Florida Senate - 2009 CS for SB 2574
By the Committee on Governmental Oversight and Accountability;
and Senator Haridopolos
585-03490A-09 20092574c1
1 A bill to be entitled
2 An act relating to information technology; amending s.
3 11.90, F.S.; deleting an obsolete provision relating
4 to duties of the Legislative Budget Commission;
5 amending s. 14.204, F.S.; revising the duties of the
6 Agency for Enterprise Information Technology;
7 requiring the agency to complete certain duties
8 relating to a proposed enterprise information
9 technology services plan by a specified date; creating
10 the Office of Information Security within the agency;
11 designating the Chief Information Security Officer as
12 head of the office and who reports to the executive
13 director of the agency; amending s. 110.205, F.S.;
14 revising certain positions relating to the obsolete
15 State Technology Office that are exempted from career
16 service; amending s. 282.003, F.S.; renaming the
17 Information Technology Resources Management Act as the
18 “Enterprise Information Technology Services Management
19 Act”; amending s. 282.0041, F.S.; revising
20 definitions; amending s. 282.0056, F.S.; revising
21 provisions relating to proposed enterprise information
22 technology services submitted by the agency; deleting
23 the requirement that the agency develop a migration
24 plan; amending s. 282.201, F.S.; revising the duties
25 of the agency; specifying the requirements for
26 obtaining an exception to the limitations on agencies
27 relating to computer services; amending s. 282.203,
28 F.S.; providing an additional duty for a state primary
29 data center; revising the date for appointing a board
30 of trustees of a primary data center; revising the
31 method for determining representation on the board of
32 trustees; revising the role on the board of the
33 executive director of the Agency for Enterprise
34 Information Technology; allowing board membership
35 resulting from consolidations to be adjusted in the
36 appropriations act; providing an additional duty of
37 the board; amending s. 282.204, F.S.; deleting
38 obsolete provisions; providing that the Northwood
39 Shared Resource Center is an agency established with
40 the Department of Children and Family Services;
41 authorizing the secretary of the department to appoint
42 a temporary chair of the center’s board of trustees;
43 requiring the agency and the department to identify
44 and transfer department resources by budget amendment;
45 amending s. 282.205, F.S.; deleting obsolete
46 provisions relating to the Southwood Shared Resource
47 Center; amending s. 282.318, F.S.; renaming the
48 Security of Data and Information Technology
49 Infrastructure Act as the “Enterprise Security of Data
50 and Information Technology Act”; providing that
51 information technology security is an enterprise
52 information technology service; substituting the
53 Office of Information Security for the agency and
54 revising the associated duties related to information
55 technology security; requiring the agency to submit a
56 plan for information technology security to the
57 Legislature and Governor by a certain date;
58 mending s. 282.33, F.S.; specifying that the Agency
59 for Enterprise Information Technology shall make
60 recommendations relating to the efficiency of state
61 primary data centers; creating s. 282.34, F.S.;
62 establishing a state electronic mail system as an
63 enterprise information technology service; directing
64 the Southwood Shared Resource Center to manage and
65 operate the system; directing the agency to conduct an
66 analysis of such service by a certain date and
67 establish a workgroup to develop an implementation
68 plan; prohibiting a state agency from terminating such
69 service unless authorized by the Legislature;
70 requesting the Division of Statutory Revision to
71 create part IV of ch. 282, F.S.; creating s. 282.701,
72 F.S.; providing a short title; transferring and
73 renumbering s. 282.102, F.S., relating to the powers
74 of the Department of Management Services with respect
75 to a state communication system; transferring,
76 renumbering, and amending ss. 282.103, 282.104,
77 282.105, 282.106, and 282.107, F.S., relating to the
78 SUNCOM system; substituting the department for the
79 State Technology Office; transferring and renumbering
80 s. 282.109, F.S., relating to the emergency control of
81 the state communications system; transferring,
82 renumbering, and amending ss. 282.1095 and 282.111,
83 F.S., relating to the communications system for law
84 enforcement agencies; substituting the department for
85 the State Technology Office; transferring,
86 renumbering, and amending ss. 282.21, F.S., relating
87 to remote electronic access; substituting the
88 department for the State Technology Office; repealing
89 s. 282.22, F.S., relating to materials and products
90 acquired or developed by the State Technology Office;
91 amending s. 287.042, F.S.; revising the duties of the
92 department to include the development of procedures
93 that ensure certain records requirements; deleting the
94 requirement that the department consult with the
95 office on agreements for the joint purchase of
96 information technology; deleting a requirement for the
97 department and office to access certain contracts;
98 amending s. 1004.52, F.S.; deleting the requirement
99 that the Institute on Urban Policy and Commerce
100 consult with the office and the Chief Information
101 Officer on requirements for computers purchased for
102 the community computer access grant program; repealing
103 and transferring certain administrative rules relating
104 to the State Technology Office; amending s. 17,
105 chapter 2008-116, Laws of Florida; providing that a
106 state primary data center is the custodian of
107 resources and equipment located in the data center for
108 the purposes of ch. 272, F.S.; amending ss. 318.18,
109 393.002, and 1001.26, F.S.; conforming cross
110 references; providing an effective date.
111
112 Be It Enacted by the Legislature of the State of Florida:
113
114 Section 1. Subsection (7) of section 11.90, Florida
115 Statutes, is amended to read:
116 11.90 Legislative Budget Commission.—
117 (7) The commission shall review information resources
118 management needs identified in agency long-range program plans
119 for consistency with the State Annual Report on Enterprise
120 Resource Planning and Management and statewide policies adopted
121 by the State Technology Office. The commission shall also review
122 proposed budget amendments associated with information
123 technology that involve more than one agency, that have an
124 outcome that impacts another agency, or that exceed $500,000 in
125 total cost over a 1-year period.
126 Section 2. Section 14.204, Florida Statutes, is amended to
127 read:
128 14.204 Agency for Enterprise Information Technology.—The
129 Agency for Enterprise Information Technology is created within
130 the Executive Office of the Governor.
131 (1) The head of the agency shall be the Governor and
132 Cabinet.
133 (2) The agency is shall be a separate budget entity and
134 that is not subject to control, supervision, or direction by the
135 Executive Office of the Governor in any manner, including, but
136 not limited to, purchasing, transactions involving real or
137 personal property, personnel, or budgetary matters.
138 (3) The agency shall have an executive director who is the
139 state’s Chief Information Officer and who must:
140 (a) Have a degree from an accredited postsecondary
141 institution;
142 (b) Have at least 7 years of executive-level experience in
143 managing information technology organizations; and
144 (c) Be appointed by the Governor and confirmed by the
145 Cabinet, subject to confirmation by the Senate, and serve at the
146 pleasure of the Governor and Cabinet.; and
147 (d) Be the chief information officer of the state.
148 (4) The agency shall have the following duties and
149 responsibilities:
150 (a) Develop strategies for the design, delivery, and
151 management of the enterprise information technology services
152 established in law.
153 (b) Monitor the delivery and management of the enterprise
154 information technology services as established in law.
155 (c) Make recommendations to the agency head and the
156 Legislature concerning other information technology services
157 that should be designed, delivered, and managed as enterprise
158 information technology services as defined in s. 282.0041.
159 (d) Plan and establish policies for managing proposed
160 statutorily authorized enterprise information technology
161 services, which includes:
162 1. Developing business cases that, when applicable, include
163 the components identified in s. 287.0574;
164 2. Establishing and coordinating project-management teams;
165 3. Establishing formal risk-assessment and mitigation
166 processes; and
167 4. Providing for independent monitoring of projects for
168 recommended corrective actions.
169 (e) Define the architecture standards for enterprise
170 information technology services and develop implementation
171 approaches for statewide migration to those standards.
172 (e)(f) Beginning October 1, 2010, develop, and publish, and
173 biennially update a long-term strategic enterprise information
174 technology plan that identifies and recommends strategies and
175 opportunities to improve the delivery of cost-effective and
176 efficient for how enterprise information technology services to
177 be proposed for establishment pursuant to s. 282.0056 will
178 deliver effective and efficient government services to state
179 residents and improve the operations of state agencies.
180 (f)(g) Perform duties related to the state data center
181 system as provided in s. 282.201.
182 (g)(h) Coordinate procurement negotiations for hardware and
183 software acquisition necessary to consolidate data center or
184 computer facilities infrastructure.
185 (h)(i) In consultation with the Division of Purchasing in
186 the Department of Management Services, coordinate procurement
187 negotiations for software that will be used by multiple
188 agencies.
189 (i)(j) In coordination with, and through the services of,
190 the Division of Purchasing in the Department of Management
191 Services, develop best practices for technology procurements.
192 (5) The Office of Information Security shall be created
193 within the agency. The agency shall designate a state Chief
194 Information Security Officer who shall oversee the office and
195 report directly to the executive director.
196 (6)(5) The agency shall operate in a manner that ensures
197 the participation and representation of state agencies and the
198 Agency Chief Information Officers Council established in s.
199 282.315.
200 (7)(6) The agency may adopt rules pursuant to ss.
201 120.536(1) and 120.54 to carry out its statutory duties.
202 Section 3. Paragraphs (e), (w), (x), and (y) of subsection
203 (2) of section 110.205, Florida Statutes, are amended to read:
204 110.205 Career service; exemptions.—
205 (2) EXEMPT POSITIONS.—The exempt positions that are not
206 covered by this part include the following:
207 (e) The Chief Information Officer in the Agency for
208 Enterprise Information Technology, deputy chief information
209 officers, chief technology officers, and deputy chief technology
210 officers in the State Technology Office. Unless otherwise fixed
211 by law, the Agency for Enterprise Information Technology State
212 Technology Office shall set the salary and benefits of these
213 positions in accordance with the rules of the Senior Management
214 Service.
215 (w) All managers, supervisors, and confidential employees
216 of the State Technology Office. The State Technology Office
217 shall set the salaries and benefits of these positions in
218 accordance with the rules established for the Selected Exempt
219 Service.
220 (w)(x) Managerial employees, as defined in s. 447.203(4),
221 confidential employees, as defined in s. 447.203(5), and
222 supervisory employees who spend the majority of their time
223 communicating with, motivating, training, and evaluating
224 employees, and planning and directing employees’ work, and who
225 have the authority to hire, transfer, suspend, lay off, recall,
226 promote, discharge, assign, reward, or discipline subordinate
227 employees or effectively recommend such action, including all
228 employees serving as supervisors, administrators, and directors.
229 Excluded are employees also designated as special risk or
230 special risk administrative support and attorneys who serve as
231 administrative law judges pursuant to s. 120.65 or for hearings
232 conducted pursuant to s. 120.57(1)(a). Additionally, registered
233 nurses licensed under chapter 464, dentists licensed under
234 chapter 466, psychologists licensed under chapter 490 or chapter
235 491, nutritionists or dietitians licensed under part X of
236 chapter 468, pharmacists licensed under chapter 465,
237 psychological specialists licensed under chapter 491, physical
238 therapists licensed under chapter 486, and speech therapists
239 licensed under part I of chapter 468 are excluded, unless
240 otherwise collectively bargained.
241 (x)(y) All officers and employees of the Justice
242 Administrative Commission, Office of the State Attorney, Office
243 of the Public Defender, regional offices of capital collateral
244 counsel, offices of criminal conflict and civil regional
245 counsel, and Statewide Guardian Ad Litem Office, including the
246 circuit guardian ad litem programs.
247 Section 4. Section 282.003, Florida Statutes, is amended to
248 read:
249 282.003 Short title.—This part may be cited as the
250 “Enterprise Information Technology Services Resources Management
251 Act.”
252 Section 5. Section 282.0041, Florida Statutes, is amended
253 to read:
254 282.0041 Definitions.—As used in this chapter For the
255 purposes of this part, the term:
256 (1) “Agency” has the same meaning as means those entities
257 described in s. 216.011(1)(qq).
258 (2) “Agency chief information officer” means the person
259 employed appointed by the agency head to coordinate and manage
260 the information technology functions and responsibilities
261 applicable to that agency, and to participate and represent the
262 agency in developing strategies for implementing enterprise
263 information technology services established pursuant to this
264 part, identified in law and to develop developing
265 recommendations for enterprise information technology policy.
266 (3) “Agency Chief Information Officers Council” means the
267 council created in s. 282.315.
268 (4) “Agency for Enterprise Information Technology” means
269 the agency created in s. 14.204.
270 (5) “Agency information technology service” means a service
271 that directly helps an agency fulfill its statutory or
272 constitutional responsibilities and policy objectives and is
273 usually associated with the agency’s primary or core business
274 functions.
275 (6) “Annual budget meeting” means a meeting of the board of
276 trustees of a primary data center to review data center usage to
277 determine the apportionment of board members for the following
278 fiscal year, review rates for each service provided, and
279 determine any other required changes.
280 (7) “Breach” has the same meaning as in s. 817.5681(4).
281 (8)(7) “Business continuity plan” means a plan for disaster
282 recovery which provides for the continued functioning of a
283 primary data center during and after a disaster.
284 (9)(8) “Computing facility” means agency space containing
285 fewer than a total of 10 physical or logical servers, any of
286 which supports a strategic or nonstrategic information
287 technology service, as described in budget instructions
288 developed pursuant to s. 216.023, but excluding single, logical
289 server single-server installations that exclusively perform a
290 utility function such as file and print servers.
291 (10)(9) “Customer entity” means an entity that obtains
292 services from a primary data center.
293 (11)(10) “Data center” means agency space containing 10 or
294 more physical or logical servers any of which supports a
295 strategic or nonstrategic information technology service, as
296 described in budget instructions developed pursuant to s.
297 216.023.
298 (12) “Department” means the Department of Management
299 Services.
300 (11) “Enterprise level” means all executive branch agencies
301 created or authorized in statute to perform legislatively
302 delegated functions.
303 (13)(12) “Enterprise information technology service” means
304 an information technology service that is used in all agencies
305 or a subset of agencies and is established in law to be
306 designed, delivered, and managed at the enterprise level.
307 (14)(13) “E-mail, messaging, and calendaring service” means
308 the enterprise information technology service that enables users
309 to send, receive, file, store, manage, and retrieve electronic
310 messages, attachments, appointments, and addresses.
311 (15)(14) “Information-system utility” means a full-service
312 information-processing facility offering hardware, software,
313 operations, integration, networking, and consulting services.
314 (16)(15) “Information technology” means equipment,
315 hardware, software, firmware, programs, systems, networks,
316 infrastructure, media, and related material used to
317 automatically, electronically, and wirelessly collect, receive,
318 access, transmit, display, store, record, retrieve, analyze,
319 evaluate, process, classify, manipulate, manage, assimilate,
320 control, communicate, exchange, convert, converge, interface,
321 switch, or disseminate information of any kind or form.
322 (17)(16) “Information technology policy” means statements
323 that describe clear choices for how information technology will
324 deliver effective and efficient government services to residents
325 and improve state agency operations. A policy may relate to
326 investments, business applications, architecture, or
327 infrastructure. A policy describes its rationale, implications
328 of compliance or noncompliance, the timeline for implementation,
329 metrics for determining compliance, and the accountable
330 structure responsible for its implementation.
331 (18)(17) “Performance metrics” means the measures of an
332 organization’s activities and performance.
333 (19)(18) “Primary data center” means a state or nonstate
334 agency data center that is a recipient entity for consolidation
335 of nonprimary data centers and computing facilities. A primary
336 data center may be authorized in law or designated by the Agency
337 for Enterprise Information Technology pursuant to s. 282.201.
338 (20)(19) “Project” means an endeavor that has a defined
339 start and end point; is undertaken to create or modify a unique
340 product, service, or result; and has specific objectives that,
341 when attained, signify completion.
342 (21) “Risk analysis” means the process of identifying
343 security risks, determining their magnitude, and identifying
344 areas needing safeguards.
345 (22)(20) “Service level” means the key performance
346 indicators (KPI) of an organization or service which must be
347 regularly performed, monitored, and achieved.
348 (23)(21) “Service-level agreement” means a written contract
349 between a data center and a customer entity which specifies the
350 scope of services provided, service level, the duration of the
351 agreement, the responsible parties, and service costs. A
352 service-level agreement is not a rule pursuant to chapter 120.
353 (24)(22) “Standards” means required practices, controls,
354 components, or configurations established by an authority the
355 use of current, open, nonproprietary, or non-vendor-specific
356 technologies.
357 (25) “Threat” means any circumstance or event that may
358 cause harm to the integrity, availability, or confidentiality of
359 information technology resources.
360 (26)(23) “Total cost” means all costs associated with
361 information technology projects or initiatives, including, but
362 not limited to, value of hardware, software, service,
363 maintenance, incremental personnel, and facilities. Total cost
364 of a loan or gift of information technology resources to an
365 agency includes the fair market value of the resources; however,
366 the total cost of loans or gifts of information technology to
367 state universities to be used in instruction or research does
368 not include fair market value.
369 (27)(24) “Usage” means the billing amount charged by the
370 primary data center, less any pass-through charges, to the
371 customer entity.
372 (28)(25) “Usage rate” means a customer entity’s usage or
373 billing amount as a percentage of total usage.
374 Section 6. Subsections (2) and (3) of section 282.0056,
375 Florida Statutes, are amended to read:
376 282.0056 Development of work plan; development of
377 implementation plans; and policy recommendations.—
378 (2) By December 31, 2009, The agency may shall develop, and
379 submit to the President of the Senate, and the Speaker of the
380 House of Representatives, and the Governor by October 1 of each
381 year implementation plans for at least one of the following
382 proposed enterprise information technology services to be
383 established in law:
384 (a) A shared or consolidated enterprise information
385 technology service delivery and support model for the e-mail,
386 messaging, and calendaring service.
387 (b) Information security.
388 (c) Consideration of a planned replacement cycle for
389 computer equipment.
390 (3) In developing policy recommendations and implementation
391 plans for established and proposed enterprise information
392 technology services, the agency shall describe the scope of
393 operation, conduct costs and requirements analyses, conduct an
394 inventory of all existing information technology resources that
395 are associated with each service, and develop strategies and
396 timeframes for statewide migration. For purposes of
397 consolidating state-owned or state-operated computer rooms and
398 data centers, the agency shall develop a migration plan for any
399 consolidation effort.
400 Section 7. Subsection (2), paragraph (c) of subsection (3),
401 and subsection (4) of section 282.201, Florida Statutes, are
402 amended to read:
403 282.201 State data center system; agency duties and
404 limitations.—A state data center system that includes all
405 primary data centers, other nonprimary data centers, and
406 computing facilities, and that provides an enterprise
407 information technology service as defined in s. 282.0041, is
408 established.
409 (2) AGENCY FOR ENTERPRISE INFORMATION TECHNOLOGY DUTIES.
410 The Agency for Enterprise Information Technology shall:
411 (a) Collect and maintain information necessary for
412 developing policies relating to the data center system,
413 including, but not limited to, an inventory of facilities.
414 (b) Annually approve cost-recovery mechanisms and rate
415 structures for primary data centers which recover costs through
416 charges to customer entities.
417 (c) By December 31 of each year beginning in 2009, submit
418 to the Legislature recommendations to improve the efficiency and
419 effectiveness of computing services provided by state data
420 center system facilities. Such recommendations may include, but
421 need not be limited to:
422 1. Policies for improving the cost-effectiveness and
423 efficiency of the state data center system.
424 2. Infrastructure improvements supporting the consolidation
425 of facilities or preempting the need to create additional data
426 centers center facilities or computing facilities.
427 3. Standards for an objective, credible energy performance
428 rating system that data center boards of trustees can use to
429 measure state data center energy consumption and efficiency on a
430 biannual basis.
431 4. Uniform disaster recovery standards.
432 5. Standards for primary data centers providing transparent
433 financial data to user agencies.
434 6. Consolidation of contract practices or coordination of
435 software, hardware, or other technology-related procurements.
436 7. Improvements to data center governance structures.
437 (d) By October 1 December 31 of each year beginning in
438 2009, identify at least two nonprimary data centers or computing
439 facilities for consolidation into a primary data center or
440 nonprimary data center facility.
441 1. The consolidation proposal must provide a transition
442 plan that includes:, including
443 a. Estimated transition costs for each data center or
444 computing facility recommended for consolidation;,
445 b. Detailed timeframes for the complete transition of each
446 data center or computing facility recommended for
447 consolidation;,
448 c. Proposed recurring and nonrecurring fiscal impacts,
449 including increased or decreased costs and associated budget
450 impacts for affected budget entities; budgetary savings, and
451 d. Substantive legislative changes necessary to implement
452 the transition.
453 e. Identification of computing resources to be transferred
454 and those that will remain in the agency. The transfer of
455 resources must include all hardware, software, staff, contracted
456 services, and facility resources performing data center
457 management and operations, security, backup and recovery,
458 disaster recovery, system administration, database
459 administration, system programming, job control, production
460 control, print, storage, technical support, help desk, and
461 managed services but excluding application development.
462 2.1. Recommendations shall be based on the goal of
463 maximizing current and future cost savings. The agency shall
464 consider the following criteria in selecting consolidations that
465 maximize efficiencies by providing the ability to:
466 a. Consolidate purchase decisions;
467 b. Leverage expertise and other resources to gain economies
468 of scale;
469 c. Implement state information technology policies more
470 effectively;
471 d. Maintain or improve the level of service provision to
472 customer entities; and
473 e. Make progress towards the state’s goal of consolidating
474 data centers and computing facilities into primary data centers.
475 3.2. The agency shall establish workgroups as necessary to
476 ensure participation by affected agencies in the development of
477 recommendations related to consolidations.
478 4.3. By December 31, 2010, the agency shall develop and
479 submit to the Legislature an overall consolidation plan for
480 state data centers and computing facilities. The plan shall
481 indicate a timeframe for the consolidation of all remaining
482 nonprimary data centers facilities into primary data centers,
483 including existing and proposed primary data centers, by 2019.
484 5.4. This paragraph expires July 1, 2017.
485 (e) Develop and establish rules policies by rule relating
486 to the operation of the state data center system which must
487 comply with applicable federal regulations, including 2 C.F.R.
488 part 225 and 45 C.F.R. The rules policies may address:
489 1. Ensuring that financial information is captured and
490 reported consistently and accurately.
491 2. Requiring the establishment of service-level agreements
492 executed between a data center and its customer entities for
493 services provided.
494 3. Requiring annual full cost recovery on an equitable
495 rational basis. The cost-recovery methodology must ensure that
496 no service is subsidizing another service and may include
497 adjusting the subsequent year’s rates as a means to recover
498 deficits or refund surpluses from a prior year.
499 4. Requiring that any special assessment imposed to fund
500 expansion is based on a methodology that apportions the
501 assessment according to the proportional benefit to each
502 customer entity.
503 5. Requiring that rebates be given when revenues have
504 exceeded costs, that rebates be applied to offset charges to
505 those customer entities that have subsidized the costs of other
506 customer entities, and that such rebates may be in the form of
507 credits against future billings.
508 6. Requiring that all service-level agreements have a
509 contract term of up to 3 years, but may include an option to
510 renew for up to 3 additional years contingent on approval by the
511 board, and require at least a 180-day notice of termination.
512 7. Designating any nonstate data centers as primary data
513 centers if the center:
514 a. Has an established governance structure that represents
515 customer entities proportionally.
516 b. Maintains an appropriate cost-allocation methodology
517 that accurately bills a customer entity based on the actual
518 direct and indirect costs to the customer entity, and prohibits
519 the subsidization of one customer entity’s costs by another
520 entity.
521 c. Has sufficient raised floor space, cooling, redundant
522 power capacity, including uninterruptible power supply and
523 backup power generation, to accommodate the computer processing
524 platforms and support necessary to host the computing
525 requirements of additional customer entities.
526 8. Removing nonstate data centers from primary data center
527 designation if the nonstate data center fails to meet standards
528 necessary to ensure that the state’s data is maintained pursuant
529 to subparagraph 7.
530 (3) STATE AGENCY DUTIES.—
531 (c) The chief information officer of each state agency
532 shall assist the Agency for Enterprise Information Technology at
533 the request of as required by the Agency for Enterprise
534 Information Technology agency.
535 (4) AGENCY LIMITATIONS.—
536 (a) Unless authorized by the Legislature or as provided in
537 paragraphs (b) and (c) paragraph (b), a state agency may not:
538 1. Create a new computing facility or data center, or
539 expand the capability to support additional computer equipment
540 in an existing computing facility or nonprimary data center;
541 2. Transfer existing computer services to a nonprimary data
542 center or computing facility;
543 3. Terminate services with a primary data center or
544 transfer services between primary data centers without giving
545 written notice of intent to terminate or transfer services 180
546 days before such termination or transfer; or
547 4. Initiate a new computer service if it does not currently
548 have an internal data center except with a primary data center.
549 (b) Exceptions to the limitations in subparagraphs (a)1.,
550 2., and 4. paragraph (a) may be granted by the agency head of
551 the Agency for Enterprise Information Technology if there is
552 insufficient capacity in a primary data center to absorb the
553 workload associated with agency computing services.
554 1. A request for an exception must be submitted in writing
555 to the Agency for Enterprise Information Technology. The agency
556 must accept, accept with conditions, or deny the request within
557 60 days after receipt of the written request. The agency’s
558 decision is not subject to chapter 120.
559 2. At a minimum, the agency may not approve a request
560 unless it includes:
561 a. Documentation approved by the primary data center’s
562 board of trustees which confirms that the center cannot meet the
563 capacity requirements of the agency requesting the exception
564 within the current fiscal year.
565 b. A description of the capacity requirements of the agency
566 requesting the exception.
567 c. Documentation from the agency demonstrating why it is
568 critical to the agency’s mission that the expansion or transfer
569 must be completed within the fiscal year rather than when
570 capacity is established at a primary data center.
571 (c) Exceptions to subparagraph (a)3. may be granted by the
572 board of trustees of the primary data center if the termination
573 or transfer of services can be absorbed within the current cost
574 allocation plan.
575 (d) Upon the termination of or transfer of agency computing
576 services from the primary data center, the primary data center
577 shall require information sufficient to determine compliance
578 with this section. If a primary data center determines that an
579 agency is in violation of this section, it shall report the
580 violation to the Agency for Enterprise Information Technology.
581 Section 8. Paragraph (j) is added to subsection (1) of
582 section 282.203, Florida Statutes, subsection (2) of that
583 section is amended, and paragraph (j) is added to subsection (3)
584 of that section, to read:
585 282.203 Primary data centers.—
586 (1) DATA CENTER DUTIES.—Each primary data center shall:
587 (j) Be the custodian of resources and equipment that are
588 located, operated, supported, and managed by the center for the
589 purposes of chapter 273.
590 (2) BOARD OF TRUSTEES.—Each primary data center shall be
591 headed by a board of trustees as defined in s. 20.03.
592 (a) The members of the board shall be appointed by the
593 agency head or chief executive officer of the representative
594 customer entities of the primary data center and shall serve at
595 the pleasure of the appointing customer entity. The initial
596 appointments of members shall be made as soon as practicable,
597 but not later than July 1, 2008.
598 1. For each of the first 2 fiscal years that a center is in
599 operation, membership shall be apportioned as provided in
600 subparagraph 3. based on projected customer entity usage rates
601 for the fiscal operating year of the primary data center.
602 However, at a minimum:
603 a. During the Southwood Shared Resource Center’s first 2
604 operating years, the Department of Transportation, the
605 Department of Highway Safety and Motor Vehicles, the Department
606 of Health, and the Department of Revenue must each have at least
607 one trustee.
608 b. During the Northwood Shared Resource Center’s first
609 operating year, the Department of State and the Department of
610 Education must each have at least one trustee.
611 2. After the second full year of operation, membership
612 shall be apportioned as provided in subparagraph 3. based on the
613 most recent estimate of customer entity usage rates for the
614 prior year and a projection of usage rates for the first 9
615 months of the next fiscal year. Such calculation must be
616 completed before the annual budget meeting held before the
617 beginning of the next fiscal year so that any decision to add or
618 remove board members can be voted on at the budget meeting and
619 become effective on July 1 of the subsequent fiscal year.
620 3. Each customer entity that has a projected usage rate of
621 4 percent or greater during the fiscal operating year of the
622 primary data center shall have one trustee on the board.
623 Membership shall be apportioned using the following criteria:
624 4. The total number of votes for each trustee shall be
625 apportioned as follows:
626 a. Customer entities of a primary data center whose usage
627 rate represents 4 but less than 15 to 14 percent of total usage
628 shall have one vote trustee.
629 b. Customer entities of a primary data center whose usage
630 rate represents 15 but less than 30 to 29 percent of total usage
631 shall have two votes trustees.
632 c. Customer entities of a primary data center whose usage
633 rate represents 30 but less than 50 to 49 percent of total usage
634 shall have three votes trustees.
635 d. A customer entity of a primary data center whose usage
636 rate represents 50 percent or more of total usage shall have
637 four votes trustees.
638 e. A single trustee having one vote shall represent those
639 customer entities that represent less than 4 percent of the
640 total usage. The trustee shall be selected by a process
641 determined by the board.
642 f. The executive director of the Agency for Enterprise
643 Information Technology shall serve as a voting member of the
644 board.
645 (b) Before July 1 of each year, each board of trustees of a
646 primary data center shall elect a chair and a vice chair to a
647 term of 1 year or until a successor is elected. The vice chair
648 shall serve in the absence of the chair. The vice chair may not
649 be from the same customer entity as the chair. The chair may be
650 elected to serve one additional successive term.
651 (c) Members of the board representing customer entities who
652 fail to timely pay for data center services do not have voting
653 rights.
654 (d) The board shall take action by majority vote. If there
655 is a tie, the chair shall be on the prevailing side.
656 (e) The executive director of the Agency for Enterprise
657 Information Technology shall be the advisor to the board.
658 (f) To facilitate planned data center consolidations, board
659 membership may be adjusted as provided in the General
660 Appropriations Act.
661 (3) BOARD DUTIES.—Each board of trustees of a primary data
662 center shall:
663 (j) Maintain the capabilities of the primary data center’s
664 facilities. Maintenance responsibilities include, but are not
665 limited to, ensuring that adequate conditioned floor space, fire
666 suppression, cooling, and power is in place; replacing aging
667 equipment when necessary; and making decisions related to data
668 center expansion and renovation, periodic upgrades, and
669 improvements that are required to ensure the ongoing suitability
670 of the facility as an enterprise data center consolidation site
671 in the state data center system. To the extent possible, the
672 board shall ensure that its approved annual cost-allocation plan
673 recovers sufficient funds from its customers to provide for
674 these needs pursuant to s. 282.201(2)(e).
675 Section 9. Section 282.204, Florida Statutes, is amended to
676 read:
677 282.204 Northwood Shared Resource Center.—
678 (1) Beginning July 1, 2008, A workgroup shall be
679 established within the Department of Children and Family
680 Services for the purpose of developing a plan for converting its
681 data center to a primary data center.
682 (a) The workgroup shall be chaired by a member appointed by
683 the secretary of the department. Workgroup members may include
684 other state agencies who will be customers of the data center
685 during the 2009-2010 fiscal year. The workgroup shall include
686 staff members who have appropriate financial and technical
687 skills as determined by the chair of the workgroup.
688 (b) The conversion plan shall address organizational
689 changes, personnel changes, cost-allocation plan changes, and
690 any other changes necessary to effectively convert to a primary
691 state data center capable of providing computer services as
692 required by s. 282.201.
693 (c) The workgroup shall submit recommendations for
694 facilitating the conversion to the Governor and Cabinet, the
695 President of the Senate, and the Speaker of the House of
696 Representatives by December 31, 2008.
697 (2) Effective July 1, 2009, The Northwood Shared Resource
698 Center is an agency is established within the Department of
699 Children and Family Services for administrative purposes only.
700 (a) The center is designated as a primary data center and
701 shall be a separate budget entity that is not subject to
702 control, supervision, or direction of the department in any
703 manner, including, but not limited to, purchasing, transactions
704 involving real or personal property, personnel, or budgetary
705 matters.
706 (b)(3) The center shall be headed by a board of trustees as
707 provided in s. 282.203, who shall comply with all requirements
708 of that section related to the operation of the center and with
709 the rules policies of the Agency for Enterprise Information
710 Technology related to the design and delivery of enterprise
711 information technology services. The secretary of the department
712 may appoint a temporary board chair for the purpose of convening
713 the board of trustees, selecting a chair, and determining board
714 membership.
715 (3) The Department of Children and Family Services and the
716 center shall identify resources associated with information
717 technology functions which are not related to the support,
718 management, and operation of the data center but which currently
719 exist within the same budget entity as the data center. By
720 October 1, 2009, the center shall submit a budget amendment to
721 transfer resources associated with these functions to the
722 department.
723 Section 10. Section 282.205, Florida Statutes, is amended
724 to read:
725 282.205 Southwood Shared Resource Center.—
726 (1) Effective July 1, 2008, The Southwood Shared Resource
727 Center is an agency established within the department of
728 Management Services for administrative purposes only.
729 (1) The center is designated as a primary data center and
730 shall be a separate budget entity that is not subject to
731 control, supervision, or direction of the department in any
732 manner, including, but not limited to, purchasing, transactions
733 involving real or personal property, personnel, or budgetary
734 matters.
735 (2) The Department of Management Services and the center
736 shall identify resources associated with information technology
737 functions which are not related to the support, management, and
738 operation of the data center but which currently exist within
739 the same budget entity as the data center. By October 1, 2008,
740 the center shall submit a budget amendment to transfer resources
741 associated with these functions to the Department of Management
742 Services.
743 (2)(3) The center shall be headed by a board of trustees as
744 provided in s. 282.203, who shall comply with all requirements
745 of that section related to the operation of the center and with
746 the rules policies of the Agency for Enterprise Information
747 Technology related to the design and delivery of enterprise
748 information technology services.
749 Section 11. Section 282.318, Florida Statutes, is amended
750 to read:
751 282.318 Security of data and information technology
752 resources.—
753 (1) This section may be cited as the “Enterprise Security
754 of Data and Information Technology Infrastructure Act.”
755 (2) Information technology security is established as an
756 enterprise information technology service as defined in s.
757 287.0041.
758 (3)(2)(a) The Office of Information Security within the
759 Agency for Enterprise Information Technology, in consultation
760 with each agency head, is responsible for establishing rules and
761 publishing guidelines assessing and recommending minimum
762 operating procedures for ensuring an appropriate adequate level
763 of security for all data and information technology resources
764 for executive branch agencies created or authorized in statute
765 to perform legislatively delegated functions. The office shall
766 also perform the following duties and responsibilities:
767 (a) Develop, and annually update by February 1, an
768 enterprise information security strategic plan that includes
769 security goals and objectives for the strategic issues of
770 information security policy, risk management, training, incident
771 management, and survivability planning.
772 (b) Develop enterprise security rules and published
773 guidelines for:
774 1. Comprehensive risk analyses and information security
775 audits conducted by state agencies.
776 2. Responding to suspected or confirmed information
777 security incidents, including suspected or confirmed breaches of
778 personal information or exempt data.
779 3. Agency security plans, including strategic security
780 plans and security program plans.
781 4. The recovery of information technology and data
782 following a disaster.
783 5. The managerial, operational, and technical safeguards
784 for protecting state government data and information technology
785 resources.
786 (c) Assist agencies in complying with the provisions of s.
787 282.318.
788 (d) Pursue appropriate funding for the purpose of enhancing
789 domestic security.
790 (e) Provide training for agency information security
791 managers.
792 (f) Annually review the strategic and operational
793 information security plans of executive branch agencies.
794 (4) To assist the Office of Information Security agency in
795 carrying out its responsibilities this responsibility, each
796 agency head shall, at a minimum:
797 (a)1. Designate an information security manager to who
798 shall administer the security program of the agency for its data
799 and information technology resources. This designation must be
800 provided annually in writing to the office by January 1.
801 (b) Submit to the office annually by July 31, the agency’s
802 strategic and operational information security plans developed
803 pursuant to the rules and guidelines established by the office.
804 1. The agency strategic information security plan must
805 cover a 3-year period and define security goals, intermediate
806 objectives, and projected agency costs for the strategic issues
807 of agency information security policy, risk management, security
808 training, security incident response, and survivability. The
809 plan must be based on the enterprise strategic information
810 security plan created by the office. Additional issues may be
811 included.
812 2. The agency operational information security plan must
813 include a progress report for the prior operational information
814 security plan and a project plan that includes activities,
815 timelines, and deliverables for security objectives that,
816 subject to current resources, the agency will implement during
817 the current fiscal year. The cost of implementing the portions
818 of the plan which cannot be funded from current resources must
819 be identified in the plan.
820 (c)2. Conduct, and update every 3 years, a comprehensive
821 risk analysis to determine the security threats to the data,
822 information, and information technology resources of the agency.
823 The risk analysis information is confidential and exempt from
824 the provisions of s. 119.07(1), except that such information
825 shall be available to the Auditor General and the Agency for
826 Enterprise Information Technology for in performing postauditing
827 duties.
828 (d)3. Develop, and periodically update, written internal
829 policies and procedures, which shall include procedures for
830 notifying the office Agency for Enterprise Information
831 Technology when a suspected or confirmed breach, or an
832 information security incident, occurs or data is compromised.
833 Such policies and procedures must be consistent with the rules
834 and guidelines established standard operating procedures adopted
835 by the office Agency for Enterprise Information Technology in
836 order to ensure the security of the data, information, and
837 information technology resources of the agency. The internal
838 policies and procedures that, if disclosed, could facilitate the
839 unauthorized modification, disclosure, or destruction of data or
840 information technology resources are confidential information
841 and exempt from the provisions of s. 119.07(1), except that such
842 information shall be available to the Auditor General and the
843 Agency for Enterprise Information Technology for in performing
844 postauditing duties.
845 (e)4. Implement appropriate cost-effective safeguards to
846 address reduce, eliminate, or recover from the identified risks
847 to the data, information, and information technology resources
848 of the agency.
849 (f)5. Ensure that periodic internal audits and evaluations
850 of the agency’s security program for the data, information, and
851 information technology resources of the agency are conducted.
852 The results of such internal audits and evaluations are
853 confidential information and exempt from the provisions of s.
854 119.07(1), except that such information shall be available to
855 the Auditor General and the Agency for Enterprise Information
856 Technology for in performing postauditing duties.
857 (g)6. Include appropriate security requirements in the
858 written specifications for the solicitation of information
859 technology and information technology resources and services,
860 which are consistent with the rules and guidelines established
861 standard security operating procedures adopted by the office
862 Agency for Enterprise Information Technology.
863 (h) Provide security awareness training to employees and
864 users of the agency’s communication and information resources
865 concerning information security risks and the responsibility of
866 employees and users to comply with policies, standards,
867 guidelines, and operating procedures adopted by the agency to
868 reduce those risks.
869 (i) Develop a process for detecting, reporting, and
870 responding to suspected or confirmed security incidents,
871 including suspected or confirmed breaches consistent with the
872 security rules and guidelines established by the office.
873 1. Suspected or confirmed information security incidents
874 and breaches must be immediately reported to the office.
875 2. For incidents involving breaches, agencies shall provide
876 notice in accordance with s. 817.5681 and to the office in
877 accordance with this subsection.
878 (5)(b) Each In those instances under this subsection in
879 which the state agency or department develops state contracts,
880 the state agency or department shall include appropriate
881 security requirements in the specifications for the solicitation
882 of for state contracts for procuring information technology or
883 information technology resources or services which are
884 consistent with the rules and guidelines established by the
885 Office of Information Security.
886 (3) The Agency for Enterprise Information Technology shall
887 designate a chief information security officer.
888 (4) The Agency for Enterprise Information Technology shall
889 develop standards and templates for conducting comprehensive
890 risk analyses and information security audits by state agencies,
891 assist agencies in their compliance with the provisions of this
892 section, pursue appropriate funding provided for the purpose of
893 enhancing domestic security, establish minimum guidelines and
894 procedures for the recovery of information technology following
895 a disaster, and provide training for agency information security
896 managers. Standards, templates, guidelines, and procedures shall
897 be published annually, no later than September 30 each year, to
898 enable agencies to incorporate them in their planning for the
899 following fiscal year.
900 (6)(5) The Agency for Enterprise Information Technology may
901 adopt rules pursuant to ss. 120.536(1) and 120.54 relating to
902 information security and to administer the provisions of this
903 section.
904 (7) By December 31, 2010, the Agency for Enterprise
905 Information Technology shall develop, and submit to the
906 Governor, the President of the Senate, and the Speaker of the
907 House of Representatives a proposed implementation plan for
908 information technology security. The agency shall describe the
909 scope of operation, conduct costs and requirements analyses,
910 conduct an inventory of all existing security information
911 technology resources, and develop strategies, timeframes, and
912 resources necessary for statewide migration.
913 Section 12. Paragraph (b) of subsection (2) of section
914 282.33, Florida Statutes, is amended to read:
915 282.33 Objective standards for data center energy
916 efficiency.—
917 (2) State shared resource data centers and other data
918 centers that the Agency for Enterprise Information Technology
919 has determined will be recipients for consolidating data
920 centers, which are designated by the Agency for Enterprise
921 Information Technology, shall evaluate their data center
922 facilities for energy efficiency using the standards established
923 in this section.
924 (b) By December 31, 2010, and biennially biannually
925 thereafter, the Agency for Enterprise Information Technology
926 shall submit to the Legislature recommendations for reducing
927 energy consumption and improving the energy efficiency of state
928 primary data centers.
929 Section 13. Section 282.34, Florida Statutes, is created to
930 read:
931 282.34 Statewide electronic mail system.—A state electronic
932 mail system that includes the service delivery and support for
933 an electronic mail messaging and calendaring service, is
934 established as an enterprise information technology service as
935 defined in s. 282.0041. The service shall be designed to meet
936 the needs of all executive branch agencies and reduce the
937 current cost of operation and support.
938 (1) The Southwood Shared Resource Center, a primary data
939 center, shall centrally host, manage, and operate the electronic
940 mail system. The Agency for Enterprise Information Technology
941 may propose additional primary data center hosts if cost
942 effective and necessary to ensure the reliable operation of the
943 service.
944 (2) By December 31, 2009, the Agency for Enterprise
945 Information Technology shall submit a proposed plan for the
946 establishment of the electronic mail system to the Governor, the
947 President of the Senate, and the Speaker of the House of
948 Representatives. The plan shall be developed to reduce costs to
949 the state and include, at a minimum:
950 (a) An analysis of the in-house and external sourcing
951 options that should be considered for delivery and support of
952 the service. The analysis shall include an internally hosted
953 system option, an externally sourced system option, and, if
954 necessary, a combined in-house and externally sourced option.
955 (b) A cost-benefit analysis that estimates all major cost
956 elements associated with each sourcing option, including the
957 nonrecurring and recurring costs of each option. The analysis
958 must also include a comparison of the total cost of each
959 enterprise electronic mail sourcing option and the total cost of
960 existing electronic mail services in order to determine the
961 level of savings that can be expected.
962 (c) Estimated expenditures for each state agency associated
963 with electronic mail costs for the 2009-2010 fiscal year.
964 (d) The plan must identify any existing electronic mail
965 infrastructure that should be considered for reuse.
966 (e) A concise analysis of the ability of each sourcing
967 option to meet major system requirements, including federal and
968 state requirements for confidentiality, privacy, and security.
969 (f) A complete description of the scope of functionality,
970 operations, and required resources associated with each sourcing
971 option.
972 (g) A reliable schedule for the decommission of all state
973 agency electronic mail systems and the migration of all agencies
974 to the new system beginning by July 1, 2010, and completing by
975 June 30, 2012.
976 (3) In order to develop the recommended plan for the new
977 system, the Agency for Enterprise Information Technology shall
978 consult with and, as necessary, form workgroups consisting of
979 agency electronic mail management staff, agency chief
980 information officers, and agency budget directors. State
981 agencies must cooperate with the Agency for Enterprise
982 Technology in its development of the plan.
983 (4) Unless authorized by the Legislature, a state agency
984 may not terminate statewide electronic mail system services
985 provided by the Southwood Shared Resource Center.
986 Section 14. The Division of Statutory Revision is requested
987 to create part IV of chapter 282, consisting of sections 282.701
988 through 282.711, Florida Statutes.
989 Section 15. Section 282.701, Florida Statutes, is created
990 to read:
991 282.701 Short title.—This part may be cited as the
992 “Communication Information Technology Services Act.”
993 Section 16. Section 282.102, Florida Statues, is
994 transferred and renumbered as section 282.702, Florida Statutes.
995 Section 17. Section 282.103, Florida Statutes, is
996 transferred, renumbered as section 282.703, Florida Statutes,
997 and amended to read:
998 282.703 282.103 SUNCOM Network; exemptions from the
999 required use.—
1000 (1) There is created within the department of Management
1001 Services the SUNCOM Network, which shall be developed to serve
1002 as the state communications system for providing local and long
1003 distance communications services to state agencies, political
1004 subdivisions of the state, municipalities, state universities,
1005 and nonprofit corporations pursuant to this part ss. 282.102
1006 282.111. The SUNCOM Network shall be developed to transmit all
1007 types of communications signals, including, but not limited to,
1008 voice, data, video, image, and radio. State agencies shall
1009 cooperate and assist in the development and joint use of
1010 communications systems and services.
1011 (2) The department State Technology Office shall design,
1012 engineer, implement, manage, and operate through state
1013 ownership, commercial leasing, or some combination thereof, the
1014 facilities and equipment providing SUNCOM Network services, and
1015 shall develop a system of equitable billings and charges for
1016 communication services.
1017 (3) All state agencies and state universities shall are
1018 required to use the SUNCOM Network for agency and state
1019 university communications services as the services become
1020 available; however, no agency or university is relieved of
1021 responsibility for maintaining communications services necessary
1022 for effective management of its programs and functions. If a
1023 SUNCOM Network service does not meet the communications
1024 requirements of an agency or university, the agency or
1025 university shall notify the department State Technology Office
1026 in writing and detail the requirements for that communications
1027 service. If the department office is unable to meet an agency’s
1028 or university’s requirements by enhancing SUNCOM Network
1029 service, the department office may grant the agency or
1030 university an exemption from the required use of specified
1031 SUNCOM Network services.
1032 Section 18. Section 282.104, Florida Statutes, is
1033 transferred, renumbered as section 282.704, Florida Statutes,
1034 and amended to read:
1035 282.704 282.104 Use of state SUNCOM Network by
1036 municipalities.—Any municipality may request the department
1037 State Technology Office to provide any or all of the SUNCOM
1038 Network’s portfolio of communications services upon such terms
1039 and under such conditions as the department office may
1040 establish. The requesting municipality shall pay its share of
1041 installation and recurring costs according to the published
1042 rates for SUNCOM Network services and as invoiced by the
1043 department office. Such municipality shall also pay for any
1044 requested modifications to existing SUNCOM Network services, if
1045 any charges apply.
1046 Section 19. Section 282.105, Florida Statutes, is
1047 transferred, renumbered as section 282.705, Florida Statutes,
1048 and amended to read:
1049 282.705 282.105 Use of state SUNCOM Network by nonprofit
1050 corporations.—
1051 (1) The department State Technology Office shall provide a
1052 means whereby private nonprofit corporations under contract with
1053 state agencies or political subdivisions of the state may use
1054 the state SUNCOM Network, subject to the limitations in this
1055 section. In order to qualify to use the state SUNCOM Network, a
1056 nonprofit corporation shall:
1057 (a) Expend the majority of its total direct revenues for
1058 the provision of contractual services to the state, a
1059 municipality, or a political subdivision of the state; and
1060 (b) Receive only a small portion of its total revenues from
1061 any source other than a state agency, a municipality, or a
1062 political subdivision of the state during the period of time
1063 SUNCOM Network services are requested.
1064 (2) Each nonprofit corporation seeking authorization to use
1065 the state SUNCOM Network pursuant to this section shall provide
1066 to the department office, upon request, proof of compliance with
1067 subsection (1).
1068 (3) Nonprofit corporations established pursuant to general
1069 law and an association of municipal governments which is wholly
1070 owned by the municipalities are shall be eligible to use the
1071 state SUNCOM Network, subject to the terms and conditions of the
1072 department office.
1073 (4) Institutions qualified to participate in the William L.
1074 Boyd, IV, Florida Resident Access Grant Program pursuant to s.
1075 1009.89 are shall be eligible to use the state SUNCOM Network,
1076 subject to the terms and conditions of the department office.
1077 Such entities are shall not be required to satisfy the other
1078 criteria of this section.
1079 (5) Private, nonprofit elementary and secondary schools are
1080 shall be eligible for rates and services on the same basis as
1081 public schools if such, providing these nonpublic schools do not
1082 have an endowment in excess of $50 million.
1083 Section 20. Section 282.106, Florida Statutes, is
1084 transferred, renumbered as section 282.706, Florida Statutes,
1085 and amended to read:
1086 282.706 282.106 Use of SUNCOM Network by libraries.—The
1087 department State Technology Office may provide SUNCOM Network
1088 services to any library in the state, including libraries in
1089 public schools, community colleges, state universities, and
1090 nonprofit private postsecondary educational institutions, and
1091 libraries owned and operated by municipalities and political
1092 subdivisions.
1093 Section 21. Section 282.107, Florida Statutes, is
1094 transferred and renumbered as section 282.707, Florida Statutes,
1095 and amended to read:
1096 282.707 282.107 SUNCOM Network; criteria for usage.—
1097 (1) The department of Management Services shall
1098 periodically review the qualifications of subscribers using the
1099 state SUNCOM Network and shall terminate services provided to
1100 any facility not qualified under this part pursuant to ss.
1101 282.102-282.111 or rules adopted hereunder. In the event of
1102 nonpayment of invoices by subscribers whose SUNCOM Network
1103 invoices are paid from sources other than legislative
1104 appropriations, such nonpayment represents good and sufficient
1105 reason to terminate service.
1106 (2) The department of Management Services shall adopt rules
1107 for implementing and operating the state SUNCOM Network, which
1108 shall include its procedures for withdrawing and restoring
1109 authorization to use the state SUNCOM Network. Such rules shall
1110 provide a minimum of 30 days’ notice to affected parties before
1111 terminating prior to termination of voice communications
1112 service.
1113 (3) Nothing in This section does not shall be construed to
1114 limit or restrict the ability of the Florida Public Service
1115 Commission to set jurisdictional tariffs of telecommunications
1116 companies.
1117 Section 22. Section 282.109, Florida Statutes, is
1118 transferred and renumbered as section 282.708, Florida Statutes.
1119 Section 23. Section 282.1095, Florida Statutes, is
1120 transferred, renumbered as section 282.709, Florida Statutes,
1121 and amended to read:
1122 282.709 282.1095 State agency law enforcement radio system
1123 and interoperability network.—
1124 (1) The department State Technology Office may acquire and
1125 administer implement a statewide radio communications system to
1126 serve law enforcement units of state agencies, and to serve
1127 local law enforcement agencies through mutual aid channels. The
1128 Joint Task Force on State Agency Law Enforcement Communications
1129 is established in the State Technology Office to advise the
1130 office of member-agency needs for the planning, designing, and
1131 establishment of the joint system. The State Agency Law
1132 Enforcement Radio System Trust Fund is established in the State
1133 Technology Office. The trust fund shall be funded from
1134 surcharges collected under ss. 320.0802 and 328.72.
1135 (a) The department shall, in conjunction with the
1136 Department of Law Enforcement and the Division of Emergency
1137 Management of the Department of Community Affairs, establish
1138 policies, procedures, and standards to be incorporated into a
1139 comprehensive management plan for the use and operation of the
1140 statewide radio communications system.
1141 (b) The department shall bear the overall responsibility
1142 for the design, engineering, acquisition, and implementation of
1143 the statewide radio communications system and for ensuring the
1144 proper operation and maintenance of all common system equipment.
1145 (c)1. The department may rent or lease space on any tower
1146 under its control and refuse to lease space on any tower at any
1147 site.
1148 2. The department may rent, lease, or sublease ground space
1149 as necessary to locate equipment to support antennae on the
1150 towers. The costs for the use of such space shall be established
1151 by the department for each site if it is determined to be
1152 practicable and feasible to make space available.
1153 3. The department may rent, lease, or sublease ground space
1154 on lands acquired by the department for the construction of
1155 privately owned or publicly owned towers. The department may, as
1156 a part of such rental, lease, or sublease agreement, require
1157 space on such towers for antennae as necessary for the
1158 construction and operation of the state agency law enforcement
1159 radio system or any other state need.
1160 4. All moneys collected by the department for rents,
1161 leases, and subleases under this subsection shall be deposited
1162 directly into the Law Enforcement Radio Operating Trust Fund
1163 established in subsection (3) and may be used by the department
1164 to construct, maintain, or support the system.
1165 5. The positions necessary for the department to accomplish
1166 its duties under this subsection shall be established in the
1167 General Appropriations Act and funded by the Law Enforcement
1168 Radio Operating Trust Fund or other revenue sources.
1169 (d) The department shall exercise its powers and duties
1170 under this part to plan, manage, and administer the mutual aid
1171 channels in the statewide radio communication system.
1172 1. In implementing such powers and duties, the department
1173 shall consult and act in conjunction with the Department of Law
1174 Enforcement and the Division of Emergency Management of the
1175 Department of Community Affairs, and shall manage and administer
1176 the mutual aid channels in a manner that reasonably addresses
1177 the needs and concerns of the involved law enforcement agencies
1178 and emergency response agencies and entities.
1179 2. The department may make the mutual aid channels
1180 available to federal agencies, state agencies, and agencies of
1181 the political subdivisions of the state for the purpose of
1182 public safety and domestic security.
1183 (e) The department may allow other state agencies to use
1184 the statewide radio communications system under terms and
1185 conditions established by the department.
1186 (2) The Joint Task Force on State Agency Law Enforcement
1187 Communications is created adjunct to the department to advise
1188 the department of member-agency needs relating to the planning,
1189 designing, and establishment of the statewide communication
1190 system.
1191 (a) The Joint Task Force on State Agency Law Enforcement
1192 Communications shall consist of eight members, as follows:
1193 1. A representative of the Division of Alcoholic Beverages
1194 and Tobacco of the Department of Business and Professional
1195 Regulation who shall be appointed by the secretary of the
1196 department.
1197 2. A representative of the Division of Florida Highway
1198 Patrol of the Department of Highway Safety and Motor Vehicles
1199 who shall be appointed by the executive director of the
1200 department.
1201 3. A representative of the Department of Law Enforcement
1202 who shall be appointed by the executive director of the
1203 department.
1204 4. A representative of the Fish and Wildlife Conservation
1205 Commission who shall be appointed by the executive director of
1206 the commission.
1207 5. A representative of the Division of Law Enforcement of
1208 the Department of Environmental Protection who shall be
1209 appointed by the secretary of the department.
1210 6. A representative of the Department of Corrections who
1211 shall be appointed by the secretary of the department.
1212 7. A representative of the Division of State Fire Marshal
1213 of the Department of Financial Services who shall be appointed
1214 by the State Fire Marshal.
1215 8. A representative of the Department of Transportation who
1216 shall be appointed by the secretary of the department.
1217 (b) Each appointed member of the joint task force shall
1218 serve at the pleasure of the appointing official. Any vacancy on
1219 the joint task force shall be filled in the same manner as the
1220 original appointment. A Any joint task force member may, upon
1221 notification to the chair before prior to the beginning of any
1222 scheduled meeting, appoint an alternative to represent the
1223 member on the task force and vote on task force business in his
1224 or her absence.
1225 (c) The joint task force shall elect a chair from among its
1226 members to serve a 1-year term. A vacancy in the chair of the
1227 joint task force must be filled for the remainder of the
1228 unexpired term by an election of the joint task force members.
1229 (d) The joint task force shall meet as necessary, but at
1230 least quarterly, at the call of the chair and at the time and
1231 place designated by him or her.
1232 (e) The per diem and travel expenses incurred by a member
1233 of the joint task force in attending its meetings and in
1234 attending to its affairs shall be paid pursuant to s. 112.061,
1235 from funds budgeted to the state agency that the member
1236 represents.
1237 (f) The department shall provide technical support to the
1238 joint task force.
1239 (f) The State Technology Office is hereby authorized to
1240 rent or lease space on any tower under its control. The office
1241 may also rent, lease, or sublease ground space as necessary to
1242 locate equipment to support antennae on the towers. The costs
1243 for use of such space shall be established by the office for
1244 each site, when it is determined to be practicable and feasible
1245 to make space available. The office may refuse to lease space on
1246 any tower at any site. All moneys collected by the office for
1247 such rents, leases, and subleases shall be deposited directly
1248 into the Law Enforcement Radio Operating Trust Fund and may be
1249 used by the office to construct, maintain, or support the
1250 system.
1251 (g) The State Technology Office is hereby authorized to
1252 rent, lease, or sublease ground space on lands acquired by the
1253 office for the construction of privately owned or publicly owned
1254 towers. The office may, as a part of such rental, lease, or
1255 sublease agreement, require space on said tower or towers for
1256 antennae as may be necessary for the construction and operation
1257 of the state agency law enforcement radio system or any other
1258 state need. The positions necessary for the office to accomplish
1259 its duties under this paragraph and paragraph (f) shall be
1260 established in the General Appropriations Act and shall be
1261 funded by the Law Enforcement Radio Operating Trust Fund or
1262 other revenue sources.
1263 (h) The State Technology Office may make the mutual aid
1264 channels in the statewide radio communications system available
1265 to federal agencies, state agencies, and agencies of the
1266 political subdivisions of the state for the purpose of public
1267 safety and domestic security. The office shall exercise its
1268 powers and duties, as specified in this chapter, to plan,
1269 manage, and administer the mutual aid channels. The office
1270 shall, in implementing such powers and duties, act in
1271 consultation and conjunction with the Department of Law
1272 Enforcement and the Division of Emergency Management of the
1273 Department of Community Affairs, and shall manage and administer
1274 the mutual aid channels in a manner that reasonably addresses
1275 the needs and concerns of the involved law enforcement agencies
1276 and emergency response agencies and entities.
1277 (3) The State Agency Law Enforcement Radio System Trust
1278 Fund is established in the department and funded from surcharges
1279 collected under ss. 320.0802 and 328.72. Upon appropriation,
1280 moneys in the trust fund may be used by the department office to
1281 acquire by competitive procurement the equipment,; software,;
1282 and engineering, administrative, and maintenance services it
1283 needs to construct, operate, and maintain the statewide radio
1284 system. Moneys in the trust fund collected as a result of the
1285 surcharges set forth in ss. 320.0802 and 328.72 shall be used to
1286 help fund the costs of the system. Upon completion of the
1287 system, moneys in the trust fund may also be used by the
1288 department office to provide for payment of the recurring
1289 maintenance costs of the system.
1290 (4)(a) The office shall, in conjunction with the Department
1291 of Law Enforcement and the Division of Emergency Management of
1292 the Department of Community Affairs, establish policies,
1293 procedures, and standards which shall be incorporated into a
1294 comprehensive management plan for the use and operation of the
1295 statewide radio communications system.
1296 (b) The joint task force, in consultation with the office,
1297 shall have the authority to permit other state agencies to use
1298 the communications system, under terms and conditions
1299 established by the joint task force.
1300 (5) The office shall provide technical support to the joint
1301 task force and shall bear the overall responsibility for the
1302 design, engineering, acquisition, and implementation of the
1303 statewide radio communications system and for ensuring the
1304 proper operation and maintenance of all system common equipment.
1305 (4)(6)(a) The department State Technology Office may create
1306 and administer implement an interoperability network to enable
1307 interoperability between various radio communications
1308 technologies and to serve federal agencies, state agencies, and
1309 agencies of political subdivisions of the state for the purpose
1310 of public safety and domestic security.
1311 (a) The department office shall, in conjunction with the
1312 Department of Law Enforcement and the Division of Emergency
1313 Management of the Department of Community Affairs, exercise its
1314 powers and duties pursuant to this chapter to plan, manage, and
1315 administer the interoperability network. The office may:
1316 1. Enter into mutual aid agreements among federal agencies,
1317 state agencies, and political subdivisions of the state for the
1318 use of the interoperability network.
1319 2. Establish the cost of maintenance and operation of the
1320 interoperability network and charge subscribing federal and
1321 local law enforcement agencies for access and use of the
1322 network. The department State Technology Office may not charge
1323 state law enforcement agencies identified in paragraph (2)(a) to
1324 use the network.
1325 3. In consultation with the Department of Law Enforcement
1326 and the Division of Emergency Management of the Department of
1327 Community Affairs, amend and enhance the statewide radio
1328 communications system as necessary to implement the
1329 interoperability network.
1330 (b) The department State Technology Office, in consultation
1331 with the Joint Task Force on State Agency Law Enforcement
1332 Communications, and in conjunction with the Department of Law
1333 Enforcement and the Division of Emergency Management of the
1334 Department of Community Affairs, shall establish policies,
1335 procedures, and standards to incorporate into a comprehensive
1336 management plan for the use and operation of the
1337 interoperability network.
1338 Section 24. Section 282.111, Florida Statutes, is
1339 transferred, renumbered as section 282.710, Florida Statutes,
1340 and amended to read:
1341 282.710 282.111 Statewide system of regional law
1342 enforcement communications.—
1343 (1) It is the intent and purpose of the Legislature that a
1344 statewide system of regional law enforcement communications be
1345 developed whereby maximum efficiency in the use of existing
1346 radio channels is achieved in order to deal more effectively
1347 with the apprehension of criminals and the prevention of crime
1348 generally. To this end, all law enforcement agencies within the
1349 state are directed to provide the department State Technology
1350 Office with any information the department office requests for
1351 the purpose of implementing the provisions of subsection (2).
1352 (2) The department State Technology Office is hereby
1353 authorized and directed to develop and maintain a statewide
1354 system of regional law enforcement communications. In
1355 formulating such a system, the department office shall divide
1356 the state into appropriate regions and shall develop a program
1357 that includes which shall include, but is not be limited to, the
1358 following provisions:
1359 (a) The communications requirements for each county and
1360 municipality comprising the region.
1361 (b) An interagency communications provision that depicts
1362 which shall depict the communication interfaces between
1363 municipal, county, and state law enforcement entities operating
1364 which operate within the region.
1365 (c) A frequency allocation and use provision that includes
1366 which shall include, on an entity basis, each assigned and
1367 planned radio channel and the type of operation, simplex,
1368 duplex, or half-duplex, on each channel.
1369 (3) The office shall adopt any necessary rules and
1370 regulations for administering implementing and coordinating the
1371 statewide system of regional law enforcement communications.
1372 (4) The secretary of the department Chief Information
1373 Officer of the State Technology Office or his or her designee is
1374 designated as the director of the statewide system of regional
1375 law enforcement communications and, for the purpose of carrying
1376 out the provisions of this section, may is authorized to
1377 coordinate the activities of the system with other interested
1378 state agencies and local law enforcement agencies.
1379 (5) A No law enforcement communications system may not
1380 shall be established or present system expanded without the
1381 prior approval of the department State Technology Office.
1382 (6) Within the limits of its capability, the Department of
1383 Law Enforcement is encouraged to lend assistance to the
1384 department State Technology Office in the development of the
1385 statewide system of regional law enforcement communications
1386 proposed by this section.
1387 Section 25. Section 282.21, Florida Statutes, is
1388 transferred, renumbered as section 282.711, Florida Statutes,
1389 and amended to read:
1390 282.711 282.21 The State Technology Office’s Remote
1391 electronic access services.—The department State Technology
1392 Office may collect fees for providing remote electronic access
1393 pursuant to s. 119.07(2). The fees may be imposed on individual
1394 transactions or as a fixed subscription for a designated period
1395 of time. All fees collected under this section shall be
1396 deposited in the appropriate trust fund of the program or
1397 activity that made the remote electronic access available.
1398 Section 26. Section 282.22, Florida Statutes, is repealed.
1399 Section 27. Paragraph (h) is added to subsection (3) of
1400 section 287.042, Florida Statutes, and paragraph (b) of
1401 subsection (4) and subsections (15) and (16) of that section are
1402 amended, to read:
1403 287.042 Powers, duties, and functions.—The department shall
1404 have the following powers, duties, and functions:
1405 (3) To establish a system of coordinated, uniform
1406 procurement policies, procedures, and practices to be used by
1407 agencies in acquiring commodities and contractual services,
1408 which shall include, but not be limited to:
1409 (h) Development, in consultation with the Agency Chief
1410 Information Officers Council, of procedures to be used by state
1411 agencies when procuring information technology commodities and
1412 contractual services to ensure compliance with public-records
1413 requirements and records-retention and archiving requirements.
1414 (4)
1415 (b) To prescribe, in consultation with the Agency Chief
1416 Information Officers Council State Technology Office, procedures
1417 for procuring information technology and information technology
1418 consultant services which provide for public announcement and
1419 qualification, competitive solicitations, contract award, and
1420 prohibition against contingent fees. Such procedures shall be
1421 limited to information technology consultant contracts for which
1422 the total project costs, or planning or study activities, are
1423 estimated to exceed the threshold amount provided for in s.
1424 287.017, for CATEGORY TWO.
1425 (15)(a) To enter into joint agreements with governmental
1426 agencies, as defined in s. 163.3164(10), for the purpose of
1427 pooling funds for the purchase of commodities or information
1428 technology that can be used by multiple agencies. However, the
1429 department shall consult with the State Technology Office on
1430 joint agreements that involve the purchase of information
1431 technology. Agencies entering into joint purchasing agreements
1432 with the department or the State Technology Office shall
1433 authorize the department or the State Technology Office to
1434 contract for such purchases on their behalf.
1435 (a)(b) Each agency that has been appropriated or has
1436 existing funds for such purchase the purchases, shall, upon
1437 contract award by the department, transfer their portion of the
1438 funds into the department’s Operating Trust Fund for payment by
1439 the department. The These funds shall be transferred by the
1440 Executive Office of the Governor pursuant to the agency budget
1441 amendment request provisions in chapter 216.
1442 (b)(c) Agencies that sign the joint agreements are
1443 financially obligated for their portion of the agreed-upon
1444 funds. If an any agency becomes more than 90 days delinquent in
1445 paying the funds, the department shall certify to the Chief
1446 Financial Officer the amount due, and the Chief Financial
1447 Officer shall transfer the amount due to the Operating Trust
1448 Fund of the department from any of the agency’s available funds.
1449 The Chief Financial Officer shall report all of these transfers
1450 and the reasons for the transfers to the Executive Office of the
1451 Governor and the legislative appropriations committees.
1452 (16)(a) To evaluate contracts let by the Federal
1453 Government, another state, or a political subdivision for the
1454 provision of commodities and contract services, and, if when it
1455 is determined in writing to be cost-effective and in the best
1456 interest of the state, to enter into a written agreement
1457 authorizing an agency to make purchases under such a contract
1458 approved by the department and let by the Federal Government,
1459 another state, or a political subdivision.
1460 (b) For contracts pertaining to the provision of
1461 information technology, the State Technology Office, in
1462 consultation with the department, shall assess the technological
1463 needs of a particular agency, evaluate the contracts, and
1464 determine whether to enter into a written agreement with the
1465 letting federal, state, or political subdivision body to provide
1466 information technology for a particular agency.
1467 Section 28. Subsection (9) of section 1004.52, Florida
1468 Statutes, is amended to read:
1469 1004.52 Community computer access grant program.—
1470 (9) The institute, based upon guidance from the State
1471 Technology Office and the state’s Chief Information Officer,
1472 shall establish minimum requirements governing the
1473 specifications and capabilities of any computers purchased with
1474 funds awarded under this grant program.
1475 Section 29. Rules 60DD-1, 60DD-4, 60DD-5, 60DD-6, 60DD-7,
1476 and 60DD-8, Florida Administrative Code, are repealed, and the
1477 Department of State is directed to remove these rules from the
1478 Florida Administrative Code. Rule 60DD-2, Florida Administrative
1479 Code, is transferred to the Agency for Enterprise Information
1480 Technology.
1481 Section 30. Section 17 of chapter 2008-116, 2008 Laws of
1482 Florida, is amended to read:
1483 Section 17. All data center functions performed, managed,
1484 operated, or supported by state agencies with resources and
1485 equipment currently located in a state primary data center
1486 created by this act, excluding application development, shall be
1487 transferred to the primary data center and that agency shall
1488 become a full-service customer entity by July 1, 2010. All
1489 resources and equipment located in the primary data center shall
1490 be operated, managed, and controlled by the primary data center.
1491 The primary data center in which such resources and equipment
1492 are located shall be the custodian of such resources and
1493 equipment for purposes of chapter 273, Florida Statutes. Data
1494 center functions include, but are not limited to, responsibility
1495 for all data center hardware, software, staff, contracted
1496 services, and facility resources performing data center
1497 management and operations, security, production control, backup
1498 and recovery, disaster recovery, system administration, database
1499 administration, system programming, job control, production
1500 control, print, storage, technical support, help desk, and
1501 managed services.
1502 (1) To accomplish the transition, each state agency that is
1503 a customer entity of a primary data center shall:
1504 (a) By October 1, 2009, submit a plan to the board of
1505 trustees of the appropriate primary data center describing costs
1506 and resources currently used to manage and maintain hardware and
1507 operating and support software housed at the primary data
1508 center, and a plan for transferring all resources allocated to
1509 data center functions to the primary data center. The plan
1510 shall:
1511 1. Include the itemized expenditures for all of the related
1512 equipment and software in the previous 5 fiscal years.
1513 2. Propose averages or weighted averages for transferring
1514 spending authority related to equipment and software based upon
1515 spending in the previous 5 fiscal years and projected needs for
1516 the upcoming 2 fiscal years.
1517 (b) Submit with its 2010-2011 legislative budget request
1518 budget adjustments necessary to accomplish the transfers. These
1519 adjustments shall include budget requests to replace existing
1520 spending authority in the appropriations categories used to
1521 manage, maintain, and upgrade hardware, operating software, and
1522 support software with an amount in a single appropriation
1523 category to pay for the services of the primary data center.
1524 (2) The board of trustees of each primary data center
1525 shall:
1526 (a) Be responsible for the efficient transfer of resources
1527 in user agencies relating to the provision of full services and
1528 shall coordinate the legislative budget requests of the affected
1529 agencies.
1530 (b) Include in its 2010-2011 legislative budget request
1531 additional budget authority to accommodate the transferred
1532 functions.
1533 (c) Develop proposed cost-recovery plans for its customer
1534 entities at its annual budget meeting held before July 1, 2010,
1535 using the principles established in s. 282.203, Florida
1536 Statutes.
1537 Section 31. Subsection (17) of section 318.18, Florida
1538 Statutes, is amended to read:
1539 318.18 Amount of penalties.—The penalties required for a
1540 noncriminal disposition pursuant to s. 318.14 or a criminal
1541 offense listed in s. 318.17 are as follows:
1542 (17) In addition to any penalties imposed, a surcharge of
1543 $3 must be paid for all criminal offenses listed in s. 318.17
1544 and for all noncriminal moving traffic violations under chapter
1545 316. Revenue from the surcharge shall be remitted to the
1546 Department of Revenue and deposited quarterly into the State
1547 Agency Law Enforcement Radio System Trust Fund of the Department
1548 of Management Services for the state agency law enforcement
1549 radio system, as described in s. 282.709 s. 282.1095, and to
1550 provide technical assistance to state agencies and local law
1551 enforcement agencies with their statewide systems of regional
1552 law enforcement communications, as described in s. 282.710 s.
1553 282.111. This subsection expires July 1, 2012. The Department of
1554 Management Services may retain funds sufficient to recover the
1555 costs and expenses incurred for the purposes of managing,
1556 administering, and overseeing the Statewide Law Enforcement
1557 Radio System, and providing technical assistance to state
1558 agencies and local law enforcement agencies with their statewide
1559 systems of regional law enforcement communications. The
1560 Department of Management Services working in conjunction with
1561 the Joint Task Force on State Agency Law Enforcement
1562 Communications shall determine and direct the purposes for which
1563 these funds are used to enhance and improve the radio system.
1564 Section 32. Subsection (4) of section 393.002, Florida
1565 Statutes, is amended to read:
1566 393.002 Transfer of Florida Developmental Disabilities
1567 Council as formerly created in this chapter to private nonprofit
1568 corporation.—
1569 (4) The This designated nonprofit corporation is shall be
1570 eligible to use the state communications system in accordance
1571 with s. 282.705(3) s. 282.105(3).
1572 Section 33. Paragraph (a) of subsection (2) of section
1573 1001.26, Florida Statutes, is amended to read:
1574 1001.26 Public broadcasting program system.—
1575 (2)(a) The Department of Education is responsible for
1576 implementing the provisions of this section pursuant to s.
1577 282.702 s. 282.102 and may employ personnel, acquire equipment
1578 and facilities, and perform all duties necessary for carrying
1579 out the purposes and objectives of this section.
1580 Section 34. This act shall take effect upon becoming a law.