2019 Florida Statutes
SECTION 0051
Department of Management Services; powers, duties, and functions.
Department of Management Services; powers, duties, and functions.
282.0051 Department of Management Services; powers, duties, and functions.—The department shall have the following powers, duties, and functions:
(1) Develop and publish information technology policy for the management of the state’s information technology resources.
(2) Establish and publish information technology architecture standards to provide for the most efficient use of the state’s information technology resources and to ensure compatibility and alignment with the needs of state agencies. The department shall assist state agencies in complying with the standards.
(3) Establish project management and oversight standards with which state agencies must comply when implementing information technology projects. The department shall provide training opportunities to state agencies to assist in the adoption of the project management and oversight standards. To support data-driven decisionmaking, the standards must include, but are not limited to:
(a) Performance measurements and metrics that objectively reflect the status of an information technology project based on a defined and documented project scope, cost, and schedule.
(b) Methodologies for calculating acceptable variances in the projected versus actual scope, schedule, or cost of an information technology project.
(c) Reporting requirements, including requirements designed to alert all defined stakeholders that an information technology project has exceeded acceptable variances defined and documented in a project plan.
(d) Content, format, and frequency of project updates.
(4) Perform project oversight on all state agency information technology projects that have total project costs of $10 million or more and that are funded in the General Appropriations Act or any other law. The department shall report at least quarterly to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives on any information technology project that the department identifies as high-risk due to the project exceeding acceptable variance ranges defined and documented in a project plan. The report must include a risk assessment, including fiscal risks, associated with proceeding to the next stage of the project, and a recommendation for corrective actions required, including suspension or termination of the project.
(5) Identify opportunities for standardization and consolidation of information technology services that support business functions and operations, including administrative functions such as purchasing, accounting and reporting, cash management, and personnel, and that are common across state agencies. The department shall biennially on April 1 provide recommendations for standardization and consolidation to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives.
(6) Establish best practices for the procurement of information technology products and cloud-computing services in order to reduce costs, increase the quality of data center services, or improve government services.
(7) Develop standards for information technology reports and updates, including, but not limited to, operational work plans, project spend plans, and project status reports, for use by state agencies.
(8) Upon request, assist state agencies in the development of information technology-related legislative budget requests.
(9) Conduct annual assessments of state agencies to determine compliance with all information technology standards and guidelines developed and published by the department and provide results of the assessments to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives.
(10) Provide operational management and oversight of the state data center established pursuant to s. 282.201, which includes:
(a) Implementing industry standards and best practices for the state data center’s facilities, operations, maintenance, planning, and management processes.
(b) Developing and implementing cost-recovery mechanisms that recover the full direct and indirect cost of services through charges to applicable customer entities. Such cost-recovery mechanisms must comply with applicable state and federal regulations concerning distribution and use of funds and must ensure that, for any fiscal year, no service or customer entity subsidizes another service or customer entity.
(c) Developing and implementing appropriate operating guidelines and procedures necessary for the state data center to perform its duties pursuant to s. 282.201. The guidelines and procedures must comply with applicable state and federal laws, regulations, and policies and conform to generally accepted governmental accounting and auditing standards. The guidelines and procedures must include, but need not be limited to:
1. Implementing a consolidated administrative support structure responsible for providing financial management, procurement, transactions involving real or personal property, human resources, and operational support.
2. Implementing an annual reconciliation process to ensure that each customer entity is paying for the full direct and indirect cost of each service as determined by the customer entity’s use of each service.
3. Providing rebates that may be credited against future billings to customer entities when revenues exceed costs.
4. Requiring customer entities to validate that sufficient funds exist in the appropriate data processing appropriation category or will be transferred into the appropriate data processing appropriation category before implementation of a customer entity’s request for a change in the type or level of service provided, if such change results in a net increase to the customer entity’s cost for that fiscal year.
5. By November 15 of each year, providing to the Office of Policy and Budget in the Executive Office of the Governor and to the chairs of the legislative appropriations committees the projected costs of providing data center services for the following fiscal year.
6. Providing a plan for consideration by the Legislative Budget Commission if the cost of a service is increased for a reason other than a customer entity’s request made pursuant to subparagraph 4. Such a plan is required only if the service cost increase results in a net increase to a customer entity for that fiscal year.
7. Standardizing and consolidating procurement and contracting practices.
(d) In collaboration with the Department of Law Enforcement, developing and implementing a process for detecting, reporting, and responding to information technology security incidents, breaches, and threats.
(e) Adopting rules relating to the operation of the state data center, including, but not limited to, budgeting and accounting procedures, cost-recovery methodologies, and operating procedures.
(f) Conducting an annual market analysis to determine whether the state’s approach to the provision of data center services is the most effective and cost-efficient manner by which its customer entities can acquire such services, based on federal, state, and local government trends; best practices in service provision; and the acquisition of new and emerging technologies. The results of the market analysis shall assist the state data center in making adjustments to its data center service offerings.
(11) Recommend other information technology services that should be designed, delivered, and managed as enterprise information technology services. Recommendations must include the identification of existing information technology resources associated with the services, if existing services must be transferred as a result of being delivered and managed as enterprise information technology services.
(12) In consultation with state agencies, propose a methodology and approach for identifying and collecting both current and planned information technology expenditure data at the state agency level.
(13)(a) Notwithstanding any other law, provide project oversight on any information technology project of the Department of Financial Services, the Department of Legal Affairs, and the Department of Agriculture and Consumer Services which has a total project cost of $25 million or more and which impacts one or more other agencies. Such information technology projects must also comply with the applicable information technology architecture, project management and oversight, and reporting standards established by the department.
(b) When performing the project oversight function specified in paragraph (a), report at least quarterly to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives on any information technology project that the department identifies as high-risk due to the project exceeding acceptable variance ranges defined and documented in the project plan. The report shall include a risk assessment, including fiscal risks, associated with proceeding to the next stage of the project and a recommendation for corrective actions required, including suspension or termination of the project.
(14) If an information technology project implemented by a state agency must be connected to or otherwise accommodated by an information technology system administered by the Department of Financial Services, the Department of Legal Affairs, or the Department of Agriculture and Consumer Services, consult with these departments regarding the risks and other effects of such projects on their information technology systems and work cooperatively with these departments regarding the connections, interfaces, timing, or accommodations required to implement such projects.
(15) If adherence to standards or policies adopted by or established pursuant to this section causes conflict with federal regulations or requirements imposed on a state agency and results in adverse action against the state agency or federal funding, work with the state agency to provide alternative standards, policies, or requirements that do not conflict with the federal regulation or requirement. The department shall annually report such alternative standards to the Governor, the President of the Senate, and the Speaker of the House of Representatives.
(16)(a) Establish an information technology policy for all information technology-related state contracts, including state term contracts for information technology commodities, consultant services, and staff augmentation services. The information technology policy must include:
1. Identification of the information technology product and service categories to be included in state term contracts.
2. Requirements to be included in solicitations for state term contracts.
3. Evaluation criteria for the award of information technology-related state term contracts.
4. The term of each information technology-related state term contract.
5. The maximum number of vendors authorized on each state term contract.
(b) Evaluate vendor responses for information technology-related state term contract solicitations and invitations to negotiate.
(c) Answer vendor questions on information technology-related state term contract solicitations.
(d) Ensure that the information technology policy established pursuant to paragraph (a) is included in all solicitations and contracts that are administratively executed by the department.
(17) Recommend potential methods for standardizing data across state agencies which will promote interoperability and reduce the collection of duplicative data.
(18) Recommend open data technical standards and terminologies for use by state agencies.
(19) Adopt rules to administer this section.
History.—s. 10, ch. 2014-221; s. 3, ch. 2016-138; ss. 59, 61, ch. 2018-10; ss. 79, 81, 82, 115, ch. 2019-116; s. 9, ch. 2019-118.