Florida Senate - 2012                          SENATOR AMENDMENT
       Bill No. SB 1984
                                Barcode 885652                          
                              LEGISLATIVE ACTION                        
                    Senate             .             House              
                 Floor: WD/2R          .                                
             02/23/2012 06:30 PM       .                                

       Senator Ring moved the following:
    1         Senate Amendment (with title amendment)
    3         Delete everything after the enacting clause
    4  and insert:
    5         Section 1. (1) The Agency for Enterprise Information
    6  Technology is abolished.
    7         (2) All of the powers, duties, functions, records,
    8  personnel, and property; funds, trust funds, and unexpended
    9  balances of appropriations, allocations, and other funds;
   10  administrative authority; administrative rules; pending issues;
   11  and existing contracts of the Agency for Enterprise Information
   12  Technology are transferred by a type two transfer, pursuant to
   13  s. 20.06(2), Florida Statutes, to the Agency for State
   14  Technology.
   15         Section 2. (1) The portions of the Technology Program
   16  established under section 20.22(2), Florida Statutes and
   17  identified in the approved plan defined in s. 282.0055(2),
   18  Florida Statutes shall transfer by a type one transfer, as
   19  defined in s. 20.06(1), Florida Statutes, from the Department of
   20  Management Services to the Agency for State Technology no later
   21  than June 30, 2014.
   22         (2) The Northwood Shared Resource Center is transferred by
   23  a type one transfer, as defined in s. 20.06(1), Florida
   24  Statutes, from the Department of Management Services to the
   25  Agency for State Technology
   26         (a) Any binding contract or interagency agreement entered
   27  into between the Northwood Shared Resource Center or an entity
   28  or agent of the center and any other agency, entity, or person
   29  continues as a binding contract or agreement for the remainder
   30  of the term of such contract or agreement on the Agency for
   31  State Technology.
   32         (b) The rules of the Northwood Shared Resource Center which
   33  were in effect at 11:59 p.m. on June 30, 2012, become rules of
   34  the Agency for State Technology and remain in effect until
   35  amended or repealed in the manner provided by law.
   36         (3) The Southwood Shared Resource Center is transferred by
   37  a type one transfer, as defined in s. 20.06(1), Florida
   38  Statutes, from the Department of Management Services to the
   39  Agency for State Technology.
   40         (a) Any binding contract or interagency agreement entered
   41  into between the Southwood Shared Resource Center or an entity
   42  or agent of the center and any other agency, entity, or person
   43  continues as a binding contract or agreement for the remainder
   44  of the term of such contract or agreement on the Agency for
   45  State Technology.
   46         (b) The rules of the Southwood Shared Resource Center which
   47  were in effect at 11:59 p.m. on June 30, 2012, become rules of
   48  the Agency for State Technology and remain in effect until
   49  amended or repealed in the manner provided by law.
   50         Section 3. Section 14.204, Florida Statutes, is repealed.
   51         Section 4. Section 14.206, Florida Statutes, is created to
   52  read:
   53         14.206 Agency for State Technology.—The Agency for State
   54  Technology is created .
   55         (1) The head of the agency shall be the Governor and
   56  Cabinet.
   57         (2) The agency shall have an executive director who is the
   58  state’s Chief Information Officer and who must:
   59         (a) Have at least a bachelor’s degree in computer science,
   60  information systems, business or public administration, or a
   61  related field, or equivalent work experience;
   62         (b) Have 10 or more years of experience working in the
   63  field of information technology;
   64         (c) Have 5 or more years of experience in related industry
   65  managing multiple, large, cross-functional teams or projects,
   66  and influencing senior-level management and key stakeholders;
   67         (d) Have at least 5 years of executive-level leadership
   68  responsibilities;
   69         (e) Have performed an integral role in enterprise-wide
   70  information technology consolidations;
   71         (f) Be appointed by the Governor, subject to confirmation
   72  by the Cabinet and the Senate, and shall serve at the pleasure
   73  of the Governor and Cabinet.
   74         (3) The executive director:
   75         (a) Shall be responsible for developing and administering a
   76  comprehensive long-range plan for the state’s information
   77  technology resources, ensuring the proper management of such
   78  resources, and delivering services.
   79         (b) Shall appoint a Chief Technology Officer to lead the
   80  divisions of the agency dedicated to the operation and delivery
   81  of enterprise information technology services.
   82         (c) Shall appoint a Chief Operations Officer to lead the
   83  divisions of the agency dedicated to enterprise information
   84  technology policy, planning, standards and procurement.
   85         (d) Shall designate a state Chief Information Security
   86  Officer.
   87         (e) May appoint all employees necessary to carry out the
   88  duties and responsibilities of the agency.
   89         (4) The Agency for State Technology is prohibited from
   90  using, and executives of the agency are prohibited from
   91  directing spending from, operational information technology
   92  trust funds, as defined in 282.0041, F.S., for any purpose for
   93  which the Strategic Information Technology Trust Fund was
   94  established.
   95         (5) The following officers, and divisions, of the agency
   96  are established:
   97         (a) Under the Chief Technology Officer:
   98         1. Upon transfer any portion of the Technology Program from
   99  the Department of Management Services to the agency, there shall
  100  be a The Division of Telecommunications once the migration of
  101  DivTel from DMS is accomplished.
  102         2. The Division of Data Center Operations which includes,
  103  but is not limited to, any shared resource center established or
  104  operated by the agency.
  107         (b) Under the Chief Operations Officer:
  108         1. Strategic Planning.
  109         2. Enterprise Information Technology Standards.
  110         a. Enterprise Information Technology Procurement.
  111         b. Information Technology Security and Compliance.
  112         3. Enterprise Services Planning and Consolidation.
  113         4. Enterprise Project Management.
  114         (c) Under the Director of Administration:
  115         1. Accounting and Budgeting.
  116         2. Personnel.
  117         3. Procurement and Contracts.
  118         (d) Under the Office of the Executive Director:
  119         1. Inspector General.
  120         2. Legal.
  121         3. Governmental Affairs.
  122         (6) The agency shall operate in a manner that ensures the
  123  participation and representation of state agencies.
  124         (7) The agency shall have the following duties and
  125  responsibilities. The agency shall:
  126         (a) Develop and publish a long-term State Information
  127  Technology Resources Strategic Plan.
  128         (b) Initiate, plan, design, implement, and manage
  129  enterprise information technology services.
  130         (c) Beginning October 1, 2012, and every 3 months
  131  thereafter, provide a status report on its initiatives. The
  132  report shall be presented at a meeting of the Governor and
  133  Cabinet.
  134         (d) Beginning September 1, 2013, and every 3 months
  135  thereafter until enterprise information technology service
  136  consolidations are complete, provide a status report on the
  137  implementation of the consolidations that must be completed
  138  during the fiscal year. The report shall be submitted to the
  139  Executive Office of the Governor, the Cabinet, the President of
  140  the Senate, and the Speaker of the House of Representatives. At
  141  a minimum, the report must describe:
  142         1. Whether the consolidation is on schedule, including
  143  progress on achieving the milestones necessary for successful
  144  and timely consolidation of scheduled agency data centers and
  145  computing facilities; and
  146         2. The risks that may affect the progress or outcome of the
  147  consolidation and how such risks are being mitigated or managed.
  148         (e) Set technical standards for information technology,
  149  including, but not limited to, desktop computers, printers, and
  150  mobile devices; review major information technology projects and
  151  procurements; establish information technology security
  152  standards; provide for the procurement of information technology
  153  resources, excluding human resources; and deliver enterprise
  154  information technology services as defined in s. 282.0041.
  155         (f) Designate primary data centers and shared resource
  156  centers.
  157         (g) Operate shared resource centers in a manner that
  158  promotes energy efficiency.
  159         (h) Establish and deliver enterprise information technology
  160  services to serve state agencies on a cost-sharing basis,
  161  charging each state agency its proportionate share of the cost
  162  of maintaining and delivering a service based on a state
  163  agency’s use of the service.
  164         (i) Use the following principles to develop a means of
  165  chargeback for primary data center services:
  166         1. The customers of the primary data center shall provide
  167  payments to the primary data center which are sufficient to
  168  maintain the solvency of the primary data center operation for
  169  all costs not directly funded through the General Appropriations
  170  Act.
  171         2. Per unit cost of usage shall be the primary basis for
  172  pricing, and usage must be accurately measurable and
  173  attributable to the appropriate customer.
  174         3. The primary data center shall combine the aggregate
  175  purchasing power of large and small customers to achieve
  176  collective savings opportunities to all customers.
  177         4. Chargeback methodologies shall be devised to consider
  178  restrictions on grants to customers.
  179         5. Chargeback methodologies should establish incentives
  180  that lead to customer usage practices that result in lower costs
  181  to the state.
  182         6. Chargeback methodologies must consider technological
  183  change when:
  184         a. New services require short-term investments before
  185  achieving long-term, full cost recovery for the service.
  186         b. Customers of antiquated services may not be able to bear
  187  all of the costs for the antiquated services during periods when
  188  customers are migrating to replacement services.
  189         7. Prices may be established which allow for accrual of
  190  cash balances for the purpose of maintaining contingent
  191  operating funds and funding planned capital investments. Accrual
  192  of the cash balances shall be considered costs for the purposes
  193  of this section.
  194         8. Flat rate charges may be used only if there are
  195  provisions for reconciling charges to comport with actual costs
  196  and use.
  197         (i) Exercise technical and fiscal prudence in determining
  198  the best way to deliver enterprise information technology
  199  services.
  200         (j) Collect and maintain an inventory of the information
  201  technology resources in the state agencies.
  202         (k) Assume ownership or custody and control of information
  203  processing equipment, supplies, and positions required in order
  204  to thoroughly carry out the agency’s duties and
  205  responsibilities.
  206         (l) Adopt rules and policies for the efficient, secure, and
  207  economical management and operation of the shared resource
  208  centers and state telecommunications services.
  209         (m) Provide other public sector organizations as defined in
  210  s. 282.0041 with access to the services provided by the agency.
  211  Access shall be provided on the same cost basis that applies to
  212  state agencies.
  213         (n) Ensure that data that is confidential under state or
  214  federal law may not be entered into or processed through any
  215  shared resource center or network established under the agency
  216  until safeguards for the data’s security satisfactory to the
  217  agency head and the executive director of the agency have been
  218  designed, installed, and tested and are fully operational. This
  219  paragraph does not prescribe what actions necessary to satisfy a
  220  state agency’s objectives are to be undertaken or to remove from
  221  the control and administration of the state agency the
  222  responsibility for working with the agency to implement
  223  safeguards, regardless of whether such control and
  224  administration are specifically required by general law or
  225  administered under the general program authority and
  226  responsibility of the state agency. If the agency head and
  227  executive director of the agency cannot reach agreement on
  228  satisfactory safeguards, the issue shall be decided by the
  229  Governor and Cabinet.
  230         (o) Conduct periodic assessments of state agencies for
  231  compliance with statewide information technology policies and
  232  recommend to the Governor and Cabinet statewide policies for
  233  information technology.
  234         (8)The agency may not use or direct the spending of
  235  operational information technology trust funds to study and
  236  develop enterprise information technology strategies, plans,
  237  rules, reports, policies, proposals, budgets, or enterprise
  238  information technology initiatives that are not directly related
  239  to developing information technology services for which usage
  240  fees reimburse the costs of the initiative. As used in this
  241  subsection, the term “operational information technology trust
  242  funds” means funds into which deposits are made on a fee-for
  243  service basis or a trust fund dedicated to a specific
  244  information technology project or system.
  245         (9)The portions of the agency’s activities described in
  246  subsection (8) for which usage fees do not reimburse costs of
  247  the activity shall be funded at a rate of 0.55% of the total
  248  identified information technology spend through
  249  MyFloridaMarketPlace.
  250         (10)The agency may adopt rules to carry out its duties and
  251  responsibilities.
  252         Section 5. Section 282.0041, Florida Statutes, is reordered
  253  and amended to read:
  254         282.0041 Definitions.—As used in this chapter, the term:
  255         (1) “Agency” has the same meaning as in s. 216.011(1)(qq),
  256  except that for purposes of this chapter, “agency” does not
  257  include university boards of trustees or state universities.
  258         (1)(2) “Agency for State Enterprise Information Technology”
  259  or “agency” means the agency created in s. 14.206 14.204.
  260         (2)(3) “Agency information technology service” means a
  261  service that directly helps a state an agency fulfill its
  262  statutory or constitutional responsibilities and policy
  263  objectives and is usually associated with the state agency’s
  264  primary or core business functions.
  265         (4) “Annual budget meeting” means a meeting of the board of
  266  trustees of a primary data center to review data center usage to
  267  determine the apportionment of board members for the following
  268  fiscal year, review rates for each service provided, and
  269  determine any other required changes.
  270         (3)(5) “Breach” has the same meaning as in s. 817.5681(4).
  271         (4)(6) “Business continuity plan” means a plan for disaster
  272  recovery which provides for the continued functioning of a
  273  primary data center during and after a disaster.
  274         (5) “Collocation” means the method by which a state
  275  agency’s data center occupies physical space within a shared
  276  resource center where physical floor space, bandwidth, power,
  277  cooling, and physical security are available for an equitable
  278  usage rate and minimal complexity, and allow for the sustained
  279  management and oversight of the collocating agency’s information
  280  technology resources as well as physical and logical database
  281  administration by the collocating agency’s staff.
  282         (6)(7) “Computing facility” means a state agency site space
  283  containing fewer than a total of 10 physical or logical servers,
  284  any of which supports a strategic or nonstrategic information
  285  technology service, as described in budget instructions
  286  developed pursuant to s. 216.023, but excluding
  287  telecommunications and voice gateways and a clustered pair of
  288  servers operating as a single logical server to provide file,
  289  print, security, and endpoint management services single,
  290  logical-server installations that exclusively perform a utility
  291  function such as file and print servers.
  292         (7) “Computing service” means an information technology
  293  service that is used in all state agencies or a subset of
  294  agencies and is, therefore, a candidate for being established as
  295  an enterprise information technology service. Examples include
  296  e-mail, service hosting, telecommunications, and disaster
  297  recovery.
  298         (8) “Customer entity” means an entity that obtains services
  299  from a primary data center.
  300         (8)(9) “Data center” means a state agency site space
  301  containing 10 or more physical or logical servers any of which
  302  supports a strategic or nonstrategic information technology
  303  service, as described in budget instructions developed pursuant
  304  to s. 216.023.
  305         (10) “Department” means the Department of Management
  306  Services.
  307         (10)(11) “Enterprise information technology service” means
  308  an information technology service that is used in all state
  309  agencies or a subset of state agencies and is designated by the
  310  agency is established in law to be designed, delivered, and
  311  managed at the enterprise level. Current enterprise information
  312  technology services include data center services, e-mail, and
  313  security.
  314         (11)(12) “E-mail, messaging, and calendaring service” means
  315  the enterprise information technology service that enables users
  316  to send, receive, file, store, manage, and retrieve electronic
  317  messages, attachments, appointments, and addresses. The e-mail,
  318  messaging, and calendaring service must include e-mail account
  319  management; help desk; technical support and user provisioning
  320  services; disaster recovery and backup and restore capabilities;
  321  antispam and antivirus capabilities; archiving and e-discovery;
  322  and remote access and mobile messaging capabilities.
  323         (12)(13) “Information-system utility” means an information
  324  processing a full-service information-processing facility
  325  offering hardware, software, operations, integration,
  326  networking, floor space, and consulting services.
  327         (13)(14) “Information technology resources” means
  328  equipment, hardware, software, firmware, programs, systems,
  329  networks, infrastructure, media, and related material used to
  330  automatically, electronically, and wirelessly collect, receive,
  331  access, transmit, display, store, record, retrieve, analyze,
  332  evaluate, process, classify, manipulate, manage, assimilate,
  333  control, communicate, exchange, convert, converge, interface,
  334  switch, or disseminate information of any kind or form, and
  335  includes the human resources to perform such duties, but
  336  excludes application developers and logical database
  337  administrators.
  338         (14) “Local area network” means any telecommunications
  339  network through which messages and data are exchanged strictly
  340  within a single building or contiguous campus.
  341         (12)(15) “Information technology policy” means statements
  342  that describe clear choices for how information technology will
  343  deliver effective and efficient government services to residents
  344  and improve state agency operations. A policy may relate to
  345  investments, business applications, architecture, or
  346  infrastructure. A policy describes its rationale, implications
  347  of compliance or noncompliance, the timeline for implementation,
  348  metrics for determining compliance, and the accountable
  349  structure responsible for its implementation.
  350         (15) “Logical database administration” means the resources
  351  required to build and maintain database structure, implement and
  352  maintain role-based data access controls, and perform
  353  performance optimization of data queries and includes the
  354  manipulation, transformation, modification, and maintenance of
  355  data within a logical database. Typical tasks include schema
  356  design and modifications, user provisioning, query tuning, index
  357  and statistics maintenance, and data import, export, and
  358  manipulation.
  359         (16) “Memorandum of understanding” means a written
  360  agreement between a shared resource center or the Division of
  361  Telecommunications in the agency and a state agency which
  362  specifies the scope of services provided, service level,
  363  duration of the agreement, responsible parties, and service
  364  costs. A memorandum of understanding is not a rule pursuant to
  365  chapter 120.
  366         (17) “Operational information technology trust funds” means
  367  funds into which deposits are made on a fee for service bases,
  368  or a trust fund dedicated to a specific information technology
  369  project or system.
  370         (18)“Other public sector organizations” means entities of
  371  the legislative and judicial branches, the State University
  372  System, the Florida Community College System, counties, and
  373  municipalities. Such organizations may elect to participate in
  374  the information technology programs, services, or contracts
  375  offered by the Agency for State Technology, including
  376  information technology procurement, in accordance with general
  377  law, policies, and administrative rules.
  378         (19)(16) “Performance metrics” means the measures of an
  379  organization’s activities and performance.
  380         (20) “Physical database administration” means the resources
  381  responsible for installing, maintaining, and operating an
  382  environment within which a database is hosted. Typical tasks
  383  include database engine installation, configuration, and
  384  security patching, as well as performing backup and restoration
  385  of hosted databases, setup and maintenance of instance-based
  386  data replication, and monitoring the health and performance of
  387  the database environment.
  388         (21)(17) “Primary data center” means a data center that is
  389  a recipient entity for consolidation of state agency information
  390  technology resources nonprimary data centers and computing
  391  facilities and that is established by law.
  392         (22)(18) “Project” means an endeavor that has a defined
  393  start and end point; is undertaken to create or modify a unique
  394  product, service, or result; and has specific objectives that,
  395  when attained, signify completion.
  396         (23)(19) “Risk analysis” means the process of identifying
  397  security risks, determining their magnitude, and identifying
  398  areas needing safeguards.
  399         (24)(20) “Service level” means the key performance
  400  indicators (KPI) of an organization or service which must be
  401  regularly performed, monitored, and achieved.
  402         (21) “Service-level agreement” means a written contract
  403  between a data center and a customer entity which specifies the
  404  scope of services provided, service level, the duration of the
  405  agreement, the responsible parties, and service costs. A
  406  service-level agreement is not a rule pursuant to chapter 120.
  407         (25) “Shared resource center” means a primary data center
  408  that has been designated and assigned specific duties under this
  409  chapter or by the Agency for State Technology under s. 14.206.
  410         (26)(22) “Standards” means required practices, controls,
  411  components, or configurations established by an authority.
  412         (27) “State agency” means any official, officer,
  413  commission, board, authority, council, committee, or department
  414  of the executive branch of state government. The term does not
  415  include university boards of trustees or state universities.
  416         (28) “State agency site” means a single, contiguous local
  417  area network segment that does not traverse a metropolitan area
  418  network or wide area network.
  419         (29)(23) “SUNCOM Network” means the state enterprise
  420  telecommunications system that provides all methods of
  421  electronic or optical telecommunications beyond a single
  422  building or contiguous building complex and used by entities
  423  authorized as network users under this part.
  424         (30)(24) “Telecommunications” means the science and
  425  technology of communication at a distance, including electronic
  426  systems used in the transmission or reception of information.
  427         (31)(25) “Threat” means any circumstance or event that may
  428  cause harm to the integrity, availability, or confidentiality of
  429  information technology resources.
  430         (32)(26) “Total cost” means all costs associated with
  431  information technology projects or initiatives, including, but
  432  not limited to, value of hardware, software, service,
  433  maintenance, incremental personnel, and facilities. Total cost
  434  of a loan or gift of information technology resources to a state
  435  an agency includes the fair market value of the resources.
  436         (33)(27) “Usage” means the billing amount charged by the
  437  primary data center, less any pass-through charges, to the state
  438  agency customer entity.
  439         (34)(28) “Usage rate” means a state agency’s customer
  440  entity’s usage or billing amount as a percentage of total usage.
  441         (35) “Wide area network” means any telecommunications
  442  network or components thereof through which messages and data
  443  are exchanged outside of a local area network.
  444         Section 6. Section 282.0055, Florida Statutes, is amended
  445  to read:
  446         (Substantial rewording of section. See
  447         s. 282.0055, Florida Statutes, for current text.)
  448         282.0055 Assignment of enterprise information technology.—
  449         (1) The establishment of a systematic process for the
  450  planning, design, implementation, procurement, delivery, and
  451  maintenance of enterprise information technology services shall
  452  be the responsibility of the Agency for State Technology for
  453  executive branch agencies that are created or authorized in
  454  statute to perform legislatively delegated functions. The
  455  agency’s duties shall be performed in collaboration with the
  456  state agencies. The supervision, design, development, delivery,
  457  and maintenance of state-agency specific or unique software
  458  applications shall remain within the responsibility and control
  459  of the individual state agency or other public sector
  460  organization.
  461         (2) During the 2012-2013 fiscal year, the Agency for State
  462  Technology shall, in collaboration with the state agencies and
  463  other stakeholders, create a road map for enterprise information
  464  technology service consolidation. The road map shall be
  465  presented for approval by the Governor and Cabinet by August 30,
  466  2013. At a minimum, the road map must include:
  467         (a) An enterprise architecture that provides innovative,
  468  yet pragmatic and cost-effective offering, and which
  469  contemplates the consolidated delivery of services based on
  470  similar business processes and functions that span across all
  471  executive and cabinet agencies.
  472         (b) A schedule for the consolidation of state agency data
  473  centers.
  474         (c) Cost-saving targets and timeframes for when the savings
  475  will be realized.
  476         (d) Recommendations, including cost estimates, for
  477  improvements to the shared resource centers, which will improve
  478  the agency’s ability to deliver enterprise information
  479  technology services.
  480         (e) A transition plan for the transfer of portions of the
  481  Technology Program established under s. 20.22(2), Florida
  482  Statutes that provide an enterprise information technology
  483  service.
  484         (3) By October 15th of each year beginning in 2013, the
  485  Agency for State Technology shall develop a comprehensive
  486  transition plan for scheduled consolidations occurring in the
  487  next fiscal year. This plan shall be submitted to the Governor,
  488  the Cabinet, the President of the Senate, and the Speaker of the
  489  House of Representatives. The transition plan shall be developed
  490  in consultation with other state agencies submitting state
  491  agency transition plans. The comprehensive transition plan must
  492  include:
  493         (a) Recommendations for accomplishing the proposed
  494  transitions as efficiently and effectively as possible with
  495  minimal disruption to state agency business processes.
  496         (b) Strategies to minimize risks associated with any of the
  497  proposed consolidations.
  498         (c) A compilation of the state agency transition plans
  499  submitted by state agencies scheduled for consolidation for the
  500  following fiscal year.
  501         (d) An estimate of the cost to provide enterprise
  502  information technology services for each state agency scheduled
  503  for consolidation.
  504         (e) An analysis of the cost effects resulting from the
  505  planned consolidations on existing state agencies.
  506         (f) The fiscal year adjustments to budget categories in
  507  order to absorb the transfer of state agency information
  508  technology resources pursuant to the legislative budget request
  509  instructions provided in s. 216.023.
  510         (g) A description of any issues that must be resolved in
  511  order to accomplish as efficiently and effectively as possible
  512  all consolidations required during the fiscal year.
  513         (4) State agencies have the following duties:
  514         (a) For the purpose of completing its work activities, each
  515  state agency shall provide to the Agency for State Technology
  516  all requested information and any other information relevant to
  517  the state agency’s ability to effectively transition its
  518  information technology resources into the agency.
  519         (b) For the purpose of completing its work activities, each
  520  state agency shall temporarily assign staff to assist the agency
  521  with designated tasks as negotiated between the agency and the
  522  state agency.
  523         (c) Each state agency identified for consolidation into an
  524  enterprise information technology service offering must submit a
  525  transition plan to the Agency for State Technology by September
  526  1 of the fiscal year before the fiscal year in which the
  527  scheduled consolidation will occur. Transition plans shall be
  528  developed in consultation with the agency and must include:
  529         1. An inventory of the state agency data center’s resources
  530  being consolidated, including all hardware, software, staff, and
  531  contracted services, and the facility resources performing data
  532  center management and operations, security, backup and recovery,
  533  disaster recovery, system administration, database
  534  administration, system programming, mainframe maintenance, job
  535  control, production control, print, storage, technical support,
  536  help desk, and managed services, but excluding application
  537  development.
  538         2. A description of the level of services needed to meet
  539  the technical and operational requirements of the platforms
  540  being consolidated and an estimate of the primary data center’s
  541  cost for the provision of such services.
  542         3. A description of expected changes to its information
  543  technology needs and the timeframe when such changes will occur.
  544         4. A description of the information technology resources
  545  proposed to remain in the state agency.
  546         5. A baseline project schedule for the completion of the
  547  consolidation.
  548         6. The specific recurring and nonrecurring budget
  549  adjustments of budget resources by appropriation category into
  550  the appropriate data processing category pursuant to the
  551  legislative budget instructions in s. 216.023 necessary to
  552  support state agency costs for the transfer.
  553         (5)(a) Unless authorized by the Legislature or the agency
  554  as provided in paragraphs (b) and (c), a state agency may not:
  555         1. Create a new computing service or expand an existing
  556  computing service if that service has been designated as an
  557  enterprise information technology service.
  558         2. Spend funds before the state agency’s scheduled
  559  consolidation to an enterprise information technology service to
  560  purchase or modify hardware or operations software that does not
  561  comply with hardware and software standards established by the
  562  Agency for State Technology.
  563         3. Unless for the purpose of offsite disaster recovery
  564  services, transfer existing computing services to any service
  565  provider other than the Agency for State Technology.
  566         4. Terminate services with the Agency for State Technology
  567  without giving written notice of intent to terminate or transfer
  568  services 180 days before such termination or transfer.
  569         5. Initiate a new computing service with any service
  570  provider other than the Agency for State Technology if that
  571  service has been designated as an enterprise information
  572  technology service.
  573         (b) Exceptions to the limitations in subparagraphs (a)1.,
  574  2., 3., and 5. may be granted by the Agency for State Technology
  575  if there is insufficient capacity in the primary data centers to
  576  absorb the workload associated with agency computing services,
  577  expenditures are compatible with the scheduled consolidation and
  578  established standards, or the equipment or resources are needed
  579  to meet a critical state agency business need that cannot be
  580  satisfied from surplus equipment or resources of the primary
  581  data center until the state agency data center is consolidated.
  582         1. A request for an exception must be submitted in writing
  583  to the Agency for State Technology. The agency must accept,
  584  accept with conditions, or deny the request within 60 days after
  585  receipt of the written request. The agency’s decision is not
  586  subject to chapter 120.
  587         2. The Agency for State Technology may not approve a
  588  request unless it includes, at a minimum:
  589         a. A detailed description of the capacity requirements of
  590  the state agency requesting the exception.
  591         b. Documentation from the state agency head demonstrating
  592  why it is critical to the state agency’s mission that the
  593  expansion or transfer must be completed within the fiscal year
  594  rather than when capacity is established at a primary data
  595  center.
  596         3. Exceptions to subparagraph (a)4. may be granted by the
  597  Agency for State Technology if the termination or transfer of
  598  services can be absorbed within the current cost-allocation
  599  plan.
  600         Section 7. Section 282.0056, Florida Statutes, is amended
  601  to read:
  602         282.0056 Strategic plan, development of work plan, and;
  603  development of implementation plans; and policy
  604  recommendations.—
  605         (1) In order to provide a systematic process for meeting
  606  the state’s technology needs, the executive director of the
  607  Agency for State Technology shall develop a biennial state
  608  Information Technology Resources Strategic Plan. The Governor
  609  and Cabinet shall approve the plan before transmitting it to the
  610  Legislature, biennially, starting October 1, 2013. The plan must
  611  include the following elements:
  612         (a) The vision, goals, initiatives, and targets for state
  613  information technology for the short term of 2 years, midterm of
  614  3 to 5 years, and long term of more than 5 years.
  615         (b) An inventory of the information technology resources in
  616  state agencies and major projects currently in progress and
  617  planned. This does not imply that the agency has approval
  618  authority over major projects. As used in this section, the term
  619  “major project” means projects that cost more than $1 million to
  620  implement.
  621         (c) An analysis of opportunities for statewide initiatives
  622  that would yield efficiencies, cost savings, or avoidance or
  623  improve effectiveness in state programs. The analysis must
  624  include:
  625         1. Information technology services that should be designed,
  626  delivered, and managed as enterprise information technology
  627  services.
  628         2. Techniques for consolidating the purchase of information
  629  technology commodities and services that may result in savings
  630  for the state and for establishing a process to achieve savings
  631  through consolidated purchases.
  632         3.A cost-benefit analysis of options, such as
  633  privatization, outsourcing, or in-sourcing, to reduce costs or
  634  improve services to agencies and taxpayers.
  635         (d) Recommended initiatives based on the analysis in
  636  paragraph (c).
  637         (e) Implementation plans for enterprise information
  638  technology services designated by the agency. The implementation
  639  plans must describe the scope of service, requirements analyses,
  640  costs and savings projects, and a project schedule for statewide
  641  implementation.
  642         (2) Each state agency shall, biennially, provide to the
  643  agency the inventory required under paragraph (1)(b). The agency
  644  shall consult with and assist state agencies in the preparation
  645  of these inventories. Each state agency shall submit its plan
  646  inventory to the agency biennially, starting January 1, 2013.
  647         (3) For the purpose of completing its work activities, each
  648  state agency shall provide to the agency all requested
  649  information, including, but not limited to, the state agency’s
  650  costs, service requirements, staffing, and equipment
  651  inventories.
  652         (4)(1)For the purpose of ensuring accountability for the
  653  duties and responsibilities of the executive director and the
  654  agency under ss. 14.206 and 282.0055, the executive director For
  655  the purposes of carrying out its responsibilities under s.
  656  282.0055, the Agency for Enterprise Information Technology shall
  657  develop an annual work plan within 60 days after the beginning
  658  of the fiscal year describing the activities that the agency
  659  intends to undertake for that year and identify the critical
  660  success factors, risks, and issues associated with the work
  661  planned. The work plan must also include planned including
  662  proposed outcomes and completion timeframes for the planning and
  663  implementation of all enterprise information technology
  664  services. The work plan must align with the state Information
  665  Technology Resources Strategic Plan, be presented at a public
  666  hearing, and be approved by the Governor and Cabinet;, and,
  667  thereafter, be submitted to the President of the Senate and the
  668  Speaker of the House of Representatives. The work plan may be
  669  amended as needed, subject to approval by the Governor and
  670  Cabinet.
  671         (2) The agency may develop and submit to the President of
  672  the Senate, the Speaker of the House of Representatives, and the
  673  Governor by October 1 of each year implementation plans for
  674  proposed enterprise information technology services to be
  675  established in law.
  676         (3) In developing policy recommendations and implementation
  677  plans for established and proposed enterprise information
  678  technology services, the agency shall describe the scope of
  679  operation, conduct costs and requirements analyses, conduct an
  680  inventory of all existing information technology resources that
  681  are associated with each service, and develop strategies and
  682  timeframes for statewide migration.
  683         (4) For the purpose of completing its work activities, each
  684  state agency shall provide to the agency all requested
  685  information, including, but not limited to, the state agency’s
  686  costs, service requirements, and equipment inventories.
  687         (5) For the purpose of ensuring accountability for the
  688  duties and responsibilities of the executive director and the
  689  agency under ss. 14.206 and 282.0055, within 60 days after the
  690  end of each fiscal year, the executive director agency shall
  691  report to the Governor and Cabinet, the President of the Senate,
  692  and the Speaker of the House of Representatives on what was
  693  achieved or not achieved in the prior year’s work plan.
  694         Section 8. Section 282.201, Florida Statutes, is amended to
  695  read:
  696         (Substantial rewording of section. See
  697         s. 282.201, Florida Statutes, for current text.)
  698         282.201 State data center system; agency duties and
  699  limitations.—A state data center system that includes all
  700  primary data centers, other nonprimary data centers, and
  701  computing facilities, and that provides an enterprise
  702  information technology service, is established.
  703         (1) INTENT.—The Legislature finds that the most efficient
  704  and effective means of providing quality utility data processing
  705  services to state agencies requires that computing resources be
  706  concentrated in quality facilities that provide the proper
  707  security, infrastructure, and staff resources to ensure that the
  708  state’s data is maintained reliably and safely and is
  709  recoverable in the event of a disaster. Efficiencies resulting
  710  from such consolidation include the increased ability to
  711  leverage technological expertise and hardware and software
  712  capabilities; increased savings through consolidated purchasing
  713  decisions; and the enhanced ability to deploy technology
  714  improvements and implement new policies consistently throughout
  715  the consolidated organization.
  716         (2) AGENCY FOR STATE TECHNOLOGY DUTIES.—(a) The agency
  717  shall by October 1, 2013, provide to the Governor and Cabinet,
  718  recommendations for approving, confirming and removing primary
  719  data center designation. The recommendations shall consider the
  720  recommendations from the Law Enforcement Consolidations Task
  721  Force. Upon approval of the Governor and Cabinet of primary data
  722  center designations, existing primary data center designations
  723  are repealed by operation of law, and therefore, obsolete.
  724         (b)Establish a schedule for the consolidation of state
  725  agency data centers or a transition plan for outsourcing data
  726  center services, subject to review by the Governor and Cabinet.
  727  The schedule or transition plan must be provided by October 1,
  728  2013, and be updated annually until the completion of
  729  consolidation. The schedule must be based on the goals of
  730  maximizing the efficiency and quality of service delivery and
  731  cost savings.
  732         (3) STATE AGENCY DUTIES.—
  733         (a) Any state agency that is consolidating agency data
  734  centers into a primary data center must execute a new or update
  735  an existing memorandum of understanding or service level
  736  agreement within 60 days after the specified consolidation date,
  737  as required by s. 282.203, in order to specify the services and
  738  levels of service it is to receive from the primary data center
  739  as a result of the consolidation. If a state agency is unable to
  740  execute a memorandum of understanding by that date, the state
  741  agency shall submit a report to the Executive Office of the
  742  Governor, the Cabinet, the President of the Senate, and the
  743  Speaker of the House of Representatives within 5 working days
  744  after that date which explains the specific issues preventing
  745  execution and describes its plan and schedule for resolving
  746  those issues.
  747         (b) On the date of each consolidation specified in general
  748  law or the General Appropriations Act, each state agency shall
  749  retain the least-privileged administrative access rights
  750  necessary to perform the duties not assigned to the primary data
  751  centers.
  753  CENTERS.—Consolidations of state agency data centers are
  754  suspended for the 2012-2013 fiscal year. Consolidations shall
  755  resume during the 2013-2014 fiscal year based upon a revised
  756  schedule developed by the agency. The revised schedule shall
  757  consider the recommendations from the Law Enforcement
  758  Consolidation Task Force. State agency data centers and
  759  computing facilities shall be consolidated into the agency by
  760  June 30, 2018.
  761         Section 9. Section 282.203, Florida Statutes, is amended to
  762  read:
  763         (Substantial rewording of section. See
  764         s. 282.203, Florida Statutes, for current text.)
  765         282.203 Primary data centers; duties.—
  766         (1) Each primary data center shall:
  767         (a) Serve participating state agencies as an information
  768  system utility.
  769         (b) Cooperate with participating state agencies to offer,
  770  develop, and support the services and applications.
  771         (c) Provide transparent financial statements to
  772  participating state agencies.
  773         (d) Assume the least-privileged administrative access
  774  rights necessary to perform the services provided by the data
  775  center for the software and equipment that is consolidated into
  776  a primary data center.
  777         (2) Each primary data center shall enter into a memorandum
  778  of understanding with each participating state agency to provide
  779  services. A memorandum of understanding may not have a term
  780  exceeding 3 years but may include an option to renew for up to 3
  781  years. Failure to execute a memorandum within 60 days after
  782  service commencement shall, in the case of a participating state
  783  agency, result in the continuation of the terms of the
  784  memorandum of understanding from the previous fiscal year,
  785  including any amendments that were formally proposed to the
  786  state agency by the primary data center within the 3 months
  787  before service commencement, and a revised cost-of-service
  788  estimate. If a participating state agency fails to execute a
  789  memorandum of understanding within 60 days after service
  790  commencement, the data center may cease providing services.
  791         Section 10. Section 282.204, Florida Statutes, is repealed.
  792         Section 11. Section 282.205, Florida Statutes, is repealed.
  793         Section 12. Section 282.33, Florida Statutes, is repealed.
  794         Section 13. Section 282.34, Florida Statutes, is amended to
  795  read:
  796         282.34 Statewide e-mail service.—A statewide e-mail service
  797  that includes the delivery and support of e-mail, messaging, and
  798  calendaring capabilities is established as an enterprise
  799  information technology service as defined in s. 282.0041. The
  800  service shall be provisioned designed to meet the needs of all
  801  executive branch agencies and may also be used by other public
  802  sector nonstate agency entities. The primary goals of the
  803  service are to ; provide a reliable collaborative communication
  804  service to state agencies; minimize the state investment
  805  required to establish, operate, and support the statewide
  806  service; reduce the cost of current e-mail operations and the
  807  number of duplicative e-mail systems; and eliminate the need for
  808  each state agency to maintain its own e-mail staff.
  809         (1) Except as specified in subsection (2), all state
  810  agencies shall receive their primary email services exclusively
  811  through the Agency for State Technology. The Southwood Shared
  812  Resource Center, a primary data center, shall be the provider of
  813  the statewide e-mail service for all state agencies. The center
  814  shall centrally host, manage, operate, and support the service,
  815  or outsource the hosting, management, operational, or support
  816  components of the service in order to achieve the primary goals
  817  identified in this section.
  818         (2) The Department of Legal Affairs shall work with the
  819  agency to develop a plan to migrate to the enterprise email
  820  service. The plan shall identify the time frame for migration,
  821  the associated costs, and the risks. The plan shall be presented
  822  to the Governor and Cabinet by December 1, 2014. The Agency for
  823  Enterprise Information Technology, in cooperation and
  824  consultation with all state agencies, shall prepare and submit
  825  for approval by the Legislative Budget Commission at a meeting
  826  scheduled before June 30, 2011, a proposed plan for the
  827  migration of all state agencies to the statewide e-mail service.
  828  The plan for migration must include:
  829         (a) A cost-benefit analysis that compares the total
  830  recurring and nonrecurring operating costs of the current agency
  831  e-mail systems, including monthly mailbox costs, staffing,
  832  licensing and maintenance costs, hardware, and other related e
  833  mail product and service costs to the costs associated with the
  834  proposed statewide e-mail service. The analysis must also
  835  include:
  836         1. A comparison of the estimated total 7-year life-cycle
  837  cost of the current agency e-mail systems versus the feasibility
  838  of funding the migration and operation of the statewide e-mail
  839  service.
  840         2. An estimate of recurring costs associated with the
  841  energy consumption of current agency e-mail equipment, and the
  842  basis for the estimate.
  843         3. An identification of the overall cost savings resulting
  844  from state agencies migrating to the statewide e-mail service
  845  and decommissioning their agency e-mail systems.
  846         (b) A proposed migration date for all state agencies to be
  847  migrated to the statewide e-mail service. The Agency for
  848  Enterprise Information Technology shall work with the Executive
  849  Office of the Governor to develop the schedule for migrating all
  850  state agencies to the statewide e-mail service except for the
  851  Department of Legal Affairs. The Department of Legal Affairs
  852  shall provide to the Agency for Enterprise Information
  853  Technology by June 1, 2011, a proposed migration date based upon
  854  its decision to participate in the statewide e-mail service and
  855  the identification of any issues that require resolution in
  856  order to migrate to the statewide e-mail service.
  857         (c) A budget amendment, submitted pursuant to chapter 216,
  858  for adjustments to each agency’s approved operating budget
  859  necessary to transfer sufficient budget resources into the
  860  appropriate data processing category to support its statewide e
  861  mail service costs.
  862         (d) A budget amendment, submitted pursuant to chapter 216,
  863  for adjustments to the Southwood Shared Resource Center approved
  864  operating budget to include adjustments in the number of
  865  authorized positions, salary budget and associated rate,
  866  necessary to implement the statewide e-mail service.
  867         (3) Contingent upon approval by the Legislative Budget
  868  Commission, the Southwood Shared Resource Center may contract
  869  for the provision of a statewide e-mail service. Executive
  870  branch agencies must be completely migrated to the statewide e
  871  mail service based upon the migration date included in the
  872  proposed plan approved by the Legislative Budget Commission.
  873         (4) Notwithstanding chapter 216, general revenue funds may
  874  be increased or decreased for each agency provided the net
  875  change to general revenue in total for all agencies is zero or
  876  less.
  877         (5) Subsequent to the approval of the consolidated budget
  878  amendment to reflect budget adjustments necessary to migrate to
  879  the statewide e-mail service, an agency may make adjustments
  880  subject to s. 216.177, notwithstanding provisions in chapter 216
  881  which may require such adjustments to be approved by the
  882  Legislative Budget Commission.
  883         (6) No agency may initiate a new e-mail service or execute
  884  a new e-mail contract or amend a current e-mail contract, other
  885  than with the Southwood Shared Resource Center, for nonessential
  886  products or services unless the Legislative Budget Commission
  887  denies approval for the Southwood Shared Resource Center to
  888  enter into a contract for the statewide e-mail service.
  889         (7) The Agency for Enterprise Information Technology shall
  890  work with the Southwood Shared Resource Center to develop an
  891  implementation plan that identifies and describes the detailed
  892  processes and timelines for an agency’s migration to the
  893  statewide e-mail service based on the migration date approved by
  894  the Legislative Budget Commission. The agency may establish and
  895  coordinate workgroups consisting of agency e-mail management,
  896  information technology, budget, and administrative staff to
  897  assist the agency in the development of the plan.
  898         (8) Each executive branch agency shall provide all
  899  information necessary to develop the implementation plan,
  900  including, but not limited to, required mailbox features and the
  901  number of mailboxes that will require migration services. Each
  902  agency must also identify any known business, operational, or
  903  technical plans, limitations, or constraints that should be
  904  considered when developing the plan.
  905         Section 14. Section 282.702, Florida Statutes, is amended
  906  to read:
  907         282.702 Powers and duties.—The Department of Management
  908  Services shall have the following powers, duties, and functions:
  909         (1) To publish electronically the portfolio of services
  910  available from the department, including pricing information;
  911  the policies and procedures governing usage of available
  912  services; and a forecast of the department’s priorities for each
  913  telecommunications service.
  914         (2) To adopt technical standards by rule for the state
  915  telecommunications network which ensure the interconnection and
  916  operational security of computer networks, telecommunications,
  917  and information systems of agencies.
  918         (3) To enter into agreements related to information
  919  technology and telecommunications services with state agencies
  920  and political subdivisions of the state.
  921         (4) To purchase from or contract with information
  922  technology providers for information technology, including
  923  private line services.
  924         (5) To apply for, receive, and hold authorizations,
  925  patents, copyrights, trademarks, service marks, licenses, and
  926  allocations or channels and frequencies to carry out the
  927  purposes of this part.
  928         (6) To purchase, lease, or otherwise acquire and to hold,
  929  sell, transfer, license, or otherwise dispose of real, personal,
  930  and intellectual property, including, but not limited to,
  931  patents, trademarks, copyrights, and service marks.
  932         (7) To cooperate with any federal, state, or local
  933  emergency management agency in providing for emergency
  934  telecommunications services.
  935         (8) To control and approve the purchase, lease, or
  936  acquisition and the use of telecommunications services,
  937  software, circuits, and equipment provided as part of any other
  938  total telecommunications system to be used by the state or its
  939  agencies.
  940         (9) To adopt rules pursuant to ss. 120.536(1) and 120.54
  941  relating to telecommunications and to administer the provisions
  942  of this part.
  943         (10) To apply for and accept federal funds for the purposes
  944  of this part as well as gifts and donations from individuals,
  945  foundations, and private organizations.
  946         (11) To monitor issues relating to telecommunications
  947  facilities and services before the Florida Public Service
  948  Commission and the Federal Communications Commission and, if
  949  necessary, prepare position papers, prepare testimony, appear as
  950  a witness, and retain witnesses on behalf of state agencies in
  951  proceedings before the commissions.
  952         (12) Unless delegated to the state agencies by the
  953  department, to manage and control, but not intercept or
  954  interpret, telecommunications within the SUNCOM Network by:
  955         (a) Establishing technical standards to physically
  956  interface with the SUNCOM Network.
  957         (b) Specifying how telecommunications are transmitted
  958  within the SUNCOM Network.
  959         (c) Controlling the routing of telecommunications within
  960  the SUNCOM Network.
  961         (d) Establishing standards, policies, and procedures for
  962  access to and the security of the SUNCOM Network.
  963         (e) Ensuring orderly and reliable telecommunications
  964  services in accordance with the service level agreements
  965  executed with state agencies.
  966         (13) To plan, design, and conduct experiments for
  967  telecommunications services, equipment, and technologies, and to
  968  implement enhancements in the state telecommunications network
  969  if in the public interest and cost-effective. Funding for such
  970  experiments must be derived from SUNCOM Network service revenues
  971  and may not exceed 2 percent of the annual budget for the SUNCOM
  972  Network for any fiscal year or as provided in the General
  973  Appropriations Act. New services offered as a result of this
  974  subsection may not affect existing rates for facilities or
  975  services.
  976         (14) To enter into contracts or agreements, with or without
  977  competitive bidding or procurement, to make available, on a
  978  fair, reasonable, and nondiscriminatory basis, property and
  979  other structures under departmental control for the placement of
  980  new facilities by any wireless provider of mobile service as
  981  defined in 47 U.S.C. s. 153(27) or s. 332(d) and any
  982  telecommunications company as defined in s. 364.02 if it is
  983  practical and feasible to make such property or other structures
  984  available. The department may, without adopting a rule, charge a
  985  just, reasonable, and nondiscriminatory fee for the placement of
  986  the facilities, payable annually, based on the fair market value
  987  of space used by comparable telecommunications facilities in the
  988  state. The department and a wireless provider or
  989  telecommunications company may negotiate the reduction or
  990  elimination of a fee in consideration of services provided to
  991  the department by the wireless provider or telecommunications
  992  company. All such fees collected by the department shall be
  993  deposited directly into the Law Enforcement Radio Operating
  994  Trust Fund, and may be used by the department to construct,
  995  maintain, or support the system.
  996         (15) Establish policies that ensure that the department’s
  997  cost-recovery methodologies, billings, receivables,
  998  expenditures, budgeting, and accounting data are captured and
  999  reported timely, consistently, accurately, and transparently and
 1000  are in compliance with all applicable federal and state laws and
 1001  rules. The department shall annually submit to the Governor, the
 1002  President of the Senate, and the Speaker of the House of
 1003  Representatives a report that describes each service and its
 1004  cost, the billing methodology for recovering the cost of the
 1005  service, and, if applicable, the identity of those services that
 1006  are subsidized.
 1007         (16) Develop a plan for statewide voice-over-Internet
 1008  protocol services. The plan shall include cost estimates and the
 1009  estimated return on investment. The plan shall be submitted to
 1010  the Governor, the Cabinet, the President of the Senate, and the
 1011  Speaker of the House of Representatives by June 30, 2013.
 1012         (17)The department shall produce a feasibility analysis by
 1013  January 1, 2013, of the options for procuring end-to-end network
 1014  services, including services provided by the statewide area
 1015  network, metropolitan area networks, and local area networks,
 1016  which may be provided by each state agency. The scope of this
 1017  service does not include wiring or file and print server
 1018  infrastructure. The feasibility analysis must determine the
 1019  technical and economic feasibility of using existing resources
 1020  and infrastructure that are owned or used by state entities in
 1021  the provision or receipt of network services in order to reduce
 1022  the cost of network services for the state.
 1023         (a)At a minimum, the feasibility analysis must include:
 1024         1.A definition and assessment of the current portfolio of
 1025  services, the network services that are provided by each state
 1026  agency, and a forecast of anticipated changes in network service
 1027  needs which considers specific state agency business needs and
 1028  the implementation of enterprise services established under this
 1029  chapter.
 1030         2.A description of any limitations or enhancements in the
 1031  network, including any technical or logistical challenges
 1032  relating to the central provisioning of local area network
 1033  services currently provided and supported by each state agency.
 1034  The analysis must also address changes in usage patterns which
 1035  can reasonably be expected due to the consolidation of state
 1036  agency data centers or the specific business needs of state
 1037  agencies and other service customers.
 1038         3.An analysis and comparison of the risks associated with
 1039  the current service delivery models and at least two other
 1040  options that leverage the existing resources and infrastructure
 1041  identified in this subsection. Options may include multi-vendor
 1042  and segmented contracting options. All sourcing options must
 1043  produce a service that can be used by schools and other
 1044  qualified entities that seek federal grants provided through the
 1045  Universal Service Fund Program.
 1046         4.A cost-benefit analysis that estimates all major cost
 1047  elements associated with each sourcing option, focusing on the
 1048  nonrecurring and recurring life-cycle costs of the proposal in
 1049  order to determine the financial feasibility of each sourcing
 1050  option. The cost-benefit analysis must include:
 1051         a.The total recurring operating costs of the proposed
 1052  state network service including estimates of monthly charges,
 1053  staffing, billing, licenses and maintenance, hardware, and other
 1054  related costs.
 1055         b.An estimate of nonrecurring costs associated with
 1056  construction, transmission lines, premises and switching
 1057  hardware purchase and installation, and required software based
 1058  on the proposed solution.
 1059         c.An estimate of other critical costs associated with the
 1060  current and proposed sourcing options for the state network.
 1061         5.Recommendations for reducing current costs associated
 1062  with statewide network services. The department shall consider
 1063  the following in developing the recommendations:
 1064         a.Leveraging existing resources and expertise.
 1065         b.Standardizing service-level agreements to customer
 1066  entities in order to maximize capacity and availability.
 1067         6.A detailed timeline for the complete procurement and
 1068  transition to a more efficient and cost-effective solution.
 1069         Section 15. Paragraph (e) of subsection (2) of section
 1070  110.205, Florida Statutes, is amended to read:
 1071         110.205 Career service; exemptions.—
 1072         (2) EXEMPT POSITIONS.—The exempt positions that are not
 1073  covered by this part include the following:
 1074         (e) The executive director of Chief Information Officer in
 1075  the Agency for State Enterprise Information Technology. Unless
 1076  otherwise fixed by law, the Governor and Cabinet Agency for
 1077  Enterprise Information Technology shall set the salary and
 1078  benefits of this position in accordance with the rules of the
 1079  Senior Management Service.
 1080         Section 16. Subsections (2) and (9) of section 215.322,
 1081  Florida Statutes, are amended to read:
 1082         215.322 Acceptance of credit cards, charge cards, debit
 1083  cards, or electronic funds transfers by state agencies, units of
 1084  local government, and the judicial branch.—
 1085         (2) A state agency as defined in s. 216.011, or the
 1086  judicial branch, may accept credit cards, charge cards, debit
 1087  cards, or electronic funds transfers in payment for goods and
 1088  services with the prior approval of the Chief Financial Officer.
 1089  If the Internet or other related electronic methods are to be
 1090  used as the collection medium, the Agency for State Enterprise
 1091  Information Technology shall review and recommend to the Chief
 1092  Financial Officer whether to approve the request with regard to
 1093  the process or procedure to be used.
 1094         (9) For payment programs in which credit cards, charge
 1095  cards, or debit cards are accepted by state agencies, the
 1096  judicial branch, or units of local government, the Chief
 1097  Financial Officer, in consultation with the Agency for State
 1098  Enterprise Information Technology, may adopt rules to establish
 1099  uniform security safeguards for cardholder data and to ensure
 1100  compliance with the Payment Card Industry Data Security
 1101  Standards.
 1102         Section 17. Subsections (3), (4), (5), and (6) of section
 1103  282.318, Florida Statutes, are amended to read:
 1104         282.318 Enterprise security of data and information
 1105  technology.—
 1106         (3) The Agency for State Enterprise Information Technology
 1107  is responsible for establishing rules and publishing guidelines
 1108  for ensuring an appropriate level of security for all data and
 1109  information technology resources for executive branch agencies.
 1110  The agency shall also perform the following duties and
 1111  responsibilities:
 1112         (a) Develop, and annually update by February 1, an
 1113  enterprise information security strategic plan that includes
 1114  security goals and objectives for the strategic issues of
 1115  information security policy, risk management, training, incident
 1116  management, and survivability planning.
 1117         (b) Develop enterprise security rules and published
 1118  guidelines for:
 1119         1. Comprehensive risk analyses and information security
 1120  audits conducted by state agencies.
 1121         2. Responding to suspected or confirmed information
 1122  security incidents, including suspected or confirmed breaches of
 1123  personal information or exempt data.
 1124         3. Agency security plans, including strategic security
 1125  plans and security program plans.
 1126         4. The recovery of information technology and data
 1127  following a disaster.
 1128         5. The managerial, operational, and technical safeguards
 1129  for protecting state government data and information technology
 1130  resources.
 1131         (c) Assist agencies in complying with the provisions of
 1132  this section.
 1133         (d) Pursue appropriate funding for the purpose of enhancing
 1134  domestic security.
 1135         (e) Provide training for agency information security
 1136  managers.
 1137         (f) Annually review the strategic and operational
 1138  information security plans of executive branch agencies.
 1139         (4) To assist the Agency for State Enterprise Information
 1140  Technology in carrying out its responsibilities, each state
 1141  agency head shall, at a minimum:
 1142         (a) Designate an information security manager to administer
 1143  the security program of the state agency for its data and
 1144  information technology resources. This designation must be
 1145  provided annually in writing to the Agency for State Enterprise
 1146  Information Technology by January 1.
 1147         (b) Annually submit to the Agency for State Enterprise
 1148  Information Technology annually by July 31, the state agency’s
 1149  comprehensive strategic and operational information security
 1150  plans developed pursuant to the rules and guidelines established
 1151  by the Agency for State Enterprise Information Technology.
 1152         1. The state agency comprehensive strategic information
 1153  security plan must cover a 3-year period and define security
 1154  goals, intermediate objectives, and projected agency costs for
 1155  the strategic issues of agency information security policy, risk
 1156  management, security training, security incident response, and
 1157  survivability. The plan must be based on the enterprise
 1158  strategic information security plan created by the Agency for
 1159  State Enterprise Information Technology. Additional issues may
 1160  be included.
 1161         2. The state agency operational information security plan
 1162  must include a progress report for the prior operational
 1163  information security plan and a project plan that includes
 1164  activities, timelines, and deliverables for security objectives
 1165  that, subject to current resources, the state agency will
 1166  implement during the current fiscal year. The cost of
 1167  implementing the portions of the plan which cannot be funded
 1168  from current resources must be identified in the plan.
 1169         (c) Conduct, and update every 3 years, a comprehensive risk
 1170  analysis to determine the security threats to the data,
 1171  information, and information technology resources of the state
 1172  agency. The risk analysis information is confidential and exempt
 1173  from the provisions of s. 119.07(1), except that such
 1174  information shall be available to the Auditor General and the
 1175  Agency for State Enterprise Information Technology for
 1176  performing postauditing duties.
 1177         (d) Develop, and periodically update, written internal
 1178  policies and procedures that, which include procedures for
 1179  notifying the Agency for State Enterprise Information Technology
 1180  when a suspected or confirmed breach, or an information security
 1181  incident, occurs. Such policies and procedures must be
 1182  consistent with the rules and guidelines established by the
 1183  Agency for State Enterprise Information Technology to ensure the
 1184  security of the data, information, and information technology
 1185  resources of the state agency. The internal policies and
 1186  procedures that, if disclosed, could facilitate the unauthorized
 1187  modification, disclosure, or destruction of data or information
 1188  technology resources are confidential information and exempt
 1189  from s. 119.07(1), except that such information shall be
 1190  available to the Auditor General and the Agency for State
 1191  Enterprise Information Technology for performing postauditing
 1192  duties.
 1193         (e) Implement appropriate cost-effective safeguards to
 1194  address identified risks to the data, information, and
 1195  information technology resources of the state agency.
 1196         (f) Ensure that periodic internal audits and evaluations of
 1197  the state agency’s security program for the data, information,
 1198  and information technology resources of the state agency are
 1199  conducted. The results of such audits and evaluations are
 1200  confidential information and exempt from s. 119.07(1), except
 1201  that such information shall be available to the Auditor General
 1202  and the Agency for State Enterprise Information Technology for
 1203  performing postauditing duties.
 1204         (g) Include appropriate security requirements in the
 1205  written specifications for the solicitation of information
 1206  technology and information technology resources and services,
 1207  which are consistent with the rules and guidelines established
 1208  by the Agency for State Enterprise Information Technology.
 1209         (h) Provide security awareness training to employees and
 1210  users of the state agency’s communication and information
 1211  resources concerning information security risks and the
 1212  responsibility of employees and users to comply with policies,
 1213  standards, guidelines, and operating procedures adopted by the
 1214  state agency to reduce those risks.
 1215         (i) Develop a process for detecting, reporting, and
 1216  responding to suspected or confirmed security incidents,
 1217  including suspected or confirmed breaches consistent with the
 1218  security rules and guidelines established by the Agency for
 1219  State Enterprise Information Technology.
 1220         1. Suspected or confirmed information security incidents
 1221  and breaches must be immediately reported to the Agency for
 1222  State Enterprise Information Technology.
 1223         2. For incidents involving breaches, agencies shall provide
 1224  notice in accordance with s. 817.5681 and to the Agency for
 1225  State Enterprise Information Technology in accordance with this
 1226  subsection.
 1227         (5) Each state agency shall include appropriate security
 1228  requirements in the specifications for the solicitation of
 1229  contracts for procuring information technology or information
 1230  technology resources or services which are consistent with the
 1231  rules and guidelines established by the Agency for State
 1232  Enterprise Information Technology.
 1233         (6) The Agency for State Enterprise Information Technology
 1234  may adopt rules relating to information security and to
 1235  administer the provisions of this section.
 1236         Section 18. Subsection (14) of section 287.012, Florida
 1237  Statutes, is amended to read:
 1238         287.012 Definitions.—As used in this part, the term:
 1239         (14) “Information technology” means, but is not limited to,
 1240  equipment, hardware, software, mainframe maintenance, firmware,
 1241  programs, systems, networks, infrastructure, media, and related
 1242  material used to automatically, electronically, and wirelessly
 1243  collect, receive, access, transmit, display, store, record,
 1244  retrieve, analyze, evaluate, process, classify, manipulate,
 1245  manage, assimilate, control, communicate, exchange, convert,
 1246  converge, interface, switch, or disseminate information of any
 1247  kind or form has the meaning ascribed in s. 282.0041.
 1248         Section 19. Subsection (22) of section 287.057, Florida
 1249  Statutes, is amended to read:
 1250         287.057 Procurement of commodities or contractual
 1251  services.—
 1252         (22) The department, in consultation with the Agency for
 1253  State Enterprise Information Technology and the Chief Financial
 1254  Officer Comptroller, shall develop a program for online
 1255  procurement of commodities and contractual services. To enable
 1256  the state to promote open competition and to leverage its buying
 1257  power, agencies shall participate in the online procurement
 1258  program, and eligible users may participate in the program. Only
 1259  vendors prequalified as meeting mandatory requirements and
 1260  qualifications criteria may participate in online procurement.
 1261         (a) The department, in consultation with the agency, may
 1262  contract for equipment and services necessary to develop and
 1263  implement online procurement.
 1264         (b) The department, in consultation with the agency, shall
 1265  adopt rules, pursuant to ss. 120.536(1) and 120.54, to
 1266  administer the program for online procurement. The rules shall
 1267  include, but not be limited to:
 1268         1. Determining the requirements and qualification criteria
 1269  for prequalifying vendors.
 1270         2. Establishing the procedures for conducting online
 1271  procurement.
 1272         3. Establishing the criteria for eligible commodities and
 1273  contractual services.
 1274         4. Establishing the procedures for providing access to
 1275  online procurement.
 1276         5. Determining the criteria warranting any exceptions to
 1277  participation in the online procurement program.
 1278         (c) The department may impose and shall collect all fees
 1279  for the use of the online procurement systems.
 1280         1. The fees may be imposed on an individual transaction
 1281  basis or as a fixed percentage of the cost savings generated. At
 1282  a minimum, the fees must be set in an amount sufficient to cover
 1283  the projected costs of the services, including administrative
 1284  and project service costs in accordance with the policies of the
 1285  department.
 1286         2. If the department contracts with a provider for online
 1287  procurement, the department, pursuant to appropriation, shall
 1288  compensate the provider from the fees after the department has
 1289  satisfied all ongoing costs. The provider shall report
 1290  transaction data to the department each month so that the
 1291  department may determine the amount due and payable to the
 1292  department from each vendor.
 1293         3. All fees that are due and payable to the state on a
 1294  transactional basis or as a fixed percentage of the cost savings
 1295  generated are subject to s. 215.31 and must be remitted within
 1296  40 days after receipt of payment for which the fees are due. For
 1297  fees that are not remitted within 40 days, the vendor shall pay
 1298  interest at the rate established under s. 55.03(1) on the unpaid
 1299  balance from the expiration of the 40-day period until the fees
 1300  are remitted.
 1301         4. All fees and surcharges collected under this paragraph
 1302  shall be deposited in the Operating Trust Fund as provided by
 1303  law.
 1304         Section 20. Subsection (4) of section 445.011, Florida
 1305  Statutes, is amended to read:
 1306         445.011 Workforce information systems.—
 1307         (4) Workforce Florida, Inc., shall coordinate development
 1308  and implementation of workforce information systems with the
 1309  executive director of the Agency for State Enterprise
 1310  Information Technology to ensure compatibility with the state’s
 1311  information system strategy and enterprise architecture.
 1312         Section 21. Subsection (2) and paragraphs (a) and (b) of
 1313  subsection (4) of section 445.045, Florida Statutes, are amended
 1314  to read:
 1315         445.045 Development of an Internet-based system for
 1316  information technology industry promotion and workforce
 1317  recruitment.—
 1318         (2) Workforce Florida, Inc., shall coordinate with the
 1319  Agency for State Enterprise Information Technology and the
 1320  Department of Economic Opportunity to ensure links, where
 1321  feasible and appropriate, to existing job information websites
 1322  maintained by the state and state agencies and to ensure that
 1323  information technology positions offered by the state and state
 1324  agencies are posted on the information technology website.
 1325         (4)(a) Workforce Florida, Inc., shall coordinate
 1326  development and maintenance of the website under this section
 1327  with the executive director of the Agency for State Enterprise
 1328  Information Technology to ensure compatibility with the state’s
 1329  information system strategy and enterprise architecture.
 1330         (b) Workforce Florida, Inc., may enter into an agreement
 1331  with the Agency for State Enterprise Information Technology, the
 1332  Department of Economic Opportunity, or any other public agency
 1333  with the requisite information technology expertise for the
 1334  provision of design, operating, or other technological services
 1335  necessary to develop and maintain the website.
 1336         Section 22. Paragraph (b) of subsection (18) of section
 1337  668.50, Florida Statutes, is amended to read:
 1338         668.50 Uniform Electronic Transaction Act.—
 1341         (b) To the extent that a governmental agency uses
 1342  electronic records and electronic signatures under paragraph
 1343  (a), the Agency for State Enterprise Information Technology, in
 1344  consultation with the governmental agency, giving due
 1345  consideration to security, may specify:
 1346         1. The manner and format in which the electronic records
 1347  must be created, generated, sent, communicated, received, and
 1348  stored and the systems established for those purposes.
 1349         2. If electronic records must be signed by electronic
 1350  means, the type of electronic signature required, the manner and
 1351  format in which the electronic signature must be affixed to the
 1352  electronic record, and the identity of, or criteria that must be
 1353  met by, any third party used by a person filing a document to
 1354  facilitate the process.
 1355         3. Control processes and procedures as appropriate to
 1356  ensure adequate preservation, disposition, integrity, security,
 1357  confidentiality, and auditability of electronic records.
 1358         4. Any other required attributes for electronic records
 1359  which are specified for corresponding nonelectronic records or
 1360  reasonably necessary under the circumstances.
 1361         Section 23. This act shall take effect July 1, 2012.
 1363  ================= T I T L E  A M E N D M E N T ================
 1364  And the title is amended as follows:
 1366         Delete everything before the enacting clause
 1367  and insert:
 1368                        A bill to be entitled                      
 1369         An act relating to ; state technology; abolishing the
 1370         Agency for Enterprise Information Technology;
 1371         transferring the personnel, functions, and funds of
 1372         the Agency for Enterprise Information Technology to
 1373         the Agency for State Technology; transferring
 1374         specified personnel, functions, and funds relating to
 1375         technology programs from the Department of Management
 1376         Services to the Agency for State Technology;
 1377         transferring the Northwood Shared Resource Center and
 1378         the Southwood Shared Resource Center to the agency;
 1379         repealing s. 14.204, F.S., relating to the Agency for
 1380         Enterprise Information Technology; creating s. 14.206,
 1381         F.S.; creating the Agency for State Technology;
 1382         providing for an executive director who shall be the
 1383         state’s Chief Information Officer; providing for
 1384         organization of the agency; providing duties and
 1385         responsibilities of the agency and of the executive
 1386         director; requiring certain status reports to the
 1387         Governor, the Cabinet, and the Legislature;
 1388         authorizing the agency to adopt rules; reordering and
 1389         amending s. 282.0041, F.S.; revising and providing
 1390         definitions of terms as used in the Enterprise
 1391         Information Technology Services Management Act;
 1392         amending s. 282.0055, F.S.; revising provisions for
 1393         assignment of information technology services;
 1394         directing the agency to create a road map for
 1395         enterprise information technology service
 1396         consolidation and a comprehensive transition plan;
 1397         requiring the transition plan to be submitted to the
 1398         Governor and Cabinet and the Legislature by a certain
 1399         date; providing duties for state agencies relating to
 1400         the transition plan; prohibiting state agencies from
 1401         certain technology-related activities; providing for
 1402         exceptions; amending s. 282.0056, F.S.; providing for
 1403         development by the agency executive director of a
 1404         biennial State Information Technology Strategic
 1405         Resources Plan for approval by the Governor and the
 1406         Cabinet; directing state agencies to submit their own
 1407         information technology plans and any requested
 1408         information to the agency; revising provisions for
 1409         development of work plans and implementation plans;
 1410         revising provisions for reporting on achievements;
 1411         amending s. 282.201, F.S.; revising provisions for a
 1412         state data center system; providing legislative
 1413         intent; directing the agency to provide
 1414         recommendations to the Governor and Legislature
 1415         relating to changes to the schedule for the
 1416         consolidations of state agency data centers; providing
 1417         duties of a state agency consolidating a data center
 1418         into a primary data center; revising the scheduled
 1419         consolidation dates for state agency data centers;
 1420         amending s. 282.203, F.S.; revising duties of primary
 1421         data centers; removing provisions for boards of
 1422         trustees to head primary data centers; requiring a
 1423         memorandum of understanding between the primary data
 1424         center and the participating state agency; limiting
 1425         the term of the memorandum; providing for failure to
 1426         enter into a memorandum; repealing s. 282.204, F.S.,
 1427         relating to Northwood Shared Resource Center;
 1428         repealing s. 282.205, F.S., relating to Southwood
 1429         Shared Resource Center; creating s. 282.206, F.S.;
 1430         establishing the Fletcher Shared Resource Center
 1431         within the Department of Financial Services to provide
 1432         enterprise information technology services; directing
 1433         the center to collaborate with the agency; directing
 1434         the center to provide collocation services to the
 1435         Department of Legal Affairs, the Department of
 1436         Agriculture and Consumer Services, and the Department
 1437         of Financial Services; directing the Department of
 1438         Financial Services to continue to use the center and
 1439         provide service to the Office of Financial Regulation
 1440         and the Office of Insurance Regulation and host the
 1441         Legislative Appropriations System/Planning and
 1442         Budgeting Subsystem; providing for governance of the
 1443         center; providing for a steering committee to ensure
 1444         adequacy and appropriateness of services; directing
 1445         the Department of Legal Affairs and the Department of
 1446         Agriculture and Consumer Services to move data center
 1447         equipment to the center by certain dates; repealing s.
 1448         282.33, F.S., relating to objective standards for data
 1449         center energy efficiency; amending s. 282.34, F.S.;
 1450         revising provisions for a statewide e-mail service to
 1451         meet the needs of executive branch agencies; requiring
 1452         state agencies to receive e-mail services through the
 1453         agency; authorizing the Department of Agriculture and
 1454         Consumer Services, the Department of Financial
 1455         Services, the Office of Financial Regulation, and the
 1456         Office of Insurance Regulation to receive e-mail
 1457         services from the Fletcher Shared Resource Center or
 1458         the agency; amending s. 282.702, F.S.; directing the
 1459         agency to develop a plan for statewide voice-over
 1460         Internet protocol services; requiring certain content
 1461         in the plan; requiring the plan to be submitted to the
 1462         Governor, the Cabinet, and the Legislature by a
 1463         certain date; amending s. 364.0135, F.S.; providing
 1464         for the agency’s role in the promotion of broadband
 1465         Internet service; providing an additional duty;
 1466         amending ss. 20.22, 110.205, 215.22, 215.322, 216.292,
 1467         282.318, 282.604, 282.703, 282.704, 282.705, 282.706,
 1468         282.707, 282.709, 282.7101, 282.711, 287.012, 287.057,
 1469         318.18, 320.0802, 328.72, 365.171, 365.172, 365.173,
 1470         365.174, 401.013, 401.015, 401.018, 401.021, 401.024,
 1471         401.027, 401.465, 445.011, 445.045, and 668.50, F.S.,
 1472         relating to a financial and cash management system
 1473         task force, career service exemptions, trust funds,
 1474         payment cards and electronic funds transfers, the
 1475         Communications Working Capital Trust Fund, the
 1476         Enterprise Information Technology Services Management
 1477         Act, adoption of rules, the Communication Information
 1478         Technology Services Act, procurement of commodities
 1479         and contractual services, the Florida Uniform
 1480         Disposition of Traffic Infractions Act, surcharge on
 1481         vehicle license tax, vessel registration, broadband
 1482         Internet service, the emergency communications number
 1483         E911, regional emergency medical telecommunications,
 1484         the Workforce Innovation Act of 2000, and the Uniform
 1485         Electronic Transaction Act; conforming provisions and
 1486         cross-references to changes made by the act; revising
 1487         and deleting obsolete provisions; providing an
 1488         effective date.