Florida Senate - 2009 SB 2574
By Senator Haridopolos
26-00909B-09 20092574__
1 A bill to be entitled
2 An act relating to information technology; amending s.
3 11.90, F.S.; deleting an obsolete provision relating
4 to duties of the Legislative Budget Commission;
5 amending s. 14.204, F.S.; revising the duties of the
6 Agency for Enterprise Information Technology;
7 requiring the agency to complete certain duties
8 relating to a proposed enterprise information
9 technology services plan by a specified date; creating
10 the Office of Information Security within the agency;
11 designating the Chief Information Security Officer as
12 head of the office and who reports to the executive
13 director of the agency; providing the duties of the
14 officer; requiring the agency to submit a plan for
15 information technology security to the Legislature and
16 Governor by a certain date; amending s. 110.205, F.S.;
17 revising certain positions relating to the obsolete
18 State Technology Office that are exempted from career
19 service; amending s. 282.003, F.S.; renaming the
20 Information Technology Resources Management Act as the
21 “Enterprise Information Technology Services Management
22 Act”; amending s. 282.0041, F.S.; revising
23 definitions; amending s. 282.0056, F.S.; revising
24 provisions relating to proposed enterprise information
25 technology services submitted by the agency; deleting
26 the requirement that the agency develop a migration
27 plan; amending s. 282.201, F.S.; revising the duties
28 of the agency; specifying the requirements for
29 obtaining an exception to the limitations on agencies
30 relating to computer services; amending s. 282.203,
31 F.S.; providing an additional duty for a state primary
32 data center; revising the date for appointing a board
33 of trustees of a primary data center; revising the
34 method for determining representation on the board of
35 trustees; revising the role on the board of the
36 executive director of the Agency for Enterprise
37 Information Technology; providing an additional duty
38 of the board; amending s. 282.204, F.S.; deleting
39 obsolete provisions; providing that the Northwood
40 Shared Resource Center is an agency established with
41 the Department of Children and Family Services;
42 authorizing the secretary of the department to appoint
43 a temporary chair of the center's board of trustees;
44 requiring the agency and the department to identify
45 and transfer department resources by budget amendment;
46 amending s. 282.205, F.S.; deleting obsolete
47 provisions relating to the Southwood Shared Resource
48 Center; amending s. 282.318, F.S.; renaming the
49 Security of Data and Information Technology
50 Infrastructure Act as the “Enterprise Security of Data
51 and Information Technology Act”; providing that
52 information technology security is an enterprise
53 information technology service; substituting the
54 Office of Information Security for the agency and
55 revising the associated duties related to information
56 technology security; amending s. 282.33, F.S.;
57 specifying that the Agency for Enterprise Information
58 Technology shall make recommendations relating to the
59 efficiency of state primary data centers; creating s.
60 282.34, F.S.; establishing a state e-mail system as an
61 enterprise information technology service; directing
62 the Southwood Shared Resource Center to manage and
63 operate the system; directing the agency to conduct an
64 analysis of such service by a certain date and
65 establish a workgroup to develop an implementation
66 plan; prohibiting a state agency from terminating such
67 service unless authorized by the Legislature;
68 requesting the Division of Statutory Revision to
69 create part IV of ch. 282, F.S.; creating s. 282.701,
70 F.S.; providing a short title; transferring and
71 renumbering s. 282.102, F.S., relating to the powers
72 of the Department of Management Services with respect
73 to a state communication system; transferring,
74 renumbering, and amending ss. 282.103, 282.104,
75 282.105, 282.106, and 282.107, F.S., relating to the
76 SUNCOM system; substituting the department for the
77 State Technology Office; transferring and renumbering
78 s. 282.109, F.S., relating to the emergency control of
79 the state communications system; transferring,
80 renumbering, and amending ss. 282.1095 and 282.111,
81 F.S., relating to the communications system for law
82 enforcement agencies; substituting the department for
83 the State Technology Office; transferring,
84 renumbering, and amending ss. 282.21, F.S., relating
85 to remote electronic access; substituting the
86 department for the State Technology Office; repealing
87 s. 282.22, F.S., relating to materials and products
88 acquired or developed by the State Technology Office;
89 amending s. 287.042, F.S.; revising the duties of the
90 department to include the development of procedures
91 that ensure certain records requirements; deleting the
92 requirement that the department consult with the
93 office on agreements for the joint purchase of
94 information technology; deleting a requirement for the
95 department and office to access certain contracts;
96 amending s. 1004.52, F.S.; deleting the requirement
97 that the Institute on Urban Policy and Commerce
98 consult with the office and the Chief Information
99 Officer on requirements for computers purchased for
100 the community computer access grant program; deleting
101 and transferring certain administrative rules relating
102 to the State Technology Office; amending s. 17,
103 chapter 2008-116, Laws of Florida; providing that a
104 state primary data center is the custodian of
105 resources and equipment located in the data center for
106 the purposes of ch. 272, F.S.; amending ss. 318.18,
107 393.002, and 1001.26, F.S.; conforming cross
108 references; providing an effective date.
109
110 Be It Enacted by the Legislature of the State of Florida:
111
112 Section 1. Subsection (7) of section 11.90, Florida
113 Statutes, is amended to read:
114 11.90 Legislative Budget Commission.—
115 (7) The commission shall review information resources
116 management needs identified in agency long-range program plans
117 for consistency with the State Annual Report on Enterprise
118 Resource Planning and Management and statewide policies adopted
119 by the State Technology Office. The commission shall also review
120 proposed budget amendments associated with information
121 technology that involve more than one agency, that have an
122 outcome that impacts another agency, or that exceed $500,000 in
123 total cost over a 1-year period.
124 Section 2. Section 14.204, Florida Statutes, is amended to
125 read:
126 14.204 Agency for Enterprise Information Technology.—The
127 Agency for Enterprise Information Technology is created within
128 the Executive Office of the Governor.
129 (1) The head of the agency shall be the Governor and
130 Cabinet.
131 (2) The agency is shall be a separate budget entity and
132 that is not subject to control, supervision, or direction by the
133 Executive Office of the Governor in any manner, including, but
134 not limited to, purchasing, transactions involving real or
135 personal property, personnel, or budgetary matters.
136 (3) The agency shall have an executive director who is the
137 state's Chief Information Officer and who must:
138 (a) Have a degree from an accredited postsecondary
139 institution;
140 (b) Have at least 7 years of executive-level experience in
141 managing information technology organizations; and
142 (c) Be appointed by the Governor and confirmed by the
143 Cabinet, subject to confirmation by the Senate, and serve at the
144 pleasure of the Governor and Cabinet.; and
145 (d) Be the chief information officer of the state.
146 (4) The agency shall have the following duties and
147 responsibilities:
148 (a) Develop strategies for the design, delivery, and
149 management of the enterprise information technology services
150 established in law.
151 (b) Monitor the delivery and management of the enterprise
152 information technology services as established in law.
153 (c) Make recommendations to the agency head and the
154 Legislature concerning other information technology services
155 that should be designed, delivered, and managed as enterprise
156 information technology services as defined in s. 282.0041.
157 (d) Plan and establish policies for managing proposed
158 statutorily authorized enterprise information technology
159 services, which includes:
160 1. Developing business cases that, when applicable, include
161 the components identified in s. 287.0574;
162 2. Establishing and coordinating project-management teams;
163 3. Establishing formal risk-assessment and mitigation
164 processes; and
165 4. Providing for independent monitoring of projects for
166 recommended corrective actions.
167 (e) Define the architecture standards for enterprise
168 information technology services and develop implementation
169 approaches for statewide migration to those standards.
170 (e)(f) Beginning July 1, 2010, develop, and publish, and
171 biennially update a long-term strategic enterprise information
172 technology plan that identifies and recommends strategies and
173 opportunities to improve the delivery of cost-effective and
174 efficient for how enterprise information technology services to
175 be proposed for establishment pursuant to s. 282.0056 will
176 deliver effective and efficient government services to state
177 residents and improve the operations of state agencies.
178 (f)(g) Perform duties related to the state data center
179 system as provided in s. 282.201.
180 (g)(h) Coordinate procurement negotiations for hardware and
181 software acquisition necessary to consolidate data center or
182 computer facilities infrastructure.
183 (h)(i) In consultation with the Division of Purchasing in
184 the Department of Management Services, coordinate procurement
185 negotiations for software that will be used by multiple
186 agencies.
187 (i)(j) In coordination with, and through the services of,
188 the Division of Purchasing in the Department of Management
189 Services, develop best practices for technology procurements.
190 (5) The Office of Information Security shall be created
191 within the agency. The agency shall designate a state Chief
192 Information Security Officer who shall report directly to the
193 executive director. The chief officer shall oversee the
194 activities of the office and perform the following duties and
195 responsibilities:
196 (a) Develop, and annually update by February 1, an
197 enterprise information security strategic plan that includes
198 security goals and objectives for the strategic issues of
199 information security policy, risk management, training, incident
200 management, and survivability planning.
201 (b) Develop enterprise security rules and published
202 guidelines for:
203 1. Comprehensive risk analyses and information security
204 audits conducted by state agencies.
205 2. Responding to suspected or confirmed information
206 security incidents, including suspected or confirmed breaches of
207 personal information or exempt data.
208 3. Agency security plans, including strategic security
209 plans and security program plans.
210 4. The recovery of information technology and data
211 following a disaster.
212 5. The managerial, operational, and technical safeguards
213 for protecting state government data and information technology
214 resources.
215 (c) Assist agencies in complying with the provisions of s.
216 282.318.
217 (d) Pursue appropriate funding for the purpose of enhancing
218 domestic security.
219 (e) Provide training for agency information security
220 managers.
221 (f) Annually review the strategic and operational
222 information security plans of executive branch agencies.
223 (6) By December 31, 2010, the agency shall develop, and
224 submit to the President of the Senate, the Speaker of the House
225 of Representatives, and the Governor an implementation plan for
226 information technology security. The agency shall describe the
227 scope of operation, conduct costs and requirements analyses,
228 conduct an inventory of all existing security information
229 technology resources, and develop strategies, timeframes, and
230 resources necessary for statewide migration.
231 (7)(5) The agency shall operate in a manner that ensures
232 the participation and representation of state agencies and the
233 Agency Chief Information Officers Council established in s.
234 282.315.
235 (8)(6) The agency may adopt rules pursuant to ss.
236 120.536(1) and 120.54 to carry out its statutory duties.
237 Section 3. Paragraphs (e), (w), (x), and (y) of subsection
238 (2) of section 110.205, Florida Statutes, are amended to read:
239 110.205 Career service; exemptions.—
240 (2) EXEMPT POSITIONS.—The exempt positions that are not
241 covered by this part include the following:
242 (e) The Chief Information Officer in the Agency for
243 Enterprise Information Technology, deputy chief information
244 officers, chief technology officers, and deputy chief technology
245 officers in the State Technology Office. Unless otherwise fixed
246 by law, the Agency for Enterprise Information Technology State
247 Technology Office shall set the salary and benefits of these
248 positions in accordance with the rules of the Senior Management
249 Service.
250 (w) All managers, supervisors, and confidential employees
251 of the State Technology Office. The State Technology Office
252 shall set the salaries and benefits of these positions in
253 accordance with the rules established for the Selected Exempt
254 Service.
255 (w)(x) Managerial employees, as defined in s. 447.203(4),
256 confidential employees, as defined in s. 447.203(5), and
257 supervisory employees who spend the majority of their time
258 communicating with, motivating, training, and evaluating
259 employees, and planning and directing employees’ work, and who
260 have the authority to hire, transfer, suspend, lay off, recall,
261 promote, discharge, assign, reward, or discipline subordinate
262 employees or effectively recommend such action, including all
263 employees serving as supervisors, administrators, and directors.
264 Excluded are employees also designated as special risk or
265 special risk administrative support and attorneys who serve as
266 administrative law judges pursuant to s. 120.65 or for hearings
267 conducted pursuant to s. 120.57(1)(a). Additionally, registered
268 nurses licensed under chapter 464, dentists licensed under
269 chapter 466, psychologists licensed under chapter 490 or chapter
270 491, nutritionists or dietitians licensed under part X of
271 chapter 468, pharmacists licensed under chapter 465,
272 psychological specialists licensed under chapter 491, physical
273 therapists licensed under chapter 486, and speech therapists
274 licensed under part I of chapter 468 are excluded, unless
275 otherwise collectively bargained.
276 (x)(y) All officers and employees of the Justice
277 Administrative Commission, Office of the State Attorney, Office
278 of the Public Defender, regional offices of capital collateral
279 counsel, offices of criminal conflict and civil regional
280 counsel, and Statewide Guardian Ad Litem Office, including the
281 circuit guardian ad litem programs.
282 Section 4. Section 282.003, Florida Statutes, is amended to
283 read:
284 282.003 Short title.—This part may be cited as the
285 “Enterprise Information Technology Services Resources Management
286 Act.”
287 Section 5. Section 282.0041, Florida Statutes, is amended
288 to read:
289 282.0041 Definitions.—As used in this chapter For the
290 purposes of this part, the term:
291 (1) “Agency” has the same meaning as means those entities
292 described in s. 216.011(1)(qq).
293 (2) “Agency chief information officer” means the person
294 employed appointed by the agency head to coordinate and manage
295 the information technology functions and responsibilities
296 applicable to that agency, and to participate and represent the
297 agency in developing strategies for implementing enterprise
298 information technology services established pursuant to this
299 part, identified in law and to develop developing
300 recommendations for enterprise information technology policy.
301 (3) “Agency Chief Information Officers Council” means the
302 council created in s. 282.315.
303 (4) “Agency for Enterprise Information Technology” means
304 the agency created in s. 14.204.
305 (5) “Agency information technology service” means a service
306 that directly helps an agency fulfill its statutory or
307 constitutional responsibilities and policy objectives and is
308 usually associated with the agency's primary or core business
309 functions.
310 (6) “Annual budget meeting” means a meeting of the board of
311 trustees of a primary data center to review data center usage to
312 determine the apportionment of board members for the following
313 fiscal year, review rates for each service provided, and
314 determine any other required changes.
315 (7) “Breach” means the unauthorized acquisition,
316 accidentally or deliberately, of computerized data that
317 materially compromises the security, confidentiality, or
318 integrity of personal information.
319 (8)(7) “Business continuity plan” means a plan for disaster
320 recovery which provides for the continued functioning of a
321 primary data center during and after a disaster.
322 (9)(8) “Computing facility” means agency space containing
323 fewer than a total of 10 physical or logical servers, any of
324 which supports a strategic or nonstrategic information
325 technology service, as described in budget instructions
326 developed pursuant to s. 216.023, but excluding single, logical
327 server single-server installations that exclusively perform a
328 utility function such as file and print servers.
329 (10)(9) “Customer entity” means an entity that obtains
330 services from a primary data center.
331 (11)(10) “Data center” means agency space containing 10 or
332 more physical or logical servers any of which supports a
333 strategic or nonstrategic information technology service, as
334 described in budget instructions developed pursuant to s.
335 216.023.
336 (12) “Department” means the Department of Management
337 Services.
338 (11) “Enterprise level” means all executive branch agencies
339 created or authorized in statute to perform legislatively
340 delegated functions.
341 (13)(12) “Enterprise information technology service” means
342 an information technology service that is used in all agencies
343 or a subset of agencies and is established in law to be
344 designed, delivered, and managed at the enterprise level.
345 (14)(13) “E-mail, messaging, and calendaring service” means
346 the enterprise information technology service that enables users
347 to send, receive, file, store, manage, and retrieve electronic
348 messages, attachments, appointments, and addresses.
349 (15)(14) “Information-system utility” means a full-service
350 information-processing facility offering hardware, software,
351 operations, integration, networking, and consulting services.
352 (16)(15) “Information technology” means equipment,
353 hardware, software, firmware, programs, systems, networks,
354 infrastructure, media, and related material used to
355 automatically, electronically, and wirelessly collect, receive,
356 access, transmit, display, store, record, retrieve, analyze,
357 evaluate, process, classify, manipulate, manage, assimilate,
358 control, communicate, exchange, convert, converge, interface,
359 switch, or disseminate information of any kind or form.
360 (17)(16) “Information technology policy” means statements
361 that describe clear choices for how information technology will
362 deliver effective and efficient government services to residents
363 and improve state agency operations. A policy may relate to
364 investments, business applications, architecture, or
365 infrastructure. A policy describes its rationale, implications
366 of compliance or noncompliance, the timeline for implementation,
367 metrics for determining compliance, and the accountable
368 structure responsible for its implementation.
369 (18)(17) “Performance metrics” means the measures of an
370 organization's activities and performance.
371 (19)(18) “Primary data center” means a state or nonstate
372 agency data center that is a recipient entity for consolidation
373 of nonprimary data centers and computing facilities. A primary
374 data center may be authorized in law or designated by the Agency
375 for Enterprise Information Technology pursuant to s. 282.201.
376 (20)(19) “Project” means an endeavor that has a defined
377 start and end point; is undertaken to create or modify a unique
378 product, service, or result; and has specific objectives that,
379 when attained, signify completion.
380 (21) “Risk analysis” means the process of identifying
381 security risks, determining their magnitude, and identifying
382 areas needing safeguards.
383 (22)(20) “Service level” means the key performance
384 indicators (KPI) of an organization or service which must be
385 regularly performed, monitored, and achieved.
386 (23)(21) “Service-level agreement” means a written contract
387 between a data center and a customer entity which specifies the
388 scope of services provided, service level, the duration of the
389 agreement, the responsible parties, and service costs. A
390 service-level agreement is not a rule pursuant to chapter 120.
391 (24)(22) “Standards” means the use of current, open,
392 nonproprietary, or non-vendor-specific technologies.
393 (25) “Threat” means any circumstance or event that may
394 cause harm to the integrity, availability, or confidentiality of
395 information technology resources.
396 (26)(23) “Total cost” means all costs associated with
397 information technology projects or initiatives, including, but
398 not limited to, value of hardware, software, service,
399 maintenance, incremental personnel, and facilities. Total cost
400 of a loan or gift of information technology resources to an
401 agency includes the fair market value of the resources; however,
402 the total cost of loans or gifts of information technology to
403 state universities to be used in instruction or research does
404 not include fair market value.
405 (27)(24) “Usage” means the billing amount charged by the
406 primary data center, less any pass-through charges, to the
407 customer entity.
408 (28)(25) “Usage rate” means a customer entity's usage or
409 billing amount as a percentage of total usage.
410 Section 6. Subsections (2) and (3) of section 282.0056,
411 Florida Statutes, are amended to read:
412 282.0056 Development of work plan; development of
413 implementation plans; and policy recommendations.—
414 (2) By December 31, 2009, The agency may shall develop, and
415 submit to the President of the Senate, and the Speaker of the
416 House of Representatives, and the Governor by October 1 of each
417 year implementation plans for at least one of the following
418 proposed enterprise information technology services to be
419 established in law:
420 (a) A shared or consolidated enterprise information
421 technology service delivery and support model for the e-mail,
422 messaging, and calendaring service.
423 (b) Information security.
424 (c) Consideration of a planned replacement cycle for
425 computer equipment.
426 (3) In developing policy recommendations and implementation
427 plans for established and proposed enterprise information
428 technology services, the agency shall describe the scope of
429 operation, conduct costs and requirements analyses, conduct an
430 inventory of all existing information technology resources that
431 are associated with each service, and develop strategies and
432 timeframes for statewide migration. For purposes of
433 consolidating state-owned or state-operated computer rooms and
434 data centers, the agency shall develop a migration plan for any
435 consolidation effort.
436 Section 7. Subsection (2), paragraph (c) of subsection (3),
437 and subsection (4) of section 282.201, Florida Statutes, are
438 amended to read:
439 282.201 State data center system; agency duties and
440 limitations.—A state data center system that includes all
441 primary data centers, other nonprimary data centers, and
442 computing facilities, and that provides an enterprise
443 information technology service as defined in s. 282.0041, is
444 established.
445 (2) AGENCY FOR ENTERPRISE INFORMATION TECHNOLOGY DUTIES.
446 The Agency for Enterprise Information Technology shall:
447 (a) Collect and maintain information necessary for
448 developing policies relating to the data center system,
449 including, but not limited to, an inventory of facilities.
450 (b) Annually approve cost-recovery mechanisms and rate
451 structures for primary data centers which recover costs through
452 charges to customer entities.
453 (c) By December 31 of each year beginning in 2009, submit
454 to the Legislature recommendations to improve the efficiency and
455 effectiveness of computing services provided by state data
456 center system facilities. Such recommendations may include, but
457 need not be limited to:
458 1. Policies for improving the cost-effectiveness and
459 efficiency of the state data center system.
460 2. Infrastructure improvements supporting the consolidation
461 of facilities or preempting the need to create additional data
462 centers center facilities or computing facilities.
463 3. Standards for an objective, credible energy performance
464 rating system that data center boards of trustees can use to
465 measure state data center energy consumption and efficiency on a
466 biannual basis.
467 4. Uniform disaster recovery standards.
468 5. Standards for primary data centers providing transparent
469 financial data to user agencies.
470 6. Consolidation of contract practices or coordination of
471 software, hardware, or other technology-related procurements.
472 7. Improvements to data center governance structures.
473 (d) By October 1 December 31 of each year beginning in
474 2009, identify at least two nonprimary data centers or computing
475 facilities for consolidation into a primary data center or
476 nonprimary data center facility.
477 1. The consolidation proposal must provide a transition
478 plan that includes:, including
479 a. Estimated transition costs for each data center or
480 computing facility recommended for consolidation;,
481 b. Detailed timeframes for the complete transition of each
482 data center or computing facility recommended for
483 consolidation;,
484 c. Proposed recurring and nonrecurring fiscal impacts,
485 including increased or decreased costs and associated budget
486 impacts for affected budget entities; budgetary savings, and
487 d. Substantive legislative changes necessary to implement
488 the transition.
489 2.1. Recommendations shall be based on the goal of
490 maximizing current and future cost savings. The agency shall
491 consider the following criteria in selecting consolidations that
492 maximize efficiencies by providing the ability to:
493 a. Consolidate purchase decisions;
494 b. Leverage expertise and other resources to gain economies
495 of scale;
496 c. Implement state information technology policies more
497 effectively;
498 d. Maintain or improve the level of service provision to
499 customer entities; and
500 e. Make progress towards the state's goal of consolidating
501 data centers and computing facilities into primary data centers.
502 3.2. The agency shall establish workgroups as necessary to
503 ensure participation by affected agencies in the development of
504 recommendations related to consolidations.
505 4.3. By December 31, 2010, the agency shall develop and
506 submit to the Legislature an overall consolidation plan for
507 state data centers and computing facilities. The plan shall
508 indicate a timeframe for the consolidation of all remaining
509 nonprimary data centers facilities into primary data centers,
510 including existing and proposed primary data centers, by 2019.
511 5.4. This paragraph expires July 1, 2017.
512 (e) Develop and establish rules policies by rule relating
513 to the operation of the state data center system which must
514 comply with applicable federal regulations, including 2 C.F.R.
515 part 225 and 45 C.F.R. The rules policies may address:
516 1. Ensuring that financial information is captured and
517 reported consistently and accurately.
518 2. Requiring the establishment of service-level agreements
519 executed between a data center and its customer entities for
520 services provided.
521 3. Requiring annual full cost recovery on an equitable
522 rational basis. The cost-recovery methodology must ensure that
523 no service is subsidizing another service and may include
524 adjusting the subsequent year's rates as a means to recover
525 deficits or refund surpluses from a prior year.
526 4. Requiring that any special assessment imposed to fund
527 expansion is based on a methodology that apportions the
528 assessment according to the proportional benefit to each
529 customer entity.
530 5. Requiring that rebates be given when revenues have
531 exceeded costs, that rebates be applied to offset charges to
532 those customer entities that have subsidized the costs of other
533 customer entities, and that such rebates may be in the form of
534 credits against future billings.
535 6. Requiring that all service-level agreements have a
536 contract term of up to 3 years, but may include an option to
537 renew for up to 3 additional years contingent on approval by the
538 board, and require at least a 180-day notice of termination.
539 7. Designating any nonstate data centers as primary data
540 centers if the center:
541 a. Has an established governance structure that represents
542 customer entities proportionally.
543 b. Maintains an appropriate cost-allocation methodology
544 that accurately bills a customer entity based on the actual
545 direct and indirect costs to the customer entity, and prohibits
546 the subsidization of one customer entity's costs by another
547 entity.
548 c. Has sufficient raised floor space, cooling, redundant
549 power capacity, including uninterruptible power supply and
550 backup power generation, to accommodate the computer processing
551 platforms and support necessary to host the computing
552 requirements of additional customer entities.
553 8. Removing nonstate data centers from primary data center
554 designation if the nonstate data center fails to meet standards
555 necessary to ensure that the state's data is maintained pursuant
556 to subparagraph 7.
557 (3) STATE AGENCY DUTIES.—
558 (c) The chief information officer of each state agency
559 shall assist the Agency for Enterprise Information Technology at
560 the request of as required by the Agency for Enterprise
561 Information Technology agency.
562 (4) AGENCY LIMITATIONS.—
563 (a) Unless authorized by the Legislature or as provided in
564 paragraphs (b) and (c) paragraph (b), a state agency may not:
565 1. Create a new computing facility or data center, or
566 expand the capability to support additional computer equipment
567 in an existing computing facility or nonprimary data center;
568 2. Transfer existing computer services to a nonprimary data
569 center or computing facility;
570 3. Terminate services with a primary data center or
571 transfer services between primary data centers without giving
572 written notice of intent to terminate or transfer services 180
573 days before such termination or transfer; or
574 4. Initiate a new computer service if it does not currently
575 have an internal data center except with a primary data center.
576 (b) Exceptions to the limitations in subparagraphs (a)1.,
577 2., and 4. paragraph (a) may be granted by the agency head of
578 the Agency for Enterprise Information Technology if there is
579 insufficient capacity in a primary data center to absorb the
580 workload associated with agency computing services.
581 1. A request for an exception must be submitted in writing
582 to the Agency for Enterprise Information Technology. The agency
583 must accept, accept with conditions, or deny the request within
584 60 days after receipt of the written request. The agency's
585 decision is not subject to chapter 120.
586 2. At a minimum, the agency may not approve a request
587 unless it includes:
588 a. Documentation approved by the primary data center's
589 board of trustees which confirms that the center cannot meet the
590 capacity requirements of the agency requesting the exception
591 within the current fiscal year.
592 b. A description of the capacity requirements of the agency
593 requesting the exception.
594 c. Documentation from the agency demonstrating why it is
595 critical to the agency's mission that the expansion or transfer
596 must be completed within the fiscal year rather than when
597 capacity is established at a primary data center.
598 (c) Exceptions to subparagraph (a)3. may be granted by the
599 board of trustees of the primary data center if the termination
600 or transfer of services can be absorbed within the current cost
601 allocation plan.
602 (d) Upon the termination of or transfer of agency computing
603 services from the primary data center, the primary data center
604 shall require information sufficient to determine compliance
605 with this section. If a primary data center determines that an
606 agency is in violation of this section, it shall report the
607 violation to the Agency for Enterprise Information Technology.
608 Section 8. Paragraph (j) is added to subsection (1) of
609 section 282.203, Florida Statutes, subsection (2) of that
610 section is amended, and paragraph (j) is added to subsection (3)
611 of that section, to read:
612 282.203 Primary data centers.—
613 (1) DATA CENTER DUTIES.—Each primary data center shall:
614 (j) Be the custodian of resources and equipment that are
615 located, operated, supported, and managed by the center for the
616 purposes of chapter 273.
617 (2) BOARD OF TRUSTEES.—Each primary data center shall be
618 headed by a board of trustees as defined in s. 20.03.
619 (a) The members of the board shall be appointed by the
620 agency head or chief executive officer of the representative
621 customer entities of the primary data center and shall serve at
622 the pleasure of the appointing customer entity. The initial
623 appointments of members shall be made as soon as practicable,
624 but not later than July 1, 2008.
625 1. For each of the first 2 fiscal years that a center is in
626 operation, membership shall be apportioned as provided in
627 subparagraph 3. based on projected customer entity usage rates
628 for the fiscal operating year of the primary data center.
629 However, at a minimum:
630 a. During the Southwood Shared Resource Center's first 2
631 operating years, the Department of Transportation, the
632 Department of Highway Safety and Motor Vehicles, the Department
633 of Health, and the Department of Revenue must each have at least
634 one trustee.
635 b. During the Northwood Shared Resource Center's first
636 operating year, the Department of State and the Department of
637 Education must each have at least one trustee.
638 2. After the second full year of operation, membership
639 shall be apportioned as provided in subparagraph 3. based on the
640 most recent estimate of customer entity usage rates for the
641 prior year and a projection of usage rates for the first 9
642 months of the next fiscal year. Such calculation must be
643 completed before the annual budget meeting held before the
644 beginning of the next fiscal year so that any decision to add or
645 remove board members can be voted on at the budget meeting and
646 become effective on July 1 of the subsequent fiscal year.
647 3. Each customer entity that has a projected usage rate of
648 4 percent or greater during the fiscal operating year of the
649 primary data center shall have one trustee on the board.
650 Membership shall be apportioned using the following criteria:
651 4. The total number of votes for each trustee shall be
652 apportioned as follows:
653 a. Customer entities of a primary data center whose usage
654 rate represents 4 but less than 15 to 14 percent of total usage
655 shall have one vote trustee.
656 b. Customer entities of a primary data center whose usage
657 rate represents 15 but less than 30 to 29 percent of total usage
658 shall have two votes trustees.
659 c. Customer entities of a primary data center whose usage
660 rate represents 30 but less than 50 to 49 percent of total usage
661 shall have three votes trustees.
662 d. A customer entity of a primary data center whose usage
663 rate represents 50 percent or more of total usage shall have
664 four votes trustees.
665 e. A single trustee having one vote shall represent those
666 customer entities that represent less than 4 percent of the
667 total usage. The trustee shall be selected by a process
668 determined by the board.
669 f. The executive director of the Agency for Enterprise
670 Information Technology shall serve as a voting member of the
671 board.
672 (b) Before July 1 of each year, each board of trustees of a
673 primary data center shall elect a chair and a vice chair to a
674 term of 1 year or until a successor is elected. The vice chair
675 shall serve in the absence of the chair. The vice chair may not
676 be from the same customer entity as the chair. The chair may be
677 elected to serve one additional successive term.
678 (c) Members of the board representing customer entities who
679 fail to timely pay for data center services do not have voting
680 rights.
681 (d) The board shall take action by majority vote. If there
682 is a tie, the chair shall be on the prevailing side.
683 (e) The executive director of the Agency for Enterprise
684 Information Technology shall be the advisor to the board.
685 (3) BOARD DUTIES.—Each board of trustees of a primary data
686 center shall:
687 (j) Maintain the capabilities of the primary data center's
688 facilities. Maintenance responsibilities include, but are not
689 limited to, ensuring that adequate conditioned floor space, fire
690 suppression, cooling, and power is in place; replacing aging
691 equipment when necessary; and making decisions related to data
692 center expansion and renovation, periodic upgrades, and
693 improvements that are required to ensure the ongoing suitability
694 of the facility as an enterprise data center consolidation site
695 in the state data center system. To the extent possible, the
696 board shall ensure that its approved annual cost-allocation plan
697 recovers sufficient funds from its customers to provide for
698 these needs pursuant to s. 282.201(2)(e).
699 Section 9. Section 282.204, Florida Statutes, is amended to
700 read:
701 282.204 Northwood Shared Resource Center.—
702 (1) Beginning July 1, 2008, A workgroup shall be
703 established within the Department of Children and Family
704 Services for the purpose of developing a plan for converting its
705 data center to a primary data center.
706 (a) The workgroup shall be chaired by a member appointed by
707 the secretary of the department. Workgroup members may include
708 other state agencies who will be customers of the data center
709 during the 2009-2010 fiscal year. The workgroup shall include
710 staff members who have appropriate financial and technical
711 skills as determined by the chair of the workgroup.
712 (b) The conversion plan shall address organizational
713 changes, personnel changes, cost-allocation plan changes, and
714 any other changes necessary to effectively convert to a primary
715 state data center capable of providing computer services as
716 required by s. 282.201.
717 (c) The workgroup shall submit recommendations for
718 facilitating the conversion to the Governor and Cabinet, the
719 President of the Senate, and the Speaker of the House of
720 Representatives by December 31, 2008.
721 (2) Effective July 1, 2009, The Northwood Shared Resource
722 Center is an agency is established within the Department of
723 Children and Family Services for administrative purposes only.
724 (a) The center is designated as a primary data center and
725 shall be a separate budget entity that is not subject to
726 control, supervision, or direction of the department in any
727 manner, including, but not limited to, purchasing, transactions
728 involving real or personal property, personnel, or budgetary
729 matters.
730 (b)(3) The center shall be headed by a board of trustees as
731 provided in s. 282.203, who shall comply with all requirements
732 of that section related to the operation of the center and with
733 the rules policies of the Agency for Enterprise Information
734 Technology related to the design and delivery of enterprise
735 information technology services. The secretary of the department
736 may appoint a temporary board chair for the purpose of convening
737 the board of trustees, selecting a chair, and determining board
738 membership.
739 (3) The Department of Children and Family Services and the
740 center shall identify resources associated with information
741 technology functions which are not related to the support,
742 management, and operation of the data center but which currently
743 exist within the same budget entity as the data center. By
744 October 1, 2009, the center shall submit a budget amendment to
745 transfer resources associated with these functions to the
746 department.
747 Section 10. Section 282.205, Florida Statutes, is amended
748 to read:
749 282.205 Southwood Shared Resource Center.—
750 (1) Effective July 1, 2008, The Southwood Shared Resource
751 Center is an agency established within the department of
752 Management Services for administrative purposes only.
753 (1) The center is designated as a primary data center and
754 shall be a separate budget entity that is not subject to
755 control, supervision, or direction of the department in any
756 manner, including, but not limited to, purchasing, transactions
757 involving real or personal property, personnel, or budgetary
758 matters.
759 (2) The Department of Management Services and the center
760 shall identify resources associated with information technology
761 functions which are not related to the support, management, and
762 operation of the data center but which currently exist within
763 the same budget entity as the data center. By October 1, 2008,
764 the center shall submit a budget amendment to transfer resources
765 associated with these functions to the Department of Management
766 Services.
767 (2)(3) The center shall be headed by a board of trustees as
768 provided in s. 282.203, who shall comply with all requirements
769 of that section related to the operation of the center and with
770 the rules policies of the Agency for Enterprise Information
771 Technology related to the design and delivery of enterprise
772 information technology services.
773 Section 11. Section 282.318, Florida Statutes, is amended
774 to read:
775 282.318 Security of data and information technology
776 resources.—
777 (1) This section may be cited as the “Enterprise Security
778 of Data and Information Technology Infrastructure Act.”
779 (2) Information technology security is established as an
780 enterprise information technology service as defined in s.
781 287.0041.
782 (3)(2)(a) The Office of Information Security within the
783 Agency for Enterprise Information Technology, in consultation
784 with each agency head, is responsible for establishing rules and
785 publishing guidelines assessing and recommending minimum
786 operating procedures for ensuring an appropriate adequate level
787 of security for all data and information technology resources
788 for executive branch agencies created or authorized in statute
789 to perform legislatively delegated functions.
790 (a) To assist the Office of Information Security agency in
791 carrying out this responsibility, each agency head shall, at a
792 minimum:
793 1. Designate an information security manager to who shall
794 administer the security program of the agency for its data and
795 information technology resources. This designation must be
796 provided annually in writing to the office by January 1.
797 2. Submit to the office annually by July 31, the agency's
798 strategic and operational information security plans developed
799 pursuant to the rules and guidelines established by the office.
800 a. The agency strategic information security plan must
801 cover a 3-year period and define security goals, intermediate
802 objectives, and projected agency costs for the strategic issues
803 of agency information security policy, risk management, security
804 training, security incident response, and survivability. The
805 plan must be based on the enterprise strategic information
806 security plan created by the office. Additional issues may be
807 included.
808 b. The agency operational information security plan must
809 include a progress report for the prior operational information
810 security plan and a project plan that includes activities,
811 timelines, and deliverables for security objectives that,
812 subject to current resources, the agency will implement during
813 the current fiscal year. The cost of implementing the plan which
814 cannot be funded from current resources must be identified in
815 the plan.
816 3.2. Conduct, and update every 3 years, a comprehensive
817 risk analysis to determine the security threats to the data,
818 information, and information technology resources of the agency.
819 The risk analysis information is confidential and exempt from
820 the provisions of s. 119.07(1), except that such information
821 shall be available to the Auditor General and the Agency for
822 Enterprise Information Technology for in performing postauditing
823 duties.
824 4.3. Develop, and periodically update, written internal
825 policies and procedures, which shall include procedures for
826 notifying the office Agency for Enterprise Information
827 Technology when a suspected or confirmed breach of personal
828 information or exempt data, or an information security incident,
829 occurs or data is compromised. Such policies and procedures must
830 be consistent with the rules and guidelines established standard
831 operating procedures adopted by the office Agency for Enterprise
832 Information Technology in order to ensure the security of the
833 data, information, and information technology resources of the
834 agency. The internal policies and procedures that, if disclosed,
835 could facilitate the unauthorized modification, disclosure, or
836 destruction of data or information technology resources are
837 confidential information and exempt from the provisions of s.
838 119.07(1), except that such information shall be available to
839 the Auditor General and the Agency for Enterprise Information
840 Technology for in performing postauditing duties.
841 5.4. Implement appropriate cost-effective safeguards to
842 address reduce, eliminate, or recover from the identified risks
843 to the data, information, and information technology resources
844 of the agency.
845 6.5. Ensure that periodic internal audits and evaluations
846 of the agency's security program for the data, information, and
847 information technology resources of the agency are conducted.
848 The results of such internal audits and evaluations are
849 confidential information and exempt from the provisions of s.
850 119.07(1), except that such information shall be available to
851 the Auditor General and the Agency for Enterprise Information
852 Technology for in performing postauditing duties.
853 7.6. Include appropriate security requirements in the
854 written specifications for the solicitation of information
855 technology and information technology resources and services,
856 which are consistent with the rules and guidelines established
857 standard security operating procedures adopted by the office
858 Agency for Enterprise Information Technology.
859 8. Provide security awareness training to employees and
860 users of the agency’s communication and information resources
861 concerning information security risks and the responsibility of
862 employees and users to comply with policies, standards,
863 guidelines, and operating procedures adopted by the agency to
864 reduce those risks.
865 9. Develop a process for detecting, reporting, and
866 responding to suspected or confirmed security incidents,
867 including suspected or confirmed breaches of personal
868 information or exempt data consistent with the security rules
869 and guidelines established by the office.
870 a. Suspected or confirmed information security incidents
871 and breaches of personal information or exempt data must be
872 immediately reported to the office.
873 b. For incidents involving breaches of confidential
874 personal information in third-party possession, agencies shall
875 provide notice in accordance with s. 817.5681 and to the office
876 in accordance with this subsection.
877 (b) Each In those instances under this subsection in which
878 the state agency or department develops state contracts, the
879 state agency or department shall include appropriate security
880 requirements in the specifications for the solicitation of for
881 state contracts for procuring information technology or
882 information technology resources or services which are
883 consistent with the rules and guidelines established by the
884 Office of Information Security.
885 (3) The Agency for Enterprise Information Technology shall
886 designate a chief information security officer.
887 (4) The Agency for Enterprise Information Technology shall
888 develop standards and templates for conducting comprehensive
889 risk analyses and information security audits by state agencies,
890 assist agencies in their compliance with the provisions of this
891 section, pursue appropriate funding provided for the purpose of
892 enhancing domestic security, establish minimum guidelines and
893 procedures for the recovery of information technology following
894 a disaster, and provide training for agency information security
895 managers. Standards, templates, guidelines, and procedures shall
896 be published annually, no later than September 30 each year, to
897 enable agencies to incorporate them in their planning for the
898 following fiscal year.
899 (4)(5) The Agency for Enterprise Information Technology may
900 adopt rules pursuant to ss. 120.536(1) and 120.54 relating to
901 information security and to administer the provisions of this
902 section.
903 Section 12. Paragraph (b) of subsection (2) of section
904 282.33, Florida Statutes, is amended to read:
905 282.33 Objective standards for data center energy
906 efficiency.—
907 (2) State shared resource data centers and other data
908 centers that the Agency for Enterprise Information Technology
909 has determined will be recipients for consolidating data
910 centers, which are designated by the Agency for Enterprise
911 Information Technology, shall evaluate their data center
912 facilities for energy efficiency using the standards established
913 in this section.
914 (b) By December 31, 2010, and biennially biannually
915 thereafter, the Agency for Enterprise Information Technology
916 shall submit to the Legislature recommendations for reducing
917 energy consumption and improving the energy efficiency of state
918 primary data centers.
919 Section 13. Section 282.34, Florida Statutes, is created to
920 read:
921 282.34 State e-mail system.—A state e-mail system that
922 includes the service delivery and support for an e-mail
923 messaging and calendaring service, is established as an
924 enterprise information technology service as defined in s.
925 282.0041.
926 (1) The Southwood Shared Resource Center, a primary data
927 center, shall manage and operate the state e-mail system.
928 (2) By December 31, 2009, the Agency for Enterprise
929 Information Technology shall describe the scope of operation,
930 conduct costs and requirements analyses, conduct an inventory of
931 all existing information technology resources associated with
932 each service, and develop strategies and timeframes for
933 statewide migration to an enterprise e-mail system.
934 (3) The Agency for Enterprise Information Technology shall
935 form a workgroup consisting of the executive directors of the
936 Northwood Shared Resource Center and the Southwood Shared
937 Resource Center and other agency staff to develop an
938 implementation plan for migration to a state e-mail system.
939 (4) Unless authorized by the Legislature, a state agency
940 may not terminate e-mail services provided by the state e-mail
941 system established under this section.
942 Section 14. The Division of Statutory Revision is requested
943 to create part IV of chapter 282, consisting of sections 282.701
944 through 282.711, Florida Statutes.
945 Section 15. Section 282.701, Florida Statutes, is created
946 to read:
947 282.701 Short title.—This part may be cited as the
948 “Communication Information Technology Services Act.”
949 Section 16. Section 282.102, Florida Statues, is
950 transferred and renumbered as section 282.702, Florida Statutes.
951 Section 17. Section 282.103, Florida Statutes, is
952 transferred, renumbered as section 282.703, Florida Statutes,
953 and amended to read:
954 282.703 282.103 SUNCOM Network; exemptions from the
955 required use.—
956 (1) There is created within the department of Management
957 Services the SUNCOM Network, which shall be developed to serve
958 as the state communications system for providing local and long
959 distance communications services to state agencies, political
960 subdivisions of the state, municipalities, state universities,
961 and nonprofit corporations pursuant to this part ss. 282.102
962 282.111. The SUNCOM Network shall be developed to transmit all
963 types of communications signals, including, but not limited to,
964 voice, data, video, image, and radio. State agencies shall
965 cooperate and assist in the development and joint use of
966 communications systems and services.
967 (2) The department State Technology Office shall design,
968 engineer, implement, manage, and operate through state
969 ownership, commercial leasing, or some combination thereof, the
970 facilities and equipment providing SUNCOM Network services, and
971 shall develop a system of equitable billings and charges for
972 communication services.
973 (3) All state agencies and state universities shall are
974 required to use the SUNCOM Network for agency and state
975 university communications services as the services become
976 available; however, no agency or university is relieved of
977 responsibility for maintaining communications services necessary
978 for effective management of its programs and functions. If a
979 SUNCOM Network service does not meet the communications
980 requirements of an agency or university, the agency or
981 university shall notify the department State Technology Office
982 in writing and detail the requirements for that communications
983 service. If the department office is unable to meet an agency's
984 or university's requirements by enhancing SUNCOM Network
985 service, the department office may grant the agency or
986 university an exemption from the required use of specified
987 SUNCOM Network services.
988 Section 18. Section 282.104, Florida Statutes, is
989 transferred, renumbered as section 282.704, Florida Statutes,
990 and amended to read:
991 282.704 282.104 Use of state SUNCOM Network by
992 municipalities.—Any municipality may request the department
993 State Technology Office to provide any or all of the SUNCOM
994 Network's portfolio of communications services upon such terms
995 and under such conditions as the department office may
996 establish. The requesting municipality shall pay its share of
997 installation and recurring costs according to the published
998 rates for SUNCOM Network services and as invoiced by the
999 department office. Such municipality shall also pay for any
1000 requested modifications to existing SUNCOM Network services, if
1001 any charges apply.
1002 Section 19. Section 282.105, Florida Statutes, is
1003 transferred, renumbered as section 282.705, Florida Statutes,
1004 and amended to read:
1005 282.705 282.105 Use of state SUNCOM Network by nonprofit
1006 corporations.—
1007 (1) The department State Technology Office shall provide a
1008 means whereby private nonprofit corporations under contract with
1009 state agencies or political subdivisions of the state may use
1010 the state SUNCOM Network, subject to the limitations in this
1011 section. In order to qualify to use the state SUNCOM Network, a
1012 nonprofit corporation shall:
1013 (a) Expend the majority of its total direct revenues for
1014 the provision of contractual services to the state, a
1015 municipality, or a political subdivision of the state; and
1016 (b) Receive only a small portion of its total revenues from
1017 any source other than a state agency, a municipality, or a
1018 political subdivision of the state during the period of time
1019 SUNCOM Network services are requested.
1020 (2) Each nonprofit corporation seeking authorization to use
1021 the state SUNCOM Network pursuant to this section shall provide
1022 to the department office, upon request, proof of compliance with
1023 subsection (1).
1024 (3) Nonprofit corporations established pursuant to general
1025 law and an association of municipal governments which is wholly
1026 owned by the municipalities are shall be eligible to use the
1027 state SUNCOM Network, subject to the terms and conditions of the
1028 department office.
1029 (4) Institutions qualified to participate in the William L.
1030 Boyd, IV, Florida Resident Access Grant Program pursuant to s.
1031 1009.89 are shall be eligible to use the state SUNCOM Network,
1032 subject to the terms and conditions of the department office.
1033 Such entities are shall not be required to satisfy the other
1034 criteria of this section.
1035 (5) Private, nonprofit elementary and secondary schools are
1036 shall be eligible for rates and services on the same basis as
1037 public schools if such, providing these nonpublic schools do not
1038 have an endowment in excess of $50 million.
1039 Section 20. Section 282.106, Florida Statutes, is
1040 transferred, renumbered as section 282.706, Florida Statutes,
1041 and amended to read:
1042 282.706 282.106 Use of SUNCOM Network by libraries.—The
1043 department State Technology Office may provide SUNCOM Network
1044 services to any library in the state, including libraries in
1045 public schools, community colleges, state universities, and
1046 nonprofit private postsecondary educational institutions, and
1047 libraries owned and operated by municipalities and political
1048 subdivisions.
1049 Section 21. Section 282.107, Florida Statutes, is
1050 transferred and renumbered as section 282.707, Florida Statutes,
1051 and amended to read:
1052 282.707 282.107 SUNCOM Network; criteria for usage.—
1053 (1) The department of Management Services shall
1054 periodically review the qualifications of subscribers using the
1055 state SUNCOM Network and shall terminate services provided to
1056 any facility not qualified under this part pursuant to ss.
1057 282.102-282.111 or rules adopted hereunder. In the event of
1058 nonpayment of invoices by subscribers whose SUNCOM Network
1059 invoices are paid from sources other than legislative
1060 appropriations, such nonpayment represents good and sufficient
1061 reason to terminate service.
1062 (2) The department of Management Services shall adopt rules
1063 for implementing and operating the state SUNCOM Network, which
1064 shall include its procedures for withdrawing and restoring
1065 authorization to use the state SUNCOM Network. Such rules shall
1066 provide a minimum of 30 days' notice to affected parties before
1067 terminating prior to termination of voice communications
1068 service.
1069 (3) Nothing in This section does not shall be construed to
1070 limit or restrict the ability of the Florida Public Service
1071 Commission to set jurisdictional tariffs of telecommunications
1072 companies.
1073 Section 22. Section 282.109, Florida Statutes, is
1074 transferred and renumbered as section 282.708, Florida Statutes.
1075 Section 23. Section 282.1095, Florida Statutes, is
1076 transferred, renumbered as section 282.709, Florida Statutes,
1077 and amended to read:
1078 282.709 282.1095 State agency law enforcement radio system
1079 and interoperability network.—
1080 (1) The department State Technology Office may acquire and
1081 administer implement a statewide radio communications system to
1082 serve law enforcement units of state agencies, and to serve
1083 local law enforcement agencies through mutual aid channels. The
1084 Joint Task Force on State Agency Law Enforcement Communications
1085 is established in the State Technology Office to advise the
1086 office of member-agency needs for the planning, designing, and
1087 establishment of the joint system. The State Agency Law
1088 Enforcement Radio System Trust Fund is established in the State
1089 Technology Office. The trust fund shall be funded from
1090 surcharges collected under ss. 320.0802 and 328.72.
1091 (a) The department shall, in conjunction with the
1092 Department of Law Enforcement and the Division of Emergency
1093 Management of the Department of Community Affairs, establish
1094 policies, procedures, and standards to be incorporated into a
1095 comprehensive management plan for the use and operation of the
1096 statewide radio communications system.
1097 (b) The department shall bear the overall responsibility
1098 for the design, engineering, acquisition, and implementation of
1099 the statewide radio communications system and for ensuring the
1100 proper operation and maintenance of all common system equipment.
1101 (c)1. The department may rent or lease space on any tower
1102 under its control and refuse to lease space on any tower at any
1103 site.
1104 2. The department may rent, lease, or sublease ground space
1105 as necessary to locate equipment to support antennae on the
1106 towers. The costs for the use of such space shall be established
1107 by the department for each site if it is determined to be
1108 practicable and feasible to make space available.
1109 3. The department may rent, lease, or sublease ground space
1110 on lands acquired by the department for the construction of
1111 privately owned or publicly owned towers. The department may, as
1112 a part of such rental, lease, or sublease agreement, require
1113 space on such towers for antennae as necessary for the
1114 construction and operation of the state agency law enforcement
1115 radio system or any other state need.
1116 4. All moneys collected by the department for rents,
1117 leases, and subleases under this subsection shall be deposited
1118 directly into the Law Enforcement Radio Operating Trust Fund
1119 established in subsection (3) and may be used by the department
1120 to construct, maintain, or support the system.
1121 5. The positions necessary for the department to accomplish
1122 its duties under this subsection shall be established in the
1123 General Appropriations Act and funded by the Law Enforcement
1124 Radio Operating Trust Fund or other revenue sources.
1125 (d) The department shall exercise its powers and duties
1126 under this part to plan, manage, and administer the mutual aid
1127 channels in the statewide radio communication system.
1128 1. In implementing such powers and duties, the department
1129 shall consult and act in conjunction with the Department of Law
1130 Enforcement and the Division of Emergency Management of the
1131 Department of Community Affairs, and shall manage and administer
1132 the mutual aid channels in a manner that reasonably addresses
1133 the needs and concerns of the involved law enforcement agencies
1134 and emergency response agencies and entities.
1135 2. The department may make the mutual aid channels
1136 available to federal agencies, state agencies, and agencies of
1137 the political subdivisions of the state for the purpose of
1138 public safety and domestic security.
1139 (e) The department may allow other state agencies to use
1140 the statewide radio communications system under terms and
1141 conditions established by the department.
1142 (2) The Joint Task Force on State Agency Law Enforcement
1143 Communications is created adjunct to the department to advise
1144 the department of member-agency needs relating to the planning,
1145 designing, and establishment of the statewide communication
1146 system.
1147 (a) The Joint Task Force on State Agency Law Enforcement
1148 Communications shall consist of eight members, as follows:
1149 1. A representative of the Division of Alcoholic Beverages
1150 and Tobacco of the Department of Business and Professional
1151 Regulation who shall be appointed by the secretary of the
1152 department.
1153 2. A representative of the Division of Florida Highway
1154 Patrol of the Department of Highway Safety and Motor Vehicles
1155 who shall be appointed by the executive director of the
1156 department.
1157 3. A representative of the Department of Law Enforcement
1158 who shall be appointed by the executive director of the
1159 department.
1160 4. A representative of the Fish and Wildlife Conservation
1161 Commission who shall be appointed by the executive director of
1162 the commission.
1163 5. A representative of the Division of Law Enforcement of
1164 the Department of Environmental Protection who shall be
1165 appointed by the secretary of the department.
1166 6. A representative of the Department of Corrections who
1167 shall be appointed by the secretary of the department.
1168 7. A representative of the Division of State Fire Marshal
1169 of the Department of Financial Services who shall be appointed
1170 by the State Fire Marshal.
1171 8. A representative of the Department of Transportation who
1172 shall be appointed by the secretary of the department.
1173 (b) Each appointed member of the joint task force shall
1174 serve at the pleasure of the appointing official. Any vacancy on
1175 the joint task force shall be filled in the same manner as the
1176 original appointment. A Any joint task force member may, upon
1177 notification to the chair before prior to the beginning of any
1178 scheduled meeting, appoint an alternative to represent the
1179 member on the task force and vote on task force business in his
1180 or her absence.
1181 (c) The joint task force shall elect a chair from among its
1182 members to serve a 1-year term. A vacancy in the chair of the
1183 joint task force must be filled for the remainder of the
1184 unexpired term by an election of the joint task force members.
1185 (d) The joint task force shall meet as necessary, but at
1186 least quarterly, at the call of the chair and at the time and
1187 place designated by him or her.
1188 (e) The per diem and travel expenses incurred by a member
1189 of the joint task force in attending its meetings and in
1190 attending to its affairs shall be paid pursuant to s. 112.061,
1191 from funds budgeted to the state agency that the member
1192 represents.
1193 (f) The department shall provide technical support to the
1194 joint task force.
1195 (f) The State Technology Office is hereby authorized to
1196 rent or lease space on any tower under its control. The office
1197 may also rent, lease, or sublease ground space as necessary to
1198 locate equipment to support antennae on the towers. The costs
1199 for use of such space shall be established by the office for
1200 each site, when it is determined to be practicable and feasible
1201 to make space available. The office may refuse to lease space on
1202 any tower at any site. All moneys collected by the office for
1203 such rents, leases, and subleases shall be deposited directly
1204 into the Law Enforcement Radio Operating Trust Fund and may be
1205 used by the office to construct, maintain, or support the
1206 system.
1207 (g) The State Technology Office is hereby authorized to
1208 rent, lease, or sublease ground space on lands acquired by the
1209 office for the construction of privately owned or publicly owned
1210 towers. The office may, as a part of such rental, lease, or
1211 sublease agreement, require space on said tower or towers for
1212 antennae as may be necessary for the construction and operation
1213 of the state agency law enforcement radio system or any other
1214 state need. The positions necessary for the office to accomplish
1215 its duties under this paragraph and paragraph (f) shall be
1216 established in the General Appropriations Act and shall be
1217 funded by the Law Enforcement Radio Operating Trust Fund or
1218 other revenue sources.
1219 (h) The State Technology Office may make the mutual aid
1220 channels in the statewide radio communications system available
1221 to federal agencies, state agencies, and agencies of the
1222 political subdivisions of the state for the purpose of public
1223 safety and domestic security. The office shall exercise its
1224 powers and duties, as specified in this chapter, to plan,
1225 manage, and administer the mutual aid channels. The office
1226 shall, in implementing such powers and duties, act in
1227 consultation and conjunction with the Department of Law
1228 Enforcement and the Division of Emergency Management of the
1229 Department of Community Affairs, and shall manage and administer
1230 the mutual aid channels in a manner that reasonably addresses
1231 the needs and concerns of the involved law enforcement agencies
1232 and emergency response agencies and entities.
1233 (3) The State Agency Law Enforcement Radio System Trust
1234 Fund is established in the department and funded from surcharges
1235 collected under ss. 320.0802 and 328.72. Upon appropriation,
1236 moneys in the trust fund may be used by the department office to
1237 acquire by competitive procurement the equipment,; software,;
1238 and engineering, administrative, and maintenance services it
1239 needs to construct, operate, and maintain the statewide radio
1240 system. Moneys in the trust fund collected as a result of the
1241 surcharges set forth in ss. 320.0802 and 328.72 shall be used to
1242 help fund the costs of the system. Upon completion of the
1243 system, moneys in the trust fund may also be used by the
1244 department office to provide for payment of the recurring
1245 maintenance costs of the system.
1246 (4)(a) The office shall, in conjunction with the Department
1247 of Law Enforcement and the Division of Emergency Management of
1248 the Department of Community Affairs, establish policies,
1249 procedures, and standards which shall be incorporated into a
1250 comprehensive management plan for the use and operation of the
1251 statewide radio communications system.
1252 (b) The joint task force, in consultation with the office,
1253 shall have the authority to permit other state agencies to use
1254 the communications system, under terms and conditions
1255 established by the joint task force.
1256 (5) The office shall provide technical support to the joint
1257 task force and shall bear the overall responsibility for the
1258 design, engineering, acquisition, and implementation of the
1259 statewide radio communications system and for ensuring the
1260 proper operation and maintenance of all system common equipment.
1261 (4)(6)(a) The department State Technology Office may create
1262 and administer implement an interoperability network to enable
1263 interoperability between various radio communications
1264 technologies and to serve federal agencies, state agencies, and
1265 agencies of political subdivisions of the state for the purpose
1266 of public safety and domestic security.
1267 (a) The department office shall, in conjunction with the
1268 Department of Law Enforcement and the Division of Emergency
1269 Management of the Department of Community Affairs, exercise its
1270 powers and duties pursuant to this chapter to plan, manage, and
1271 administer the interoperability network. The office may:
1272 1. Enter into mutual aid agreements among federal agencies,
1273 state agencies, and political subdivisions of the state for the
1274 use of the interoperability network.
1275 2. Establish the cost of maintenance and operation of the
1276 interoperability network and charge subscribing federal and
1277 local law enforcement agencies for access and use of the
1278 network. The department State Technology Office may not charge
1279 state law enforcement agencies identified in paragraph (2)(a) to
1280 use the network.
1281 3. In consultation with the Department of Law Enforcement
1282 and the Division of Emergency Management of the Department of
1283 Community Affairs, amend and enhance the statewide radio
1284 communications system as necessary to implement the
1285 interoperability network.
1286 (b) The department State Technology Office, in consultation
1287 with the Joint Task Force on State Agency Law Enforcement
1288 Communications, and in conjunction with the Department of Law
1289 Enforcement and the Division of Emergency Management of the
1290 Department of Community Affairs, shall establish policies,
1291 procedures, and standards to incorporate into a comprehensive
1292 management plan for the use and operation of the
1293 interoperability network.
1294 Section 24. Section 282.111, Florida Statutes, is
1295 transferred, renumbered as section 282.710, Florida Statutes,
1296 and amended to read:
1297 282.710 282.111 Statewide system of regional law
1298 enforcement communications.—
1299 (1) It is the intent and purpose of the Legislature that a
1300 statewide system of regional law enforcement communications be
1301 developed whereby maximum efficiency in the use of existing
1302 radio channels is achieved in order to deal more effectively
1303 with the apprehension of criminals and the prevention of crime
1304 generally. To this end, all law enforcement agencies within the
1305 state are directed to provide the department State Technology
1306 Office with any information the department office requests for
1307 the purpose of implementing the provisions of subsection (2).
1308 (2) The department State Technology Office is hereby
1309 authorized and directed to develop and maintain a statewide
1310 system of regional law enforcement communications. In
1311 formulating such a system, the department office shall divide
1312 the state into appropriate regions and shall develop a program
1313 that includes which shall include, but is not be limited to, the
1314 following provisions:
1315 (a) The communications requirements for each county and
1316 municipality comprising the region.
1317 (b) An interagency communications provision that depicts
1318 which shall depict the communication interfaces between
1319 municipal, county, and state law enforcement entities operating
1320 which operate within the region.
1321 (c) A frequency allocation and use provision that includes
1322 which shall include, on an entity basis, each assigned and
1323 planned radio channel and the type of operation, simplex,
1324 duplex, or half-duplex, on each channel.
1325 (3) The office shall adopt any necessary rules and
1326 regulations for administering implementing and coordinating the
1327 statewide system of regional law enforcement communications.
1328 (4) The secretary of the department Chief Information
1329 Officer of the State Technology Office or his or her designee is
1330 designated as the director of the statewide system of regional
1331 law enforcement communications and, for the purpose of carrying
1332 out the provisions of this section, may is authorized to
1333 coordinate the activities of the system with other interested
1334 state agencies and local law enforcement agencies.
1335 (5) A No law enforcement communications system may not
1336 shall be established or present system expanded without the
1337 prior approval of the department State Technology Office.
1338 (6) Within the limits of its capability, the Department of
1339 Law Enforcement is encouraged to lend assistance to the
1340 department State Technology Office in the development of the
1341 statewide system of regional law enforcement communications
1342 proposed by this section.
1343 Section 25. Section 282.21, Florida Statutes, is
1344 transferred, renumbered as section 282.711, Florida Statutes,
1345 and amended to read:
1346 282.711 282.21 The State Technology Office's Remote
1347 electronic access services.—The department State Technology
1348 Office may collect fees for providing remote electronic access
1349 pursuant to s. 119.07(2). The fees may be imposed on individual
1350 transactions or as a fixed subscription for a designated period
1351 of time. All fees collected under this section shall be
1352 deposited in the appropriate trust fund of the program or
1353 activity that made the remote electronic access available.
1354 Section 26. Section 282.22, Florida Statutes, is repealed.
1355 Section 27. Paragraph (h) is added to subsection (3) of
1356 section 287.042, Florida Statutes, and paragraph (b) of
1357 subsection (4) and subsections (15) and (16) of that section are
1358 amended, to read:
1359 287.042 Powers, duties, and functions.—The department shall
1360 have the following powers, duties, and functions:
1361 (3) To establish a system of coordinated, uniform
1362 procurement policies, procedures, and practices to be used by
1363 agencies in acquiring commodities and contractual services,
1364 which shall include, but not be limited to:
1365 (h) Development, in consultation with the Agency Chief
1366 Information Officers Council, of procedures to be used by state
1367 agencies when procuring information technology commodities and
1368 contractual services to ensure compliance with public-records
1369 requirements and records-retention and archiving requirements.
1370 (4)
1371 (b) To prescribe, in consultation with the Agency Chief
1372 Information Officers Council State Technology Office, procedures
1373 for procuring information technology and information technology
1374 consultant services which provide for public announcement and
1375 qualification, competitive solicitations, contract award, and
1376 prohibition against contingent fees. Such procedures shall be
1377 limited to information technology consultant contracts for which
1378 the total project costs, or planning or study activities, are
1379 estimated to exceed the threshold amount provided for in s.
1380 287.017, for CATEGORY TWO.
1381 (15)(a) To enter into joint agreements with governmental
1382 agencies, as defined in s. 163.3164(10), for the purpose of
1383 pooling funds for the purchase of commodities or information
1384 technology that can be used by multiple agencies. However, the
1385 department shall consult with the State Technology Office on
1386 joint agreements that involve the purchase of information
1387 technology. Agencies entering into joint purchasing agreements
1388 with the department or the State Technology Office shall
1389 authorize the department or the State Technology Office to
1390 contract for such purchases on their behalf.
1391 (a)(b) Each agency that has been appropriated or has
1392 existing funds for such purchase the purchases, shall, upon
1393 contract award by the department, transfer their portion of the
1394 funds into the department's Operating Trust Fund for payment by
1395 the department. The These funds shall be transferred by the
1396 Executive Office of the Governor pursuant to the agency budget
1397 amendment request provisions in chapter 216.
1398 (b)(c) Agencies that sign the joint agreements are
1399 financially obligated for their portion of the agreed-upon
1400 funds. If an any agency becomes more than 90 days delinquent in
1401 paying the funds, the department shall certify to the Chief
1402 Financial Officer the amount due, and the Chief Financial
1403 Officer shall transfer the amount due to the Operating Trust
1404 Fund of the department from any of the agency's available funds.
1405 The Chief Financial Officer shall report all of these transfers
1406 and the reasons for the transfers to the Executive Office of the
1407 Governor and the legislative appropriations committees.
1408 (16)(a) To evaluate contracts let by the Federal
1409 Government, another state, or a political subdivision for the
1410 provision of commodities and contract services, and, if when it
1411 is determined in writing to be cost-effective and in the best
1412 interest of the state, to enter into a written agreement
1413 authorizing an agency to make purchases under such a contract
1414 approved by the department and let by the Federal Government,
1415 another state, or a political subdivision.
1416 (b) For contracts pertaining to the provision of
1417 information technology, the State Technology Office, in
1418 consultation with the department, shall assess the technological
1419 needs of a particular agency, evaluate the contracts, and
1420 determine whether to enter into a written agreement with the
1421 letting federal, state, or political subdivision body to provide
1422 information technology for a particular agency.
1423 Section 28. Subsection (9) of section 1004.52, Florida
1424 Statutes, is amended to read:
1425 1004.52 Community computer access grant program.—
1426 (9) The institute, based upon guidance from the State
1427 Technology Office and the state's Chief Information Officer,
1428 shall establish minimum requirements governing the
1429 specifications and capabilities of any computers purchased with
1430 funds awarded under this grant program.
1431 Section 29. Rule 60DD-7, Florida Administrative Code, is
1432 repealed and the Department of State is directed to remove this
1433 rule from the Florida Administrative Code. Rule 60DD-2, Florida
1434 Administrative Code, is transferred to the Agency for Enterprise
1435 Information Technology, and rules 60DD-1, 60DD-4, 60DD-5, 60DD
1436 6, and 60DD-8, Florida Administrative Code, are transferred to
1437 the Department of Management Services.
1438 Section 30. Section 17 of chapter 2008-116, 2008 Laws of
1439 Florida, is amended to read:
1440 Section 17. All data center functions performed, managed,
1441 operated, or supported by state agencies with resources and
1442 equipment currently located in a state primary data center
1443 created by this act, excluding application development, shall be
1444 transferred to the primary data center and that agency shall
1445 become a full-service customer entity by July 1, 2010. All
1446 resources and equipment located in the primary data center shall
1447 be operated, managed, and controlled by the primary data center.
1448 The primary data center in which such resources and equipment
1449 are located shall be the custodian of such resources and
1450 equipment for purposes of chapter 273, Florida Statutes. Data
1451 center functions include, but are not limited to, responsibility
1452 for all data center hardware, software, staff, contracted
1453 services, and facility resources performing data center
1454 management and operations, security, production control, backup
1455 and recovery, disaster recovery, system administration, database
1456 administration, system programming, job control, production
1457 control, print, storage, technical support, help desk, and
1458 managed services.
1459 (1) To accomplish the transition, each state agency that is
1460 a customer entity of a primary data center shall:
1461 (a) By October 1, 2009, submit a plan to the board of
1462 trustees of the appropriate primary data center describing costs
1463 and resources currently used to manage and maintain hardware and
1464 operating and support software housed at the primary data
1465 center, and a plan for transferring all resources allocated to
1466 data center functions to the primary data center. The plan
1467 shall:
1468 1. Include the itemized expenditures for all of the related
1469 equipment and software in the previous 5 fiscal years.
1470 2. Propose averages or weighted averages for transferring
1471 spending authority related to equipment and software based upon
1472 spending in the previous 5 fiscal years and projected needs for
1473 the upcoming 2 fiscal years.
1474 (b) Submit with its 2010-2011 legislative budget request
1475 budget adjustments necessary to accomplish the transfers. These
1476 adjustments shall include budget requests to replace existing
1477 spending authority in the appropriations categories used to
1478 manage, maintain, and upgrade hardware, operating software, and
1479 support software with an amount in a single appropriation
1480 category to pay for the services of the primary data center.
1481 (2) The board of trustees of each primary data center
1482 shall:
1483 (a) Be responsible for the efficient transfer of resources
1484 in user agencies relating to the provision of full services and
1485 shall coordinate the legislative budget requests of the affected
1486 agencies.
1487 (b) Include in its 2010-2011 legislative budget request
1488 additional budget authority to accommodate the transferred
1489 functions.
1490 (c) Develop proposed cost-recovery plans for its customer
1491 entities at its annual budget meeting held before July 1, 2010,
1492 using the principles established in s. 282.203, Florida
1493 Statutes.
1494 Section 31. Subsection (17) of section 318.18, Florida
1495 Statutes, is amended to read:
1496 318.18 Amount of penalties.—The penalties required for a
1497 noncriminal disposition pursuant to s. 318.14 or a criminal
1498 offense listed in s. 318.17 are as follows:
1499 (17) In addition to any penalties imposed, a surcharge of
1500 $3 must be paid for all criminal offenses listed in s. 318.17
1501 and for all noncriminal moving traffic violations under chapter
1502 316. Revenue from the surcharge shall be remitted to the
1503 Department of Revenue and deposited quarterly into the State
1504 Agency Law Enforcement Radio System Trust Fund of the Department
1505 of Management Services for the state agency law enforcement
1506 radio system, as described in s. 282.709 s. 282.1095, and to
1507 provide technical assistance to state agencies and local law
1508 enforcement agencies with their statewide systems of regional
1509 law enforcement communications, as described in s. 282.710 s.
1510 282.111. This subsection expires July 1, 2012. The Department of
1511 Management Services may retain funds sufficient to recover the
1512 costs and expenses incurred for the purposes of managing,
1513 administering, and overseeing the Statewide Law Enforcement
1514 Radio System, and providing technical assistance to state
1515 agencies and local law enforcement agencies with their statewide
1516 systems of regional law enforcement communications. The
1517 Department of Management Services working in conjunction with
1518 the Joint Task Force on State Agency Law Enforcement
1519 Communications shall determine and direct the purposes for which
1520 these funds are used to enhance and improve the radio system.
1521 Section 32. Subsection (4) of section 393.002, Florida
1522 Statutes, is amended to read:
1523 393.002 Transfer of Florida Developmental Disabilities
1524 Council as formerly created in this chapter to private nonprofit
1525 corporation.—
1526 (4) The This designated nonprofit corporation is shall be
1527 eligible to use the state communications system in accordance
1528 with s. 282.705(3) s. 282.105(3).
1529 Section 33. Paragraph (a) of subsection (2) of section
1530 1001.26, Florida Statutes, is amended to read:
1531 1001.26 Public broadcasting program system.—
1532 (2)(a) The Department of Education is responsible for
1533 implementing the provisions of this section pursuant to s.
1534 282.702 s. 282.102 and may employ personnel, acquire equipment
1535 and facilities, and perform all duties necessary for carrying
1536 out the purposes and objectives of this section.
1537 Section 34. This act shall take effect July 1, 2009.