging, and
869 calendaring capabilities is established as an enterprise
870 information technology service as defined in s. 282.0041. The
871 service shall be designed to meet the needs of all executive
872 branch agencies. The primary goals of the service are to
873 minimize the state investment required to establish, operate,
874 and support the statewide service; reduce the cost of current e
875 mail operations and the number of duplicative e-mail systems;
876 and eliminate the need for each state agency to maintain its own
877 e-mail staff.
878 (2) The Department of Agency for Enterprise Information
879 Technology, in consultation with the Southwood Shared Resource
880 Center, shall establish and coordinate a multiagency project
881 team to develop a competitive solicitation for establishing the
882 statewide e-mail service.
883 (a) The Southwood Shared Resource Center shall issue the
884 competitive solicitation by August 31, 2010, with vendor
885 responses required by October 15, 2010. Issuance of the
886 competitive solicitation does not obligate the agency and the
887 center to conduct further negotiations or to execute a contract.
888 The decision to conduct or conclude negotiations, or execute a
889 contract, must be made solely at the discretion of the agency.
890 (b) The competitive solicitation must include detailed
891 specifications describing:
892 1. The current e-mail approach for state agencies and the
893 specific business objectives met by the present system.
894 2. The minimum functional requirements necessary for
895 successful statewide implementation and the responsibilities of
896 the prospective service provider and the agency.
897 3. The form and required content for submitted proposals,
898 including, but not limited to, a description of the proposed
899 system and its internal and external sourcing options, a 5-year
900 life-cycle-based pricing based on cost per mailbox per month,
901 and a decommissioning approach for current e-mail systems; an
902 implementation schedule and implementation services; a
903 description of e-mail account management, help desk, technical
904 support, and user provisioning services; disaster recovery and
905 backup and restore capabilities; antispam and antivirus
906 capabilities; remote access and mobile messaging capabilities;
907 and staffing requirements.
908 (c) Other optional requirements specifications may be
909 included in the competitive solicitation if not in conflict with
910 the primary goals of the statewide e-mail service.
911 (d) The competitive solicitation must permit alternative
912 financial and operational models to be proposed, including, but
913 not limited to:
914 1. Leasing or usage-based subscription fees;
915 2. Installing and operating the e-mail service within the
916 Southwood Shared Resource Center or in a data center operated by
917 an external service provider; or
918 3. Provisioning the e-mail service as an Internet-based
919 offering provided to state agencies. Specifications for proposed
920 models must be optimized to meet the primary goals of the e-mail
921 service.
922 (3) By December 31, 2010, or within 1 month after
923 negotiations are complete, whichever is later, the multiagency
924 project team and the Department of Agency for Enterprise
925 Information Technology shall prepare a business case analysis
926 containing its recommendations for procuring the statewide e
927 mail service for submission to the Governor and Cabinet, the
928 President of the Senate, and the Speaker of the House of
929 Representatives. The business case is not subject to challenge
930 or protest pursuant to chapter 120. The business case must
931 include, at a minimum:
932 (a) An assessment of the major risks that must be managed
933 for each proposal compared to the risks for the current state
934 agency e-mail system and the major benefits that are associated
935 with each.
936 (b) A cost-benefit analysis that estimates all major cost
937 elements associated with each sourcing option, focusing on the
938 nonrecurring and recurring life-cycle costs of each option. The
939 analysis must include a comparison of the estimated total 5-year
940 life-cycle cost of the current agency e-mail systems versus each
941 enterprise e-mail sourcing option in order to determine the
942 feasibility of funding the migration and operation of the
943 statewide e-mail service and the overall level of savings that
944 can be expected. The 5-year life-cycle costs for each state
945 agency must include, but are not limited to:
946 1. The total recurring operating costs of the current
947 agency e-mail systems, including monthly mailbox costs,
948 staffing, licensing and maintenance costs, hardware, and other
949 related e-mail product and service costs.
950 2. An estimate of nonrecurring hardware and software
951 refresh, upgrade, or replacement costs based on the expected 5
952 year obsolescence of current e-mail software products and
953 equipment through the 2014 fiscal year, and the basis for the
954 estimate.
955 3. An estimate of recurring costs associated with the
956 energy consumption of current agency e-mail equipment, and the
957 basis for the estimate.
958 4. Any other critical costs associated with the current
959 agency e-mail systems which can reasonably be estimated and
960 included in the business case analysis.
961 (c) A comparison of the migrating schedules of each
962 sourcing option to the statewide e-mail service, including the
963 approach and schedule for the decommissioning of all current
964 state agency e-mail systems beginning with phase 1 and phase 2
965 as provided in subsection (4).
966 (4) All agencies must be completely migrated to the
967 statewide e-mail service as soon as financially and
968 operationally feasible, but no later than June 30, 2015.
969 (a) The following statewide e-mail service implementation
970 schedule is established for state agencies:
971 1. Phase 1.—The following agencies must be completely
972 migrated to the statewide e-mail system by June 30, 2012: the
973 Department of Agency for Enterprise Information Technology; the
974 Department of Community Affairs, including the Division of
975 Emergency Management; the Department of Corrections; the
976 Department of Health; the Department of Highway Safety and Motor
977 Vehicles; the Department of Management Services, including the
978 Division of Administrative Hearings, the Division of Retirement,
979 the Commission on Human Relations, and the Public Employees
980 Relations Commission; the Southwood Shared Resource Center; and
981 the Department of Revenue.
982 2. Phase 2.—The following agencies must be completely
983 migrated to the statewide e-mail system by June 30, 2013: the
984 Department of Business and Professional Regulation; the
985 Department of Education, including the Board of Governors; the
986 Department of Environmental Protection; the Department of
987 Juvenile Justice; the Department of the Lottery; the Department
988 of State; the Department of Law Enforcement; the Department of
989 Veterans’ Affairs; the Judicial Administration Commission; the
990 Public Service Commission; and the Statewide Guardian Ad Litem
991 Office.
992 3. Phase 3.—The following agencies must be completely
993 migrated to the statewide e-mail system by June 30, 2014: the
994 Agency for Health Care Administration; the Agency for Workforce
995 Innovation; the Department of Financial Services, including the
996 Office of Financial Regulation and the Office of Insurance
997 Regulation; the Department of Agriculture and Consumer Services;
998 the Executive Office of the Governor; the Department of
999 Transportation; the Fish and Wildlife Conservation Commission;
1000 the Agency for Persons With Disabilities; the Northwood Shared
1001 Resource Center; and the State Board of Administration.
1002 4. Phase 4.—The following agencies must be completely
1003 migrated to the statewide e-mail system by June 30, 2015: the
1004 Department of Children and Family Services; the Department of
1005 Citrus; the Department of Elderly Affairs; and the Department of
1006 Legal Affairs.
1007 (b) Agency requests to modify their scheduled implementing
1008 date must be submitted in writing to the Department of Agency
1009 for Enterprise Information Technology. Any exceptions or
1010 modifications to the schedule must be approved by the Department
1011 of Agency for Enterprise Information Technology based only on
1012 the following criteria:
1013 1. Avoiding nonessential investment in agency e-mail
1014 hardware or software refresh, upgrade, or replacement.
1015 2. Avoiding nonessential investment in new software or
1016 hardware licensing agreements, maintenance or support
1017 agreements, or e-mail staffing for current e-mail systems.
1018 3. Resolving known agency e-mail problems through migration
1019 to the statewide e-mail service.
1020 4. Accommodating unique agency circumstances that require
1021 an acceleration or delay of the implementation date.
1022 (5) In order to develop the implementation plan for the
1023 statewide e-mail service, the Department of Agency for
1024 Enterprise Information Technology shall establish and coordinate
1025 a statewide e-mail project team. The agency shall also consult
1026 with and, as necessary, form workgroups consisting of agency e
1027 mail management staff, agency chief information officers, agency
1028 budget directors, and other administrative staff. The statewide
1029 e-mail implementation plan must be submitted to the Governor,
1030 the President of the Senate, and the Speaker of the House of
1031 Representatives by July 1, 2011.
1032 (7) Exceptions to paragraphs (6)(a), (b), and (c) may be
1033 granted by the Department of Agency for Enterprise Information
1034 Technology only if the Southwood Shared Resource Center is
1035 unable to meet agency business requirements for the e-mail
1036 service, and if such requirements are essential to maintain
1037 agency operations. Requests for exceptions must be submitted in
1038 writing to the Agency for Enterprise Information Technology and
1039 include documented confirmation by the Southwood Shared Resource
1040 Center board of trustees that it cannot meet the requesting
1041 agency’s e-mail service requirements.
1042 (9) The Department of Agency for Enterprise Information
1043 Technology shall adopt rules to standardize the format for state
1044 agency e-mail addresses.
1045 (10) State agencies must fully cooperate with the
1046 Department of Agency for Enterprise Information Technology in
1047 the performance of its responsibilities established in this
1048 section.
1049 (11) The Department of Agency for Enterprise Information
1050 Technology shall recommend changes to an agency’s scheduled date
1051 for migration to the statewide e-mail service pursuant to this
1052 section, annually by December 31, until migration to the
1053 statewide service is complete.
1054 Section 18. Subsection (22) of section 287.057, Florida
1055 Statutes, is amended to read:
1056 287.057 Procurement of commodities or contractual
1057 services.—
1058 (22) The department, in consultation with the Department of
1059 Agency for Enterprise Information Technology and the
1060 Comptroller, shall develop a program for online procurement of
1061 commodities and contractual services. To enable the state to
1062 promote open competition and to leverage its buying power,
1063 agencies shall participate in the online procurement program,
1064 and eligible users may participate in the program. Only vendors
1065 prequalified as meeting mandatory requirements and
1066 qualifications criteria may participate in online procurement.
1067 (a) The department, in consultation with the Department of
1068 Information Technology agency, may contract for equipment and
1069 services necessary to develop and implement online procurement.
1070 (b) The department, in consultation with the Department of
1071 Information Technology agency, shall adopt rules, pursuant to
1072 ss. 120.536(1) and 120.54, to administer the program for online
1073 procurement. The rules shall include, but not be limited to:
1074 1. Determining the requirements and qualification criteria
1075 for prequalifying vendors.
1076 2. Establishing the procedures for conducting online
1077 procurement.
1078 3. Establishing the criteria for eligible commodities and
1079 contractual services.
1080 4. Establishing the procedures for providing access to
1081 online procurement.
1082 5. Determining the criteria warranting any exceptions to
1083 participation in the online procurement program.
1084 (c) The department may impose and shall collect all fees
1085 for the use of the online procurement systems.
1086 1. The fees may be imposed on an individual transaction
1087 basis or as a fixed percentage of the cost savings generated. At
1088 a minimum, the fees must be set in an amount sufficient to cover
1089 the projected costs of the services, including administrative
1090 and project service costs in accordance with the policies of the
1091 department.
1092 2. If the department contracts with a provider for online
1093 procurement, the department, pursuant to appropriation, shall
1094 compensate the provider from the fees after the department has
1095 satisfied all ongoing costs. The provider shall report
1096 transaction data to the department each month so that the
1097 department may determine the amount due and payable to the
1098 department from each vendor.
1099 3. All fees that are due and payable to the state on a
1100 transactional basis or as a fixed percentage of the cost savings
1101 generated are subject to s. 215.31 and must be remitted within
1102 40 days after receipt of payment for which the fees are due. For
1103 fees that are not remitted within 40 days, the vendor shall pay
1104 interest at the rate established under s. 55.03(1) on the unpaid
1105 balance from the expiration of the 40-day period until the fees
1106 are remitted.
1107 4. All fees and surcharges collected under this paragraph
1108 shall be deposited in the Operating Trust Fund as provided by
1109 law.
1110 Section 19. Subsection (4) of section 445.011, Florida
1111 Statutes, is amended to read:
1112 445.011 Workforce information systems.—
1113 (4) Workforce Florida, Inc., shall coordinate development
1114 and implementation of workforce information systems with the
1115 executive director of the Department of Agency for Enterprise
1116 Information Technology to ensure compatibility with the state’s
1117 information system strategy and enterprise architecture.
1118 Section 20. Subsections (2) and (4) of section 445.045,
1119 Florida Statutes, are amended to read:
1120 445.045 Development of an Internet-based system for
1121 information technology industry promotion and workforce
1122 recruitment.—
1123 (2) Workforce Florida, Inc., shall coordinate with the
1124 Department of Agency for Enterprise Information Technology and
1125 the Agency for Workforce Innovation to ensure links, where
1126 feasible and appropriate, to existing job information websites
1127 maintained by the state and state agencies and to ensure that
1128 information technology positions offered by the state and state
1129 agencies are posted on the information technology website.
1130 (4)(a) Workforce Florida, Inc., shall coordinate
1131 development and maintenance of the website under this section
1132 with the executive director of the Department of Agency for
1133 Enterprise Information Technology to ensure compatibility with
1134 the state’s information system strategy and enterprise
1135 architecture.
1136 (a)(b) Workforce Florida, Inc., may enter into an agreement
1137 with the Department of Agency for Enterprise Information
1138 Technology, the Agency for Workforce Innovation, or any other
1139 public agency with the requisite information technology
1140 expertise for the provision of design, operating, or other
1141 technological services necessary to develop and maintain the
1142 website.
1143 (b)(c) Workforce Florida, Inc., may procure services
1144 necessary to implement the provisions of this section, if it
1145 employs competitive processes, including requests for proposals,
1146 competitive negotiation, and other competitive processes to
1147 ensure that the procurement results in the most cost-effective
1148 investment of state funds.
1149 Section 21. Paragraph (b) of subsection (18) of section
1150 668.50, Florida Statutes, is amended to read:
1151 668.50 Uniform Electronic Transaction Act.—
1152 (18) ACCEPTANCE AND DISTRIBUTION OF ELECTRONIC RECORDS BY
1153 GOVERNMENTAL AGENCIES.—
1154 (b) To the extent that a governmental agency uses
1155 electronic records and electronic signatures under paragraph
1156 (a), the Department of Agency for Enterprise Information
1157 Technology, in consultation with the governmental agency, giving
1158 due consideration to security, may specify:
1159 1. The manner and format in which the electronic records
1160 must be created, generated, sent, communicated, received, and
1161 stored and the systems established for those purposes.
1162 2. If electronic records must be signed by electronic
1163 means, the type of electronic signature required, the manner and
1164 format in which the electronic signature must be affixed to the
1165 electronic record, and the identity of, or criteria that must be
1166 met by, any third party used by a person filing a document to
1167 facilitate the process.
1168 3. Control processes and procedures as appropriate to
1169 ensure adequate preservation, disposition, integrity, security,
1170 confidentiality, and auditability of electronic records.
1171 4. Any other required attributes for electronic records
1172 which are specified for corresponding nonelectronic records or
1173 reasonably necessary under the circumstances.
1174 Section 22. During the 2011-2012 fiscal year, the
1175 Department of Information Technology shall coordinate with all
1176 state agencies to identify each state agency’s total number of
1177 positions and resources related to information technology.
1178 Agencies must submit the information to the department by August
1179 1, 2011. By September 1, 2011, the department shall submit a
1180 plan to the Executive Office of the Governor, the President of
1181 the Senate, and the Speaker of the House of Representatives for
1182 transferring to the department all information technology
1183 operations. Such information shall be included in each agency’s
1184 legislative budget request for the 2012-2013 fiscal year as a
1185 transfer to the Department of Information Technology. This
1186 section expires July 1, 2012.
1187 Section 23. The Department of Information Technology is
1188 established effective July 1, 2012. On that date, the Agency for
1189 Enterprise Information Technology is transferred from the
1190 Executive Office of the Governor to the Department of
1191 Information Technology by a type two transfer, as defined in s.
1192 20.06(1), Florida Statutes.
1193 Section 24. This act shall take effect July 1, 2011.