Florida Senate - 2011 COMMITTEE AMENDMENT
Bill No. SB 102
Barcode 262522
LEGISLATIVE ACTION
Senate . House
Comm: RCS .
04/05/2011 .
.
.
.
—————————————————————————————————————————————————————————————————
—————————————————————————————————————————————————————————————————
The Committee on Governmental Oversight and Accountability
(Ring) recommended the following:
1 Senate Amendment (with title amendment)
2
3 Delete everything after the enacting clause
4 and insert:
5 Section 1. Section 14.204, Florida Statutes, is
6 transferred, renumbered as section 20.51, Florida Statutes, and
7 amended to read:
8 20.51 14.204 Department of Agency for Enterprise
9 Information Technology.—The Department of Agency for Enterprise
10 Information Technology is created within the Executive Office of
11 the Governor.
12 (1) The head of the department is agency shall be the
13 Governor and Cabinet.
14 (2) The agency is a separate budget entity and is not
15 subject to control, supervision, or direction by the Executive
16 Office of the Governor, including, but not limited to,
17 purchasing, transactions involving real or personal property,
18 personnel, or budgetary matters.
19 (2)(3) The department agency shall have an executive
20 director who is the state’s Chief Technology Information Officer
21 and who must, at a minimum:
22 (a) Have a degree from an accredited postsecondary
23 institution in engineering, computer science, information
24 science, or information systems;
25 (b) Have at least 7 years of executive-level experience in
26 managing information technology organizations; and
27 (c) Be appointed by the Governor and confirmed by the
28 Cabinet, subject to confirmation by the Senate, and serve at the
29 pleasure of the Governor and Cabinet.
30 (3) The department shall consist of the following
31 divisions:
32 (a) The Division of Strategic Procurement, which includes
33 the development of all enterprise information technology
34 procurement and acquisition-management systems across state
35 agencies, whether owned or contracted, and has the objective of
36 achieving unified accountability.
37 (b) The Division of Policy Formation, Development, and
38 Standards, which, by rule, sets the technical and architectural
39 expectations for current and emerging technologies and
40 establishes new human capital skill sets, competency
41 expectations, and total compensation for all information
42 technology professions within state agencies.
43 (c) The Division of Implementation, which is responsible
44 for the execution, timing, and integration of specific
45 technology components and business domain management and the
46 retention of agency expertise in key legacy applications in
47 nonstrategic management systems.
48 (4) The department agency shall have the following duties
49 and responsibilities:
50 (a) Develop strategies for the design, delivery, and
51 management of the enterprise information technology services
52 established in law.
53 (b) Monitor the delivery and management of the enterprise
54 information technology services as established in law.
55 (c) Make recommendations to the agency head and the
56 Legislature concerning other information technology services
57 that should be designed, delivered, and managed as enterprise
58 information technology services as defined in s. 282.0041.
59 (d) Plan and establish policies for managing proposed
60 statutorily authorized enterprise information technology
61 services, which includes:
62 1. Developing business cases that, when applicable, include
63 the components identified in s. 287.0571;
64 2. Establishing and coordinating project-management teams;
65 3. Establishing formal risk-assessment and mitigation
66 processes; and
67 4. Providing for independent monitoring of projects for
68 recommended corrective actions.
69 (e) Beginning October 1, 2010, develop, publish, and
70 biennially update a long-term strategic enterprise information
71 technology plan that identifies and recommends strategies and
72 opportunities to improve the delivery of cost-effective and
73 efficient enterprise information technology services to be
74 proposed for establishment pursuant to s. 282.0056.
75 (f) Perform duties related to the state data center system
76 as provided in s. 282.201.
77 (g) Coordinate acquisition planning and procurement
78 negotiations for hardware and software products and services in
79 order to improve the efficiency and reduce the cost of
80 enterprise information technology services.
81 (h) In consultation with the Division of Purchasing in the
82 Department of Management Services, coordinate procurement
83 negotiations for information technology products as defined in
84 s. 282.0041 which will be used by multiple agencies.
85 (i) In coordination with, and through the services of, the
86 Division of Purchasing in the Department of Management Services,
87 establish best practices for the procurement of information
88 technology products as defined in s. 282.0041 in order to
89 achieve savings for the state.
90 (j) Develop information technology standards for enterprise
91 information technology services.
92 (k) Provide annually, by December 31, recommendations to
93 the Legislature relating to techniques for consolidating the
94 purchase of information technology commodities and services,
95 which result in savings for the state, and for establishing a
96 process to achieve savings through consolidated purchases.
97 (5) The Office of Information Security shall be created
98 within the department agency. The department agency shall
99 designate a state Chief Information Security Officer who shall
100 oversee the office and report directly to the executive
101 director.
102 (6) The department agency shall operate in a manner that
103 ensures the participation and representation of state agencies
104 and the Agency Chief Information Officers Council established in
105 s. 282.315.
106 (7) The department agency may adopt rules to carry out its
107 statutory duties.
108 Section 2. Subsection (1) and paragraph (g) of subsection
109 (2) of section 17.0315, Florida Statutes, are amended to read:
110 17.0315 Financial and cash management system; task force.—
111 (1) The Chief Financial Officer, as the constitutional
112 officer responsible for settling and approving accounts against
113 the state and keeping all state funds pursuant to s. 4, Art. IV
114 of the State Constitution, shall be the head of and appoint
115 members to a task force established to develop a strategic
116 business plan for a successor financial and cash management
117 system. The task force shall include the executive director of
118 the Department of Agency for Enterprise Information Technology
119 and the director of the Office of Policy and Budget in the
120 Executive Office of the Governor. Any member of the task force
121 may appoint a designee.
122 (2) The strategic business plan for a successor financial
123 and cash management system must:
124 (g) Be coordinated with the information technology strategy
125 development efforts of the Department of Agency for Enterprise
126 Information Technology;
127 Section 3. Paragraph (e) of subsection (2) of section
128 110.205, Florida Statutes, is amended to read:
129 110.205 Career service; exemptions.—
130 (2) EXEMPT POSITIONS.—The exempt positions that are not
131 covered by this part include the following:
132 (e) The Chief Information Officer in the Department of
133 Agency for Enterprise Information Technology. Unless otherwise
134 fixed by law, the Department of Agency for Enterprise
135 Information Technology shall set the salary and benefits of this
136 position in accordance with the rules of the Senior Management
137 Service.
138 Section 4. Subsections (2) and (9) of section 215.322,
139 Florida Statutes, are amended to read:
140 215.322 Acceptance of credit cards, charge cards, debit
141 cards, or electronic funds transfers by state agencies, units of
142 local government, and the judicial branch.—
143 (2) A state agency as defined in s. 216.011, or the
144 judicial branch, may accept credit cards, charge cards, debit
145 cards, or electronic funds transfers in payment for goods and
146 services with the prior approval of the Chief Financial Officer.
147 If the Internet or other related electronic methods are to be
148 used as the collection medium, the Department of Agency for
149 Enterprise Information Technology shall review and recommend to
150 the Chief Financial Officer whether to approve the request with
151 regard to the process or procedure to be used.
152 (9) For payment programs in which credit cards, charge
153 cards, or debit cards are accepted by state agencies, the
154 judicial branch, or units of local government, the Chief
155 Financial Officer, in consultation with the Department of Agency
156 for Enterprise Information Technology, may adopt rules to
157 establish uniform security safeguards for cardholder data and to
158 ensure compliance with the Payment Card Industry Data Security
159 Standards.
160 Section 5. Paragraph (c) of subsection (4) and subsection
161 (6) of section 216.235, Florida Statutes, are amended to read:
162 216.235 Innovation Investment Program.—
163 (4) There is hereby created the State Innovation Committee,
164 which shall have final approval authority as to which innovative
165 investment projects submitted under this section shall be
166 funded. Such committee shall be comprised of seven members.
167 Appointed members shall serve terms of 1 year and may be
168 reappointed. The committee shall include:
169 (c) The executive director of the Department of Agency for
170 Enterprise Information Technology.
171 (6) Any agency developing an innovative investment project
172 proposal that involves information technology resources may
173 consult with and seek technical assistance from the Agency for
174 Enterprise Information Technology. The office shall consult with
175 the Department of Agency for Enterprise Information Technology
176 concerning any project proposal that involves enterprise
177 information technology resources. The department Agency for
178 Enterprise Information Technology shall evaluate the project and
179 advise the committee and review board of the technical
180 feasibility and any transferable benefits of the proposed
181 technology. In addition to the requirements of subsection (5),
182 the agencies shall provide to the department Agency for
183 Enterprise Information Technology any information requested by
184 the department Agency for Enterprise Information Technology to
185 aid in determining whether the proposed technology is
186 appropriate for the project’s success.
187 Section 6. Subsection (4) of section 282.0041, Florida
188 Statutes, is repealed.
189 Section 7. Section 282.0055, Florida Statutes, is amended
190 to read:
191 282.0055 Assignment of information technology.—In order to
192 ensure the most effective and efficient use of the state’s
193 information technology and information technology resources and
194 notwithstanding other provisions of law to the contrary,
195 policies for the design, planning, project management, and
196 implementation of enterprise information technology services
197 shall be the responsibility of the Department of Agency for
198 Enterprise Information Technology for executive branch agencies
199 created or authorized in statute to perform legislatively
200 delegated functions. The supervision, design, delivery, and
201 management of agency information technology shall remain within
202 the responsibility and control of the individual state agency.
203 Section 8. Section 282.0056, Florida Statutes, is amended
204 to read:
205 282.0056 Development of work plan; development of
206 implementation plans; and policy recommendations.—
207 (1) For the purposes of carrying out its responsibilities
208 under s. 282.0055, the Department of Agency for Enterprise
209 Information Technology shall develop an annual work plan within
210 60 days after the beginning of the fiscal year describing the
211 activities that the department agency intends to undertake for
212 that year, including proposed outcomes and completion
213 timeframes. The work plan must be presented at a public hearing
214 that includes the Agency Chief Information Officers Council,
215 which may review and comment on the plan. The work plan must
216 thereafter be approved by the Governor and Cabinet and submitted
217 to the President of the Senate and the Speaker of the House of
218 Representatives. The work plan may be amended as needed, subject
219 to approval by the Governor and Cabinet. The work plan must, at
220 a minimum, include proposals for:
221 (a) The development of a revised financial management
222 infrastructure for state government which causes the
223 reengineering of subsystem components, including, but not
224 limited to, the legislative appropriations and planning and
225 budget system, cash management, human resources, a successor
226 accounting system, and strategic and tactical procurement and
227 acquisition management;
228 (b) Creation of successor customer-relationship management
229 systems, including, but not limited to, professional licensure,
230 facility licensure, regulatory inspections, and compliance and
231 monitoring systems; and
232 (c) Consolidation of all state data centers by January 1,
233 2014.
234 (2) The Department of Information Technology agency may
235 develop and submit to the President of the Senate, the Speaker
236 of the House of Representatives, and the Governor by October 1
237 of each year implementation plans for proposed enterprise
238 information technology services to be established in law.
239 (3) In developing policy recommendations and implementation
240 plans for established and proposed enterprise information
241 technology services, the Department of Information Technology
242 agency shall describe the scope of operation, conduct costs and
243 requirements analyses, conduct an inventory of all existing
244 information technology resources that are associated with each
245 service, and develop strategies and timeframes for statewide
246 migration.
247 (4) For the purpose of completing its work activities, each
248 state agency shall provide to the Department of Information
249 Technology agency all requested information, including, but not
250 limited to, the state agency’s costs, service requirements, and
251 equipment inventories.
252 (5) Within 60 days after the end of each fiscal year, the
253 Department of Information Technology agency shall report to the
254 Governor and Cabinet, the President of the Senate, and the
255 Speaker of the House of Representatives on what was achieved or
256 not achieved in the prior year’s work plan.
257 Section 9. Subsection (2), paragraphs (a), (b), and (c) of
258 subsection (3), paragraph (b) and (d) of subsection (4), and
259 subsection (5) of section 282.201, Florida Statutes, are amended
260 to read:
261 282.201 State data center system; agency duties and
262 limitations.—A state data center system that includes all
263 primary data centers, other nonprimary data centers, and
264 computing facilities, and that provides an enterprise
265 information technology service as defined in s. 282.0041, is
266 established.
267 (2) DEPARTMENT OF AGENCY FOR ENTERPRISE INFORMATION
268 TECHNOLOGY DUTIES.—The department Agency for Enterprise
269 Information Technology shall:
270 (a) Collect and maintain information necessary for
271 developing policies relating to the data center system,
272 including, but not limited to, an inventory of facilities.
273 (b) Annually approve cost-recovery mechanisms and rate
274 structures for primary data centers which recover costs through
275 charges to customer entities.
276 (c) By December 31 of each year, submit to the Legislature
277 recommendations to improve the efficiency and effectiveness of
278 computing services provided by state data center system
279 facilities. Such recommendations may include, but need not be
280 limited to:
281 1. Policies for improving the cost-effectiveness and
282 efficiency of the state data center system.
283 2. Infrastructure improvements supporting the consolidation
284 of facilities or preempting the need to create additional data
285 centers or computing facilities.
286 3. Standards for an objective, credible energy performance
287 rating system that data center boards of trustees can use to
288 measure state data center energy consumption and efficiency on a
289 biannual basis.
290 4. Uniform disaster recovery standards.
291 5. Standards for primary data centers providing transparent
292 financial data to user agencies.
293 6. Consolidation of contract practices or coordination of
294 software, hardware, or other technology-related procurements.
295 7. Improvements to data center governance structures.
296 (d) By October 1 of each year beginning in 2009, recommend
297 to the Governor and Legislature at least two nonprimary data
298 centers for consolidation into a primary data center or
299 nonprimary data center facility.
300 1. The consolidation proposal must provide a transition
301 plan that includes:
302 a. Estimated transition costs for each data center or
303 computing facility recommended for consolidation;
304 b. Detailed timeframes for the complete transition of each
305 data center or computing facility recommended for consolidation;
306 c. Proposed recurring and nonrecurring fiscal impacts,
307 including increased or decreased costs and associated budget
308 impacts for affected budget entities;
309 d. Substantive legislative changes necessary to implement
310 the transition; and
311 e. Identification of computing resources to be transferred
312 and those that will remain in the agency. The transfer of
313 resources must include all hardware, software, staff, contracted
314 services, and facility resources performing data center
315 management and operations, security, backup and recovery,
316 disaster recovery, system administration, database
317 administration, system programming, job control, production
318 control, print, storage, technical support, help desk, and
319 managed services but excluding application development.
320 2. Recommendations shall be based on the goal of maximizing
321 current and future cost savings. The department agency shall
322 consider the following criteria in selecting consolidations that
323 maximize efficiencies by providing the ability to:
324 a. Consolidate purchase decisions;
325 b. Leverage expertise and other resources to gain economies
326 of scale;
327 c. Implement state information technology policies more
328 effectively;
329 d. Maintain or improve the level of service provision to
330 customer entities; and
331 e. Make progress towards the state’s goal of consolidating
332 data centers and computing facilities into primary data centers.
333 3. The department agency shall establish workgroups as
334 necessary to ensure participation by affected agencies in the
335 development of recommendations related to consolidations.
336 (e) By December 31, 2010, the department agency shall
337 develop and submit to the Legislature an overall consolidation
338 plan for state data centers. The plan shall indicate a timeframe
339 for the consolidation of all remaining nonprimary data centers
340 into primary data centers, including existing and proposed
341 primary data centers, by 2019.
342 (f) Develop and establish rules relating to the operation
343 of the state data center system which comply with applicable
344 federal regulations, including 2 C.F.R. part 225 and 45 C.F.R.
345 The rules may address:
346 1. Ensuring that financial information is captured and
347 reported consistently and accurately.
348 2. Requiring the establishment of service-level agreements
349 executed between a data center and its customer entities for
350 services provided.
351 3. Requiring annual full cost recovery on an equitable
352 rational basis. The cost-recovery methodology must ensure that
353 no service is subsidizing another service and may include
354 adjusting the subsequent year’s rates as a means to recover
355 deficits or refund surpluses from a prior year.
356 4. Requiring that any special assessment imposed to fund
357 expansion is based on a methodology that apportions the
358 assessment according to the proportional benefit to each
359 customer entity.
360 5. Requiring that rebates be given when revenues have
361 exceeded costs, that rebates be applied to offset charges to
362 those customer entities that have subsidized the costs of other
363 customer entities, and that such rebates may be in the form of
364 credits against future billings.
365 6. Requiring that all service-level agreements have a
366 contract term of up to 3 years, but may include an option to
367 renew for up to 3 additional years contingent on approval by the
368 board, and require at least a 180-day notice of termination.
369 7. Designating any nonstate data center as a primary data
370 center if the center:
371 a. Has an established governance structure that represents
372 customer entities proportionally.
373 b. Maintains an appropriate cost-allocation methodology
374 that accurately bills a customer entity based on the actual
375 direct and indirect costs to the customer entity, and prohibits
376 the subsidization of one customer entity’s costs by another
377 entity.
378 c. Has sufficient raised floor space, cooling, and
379 redundant power capacity, including uninterruptible power supply
380 and backup power generation, to accommodate the computer
381 processing platforms and support necessary to host the computing
382 requirements of additional customer entities.
383 8. Removing a nonstate data center from primary data center
384 designation if the nonstate data center fails to meet standards
385 necessary to ensure that the state’s data is maintained pursuant
386 to subparagraph 7.
387 (3) STATE AGENCY DUTIES.—
388 (a) For the purpose of completing its work activities as
389 described in subsection (1), each state agency shall provide to
390 the Department of Agency for Enterprise Information Technology
391 all requested information and any other information relevant to
392 the agency’s ability to effectively transition its computer
393 services into a primary data center. The agency shall also
394 participate as required in workgroups relating to specific
395 consolidation planning and implementation tasks as assigned by
396 the department Agency for Enterprise Information Technology and
397 determined necessary to accomplish consolidation goals.
398 (b) Each state agency shall submit to the department Agency
399 for Enterprise Information Technology information relating to
400 its data centers and computing facilities as required in
401 instructions issued by July 1 of each year by the Department of
402 Agency for Enterprise Information Technology. The information
403 required may include:
404 1. Amount of floor space used and available.
405 2. Numbers and capacities of mainframes and servers.
406 3. Storage and network capacity.
407 4. Amount of power used and the available capacity.
408 5. Estimated expenditures by service area, including
409 hardware and software, numbers of full-time equivalent
410 positions, personnel turnover, and position reclassifications.
411 6. A list of contracts in effect for the fiscal year,
412 including, but not limited to, contracts for hardware, software
413 and maintenance, including the expiration date, the contract
414 parties, and the cost of the contract.
415 7. Service-level agreements by customer entity.
416 (c) The chief information officer of each state agency
417 shall assist the Department of Agency for Enterprise Information
418 Technology at the department’s request of the Agency for
419 Enterprise Information Technology.
420 (4) AGENCY LIMITATIONS.—
421 (b) Exceptions to the limitations in subparagraphs (a)1.,
422 2., and 4. may be granted by the Department of Agency for
423 Enterprise Information Technology if there is insufficient
424 capacity in a primary data center to absorb the workload
425 associated with agency computing services.
426 1. A request for an exception must be submitted in writing
427 to the Department of Agency for Enterprise Information
428 Technology. The department agency must accept, accept with
429 conditions, or deny the request within 60 days after receipt of
430 the written request. The department’s agency’s decision is not
431 subject to chapter 120.
432 2. At a minimum, the department agency may not approve a
433 request unless it includes:
434 a. Documentation approved by the primary data center’s
435 board of trustees which confirms that the center cannot meet the
436 capacity requirements of the agency requesting the exception
437 within the current fiscal year.
438 b. A description of the capacity requirements of the agency
439 requesting the exception.
440 c. Documentation from the agency demonstrating why it is
441 critical to the agency’s mission that the expansion or transfer
442 must be completed within the fiscal year rather than when
443 capacity is established at a primary data center.
444 (d) Upon the termination of or transfer of agency computing
445 services from the primary data center, the primary data center
446 shall require information sufficient to determine compliance
447 with this section. If a primary data center determines that an
448 agency is in violation of this section, it shall report the
449 violation to the Department of Agency for Enterprise Information
450 Technology.
451 (5) RULES.—The Department of Agency for Enterprise
452 Information Technology may is authorized to adopt rules pursuant
453 to ss. 120.536(1) and 120.54 to administer the provisions of
454 this part relating to the state data center system including the
455 primary data centers.
456 Section 10. Paragraphs (c), (d), (h), and (i) of subsection
457 (1), paragraph (e) of subsection (2), paragraph (b), (e), (h),
458 and (k) of subsection (3) of section 282.203, Florida Statutes,
459 are amended to read:
460 282.203 Primary data centers.—
461 (1) DATA CENTER DUTIES.—Each primary data center shall:
462 (c) Comply with rules adopted by the Department of Agency
463 for Enterprise Information Technology, pursuant to this section,
464 and coordinate with the agency in the consolidation of data
465 centers.
466 (d) Provide transparent financial statements to customer
467 entities, the center’s board of trustees, and the Department of
468 Agency for Enterprise Information Technology. The financial
469 statements shall be provided as follows:
470 1. Annually, by July 30 for the current fiscal year and by
471 December 1 for the subsequent fiscal year, the data center must
472 provide the total annual budgeted costs by major expenditure
473 category, including, but not limited to, salaries, expense,
474 operating capital outlay, contracted services, or other
475 personnel services, which directly relate to the provision of
476 each service and which separately indicate the administrative
477 overhead allocated to each service.
478 2. Annually, by July 30 for the current fiscal year and by
479 December 1 for the subsequent fiscal year, the data center must
480 provide total projected billings for each customer entity which
481 are required to recover the costs of the data center.
482 3. Annually, by January 31, the data center must provide
483 updates of the financial statements required under subparagraphs
484 1. and 2. for the current fiscal year.
485 4. By February 15, for proposed legislative budget
486 increases, the data center must provide updates of the financial
487 statements required under subparagraphs 1. and 2. for the
488 subsequent fiscal year.
489
490 The financial information required under subparagraphs 1., 2.,
491 and 3. must be based on current law and current appropriations.
492 (h) Develop a business continuity plan and conduct a live
493 exercise of the plan at least annually. The plan must be
494 approved by the board and the Department of Agency for
495 Enterprise Information Technology.
496 (i) Enter into a service-level agreement with each customer
497 entity to provide services as defined and approved by the board
498 in compliance with rules of the Department of Agency for
499 Enterprise Information Technology. A service-level agreement may
500 not have a term exceeding 3 years but may include an option to
501 renew for up to 3 years contingent on approval by the board.
502 1. A service-level agreement, at a minimum, must:
503 a. Identify the parties and their roles, duties, and
504 responsibilities under the agreement;
505 b. Identify the legal authority under which the service
506 level agreement was negotiated and entered into by the parties;
507 c. State the duration of the contractual term and specify
508 the conditions for contract renewal;
509 d. Prohibit the transfer of computing services between
510 primary data center facilities without at least 180 days’ notice
511 of service cancellation;
512 e. Identify the scope of work;
513 f. Identify the products or services to be delivered with
514 sufficient specificity to permit an external financial or
515 performance audit;
516 g. Establish the services to be provided, the business
517 standards that must be met for each service, the cost of each
518 service, and the process by which the business standards for
519 each service are to be objectively measured and reported;
520 h. Identify applicable funds and funding streams for the
521 services or products under contract;
522 i. Provide a timely billing methodology for recovering the
523 cost of services provided to the customer entity;
524 j. Provide a procedure for modifying the service-level
525 agreement to address changes in projected costs of service;
526 k. Provide that a service-level agreement may be terminated
527 by either party for cause only after giving the other party and
528 the department Agency for Enterprise Information Technology
529 notice in writing of the cause for termination and an
530 opportunity for the other party to resolve the identified cause
531 within a reasonable period; and
532 l. Provide for mediation of disputes by the Division of
533 Administrative Hearings pursuant to s. 120.573.
534 2. A service-level agreement may include:
535 a. A dispute resolution mechanism, including alternatives
536 to administrative or judicial proceedings;
537 b. The setting of a surety or performance bond for service
538 level agreements entered into with nonstate agency primary data
539 centers, which may be designated by the department Agency for
540 Enterprise Information Technology; or
541 c. Additional terms and conditions as determined advisable
542 by the parties if such additional terms and conditions do not
543 conflict with the requirements of this section or rules adopted
544 by the department Agency for Enterprise Information Technology.
545 3. The failure to execute a service-level agreement within
546 60 days after service commencement shall, in the case of an
547 existing customer entity, result in a continuation of the terms
548 of the service-level agreement from the prior fiscal year,
549 including any amendments that were formally proposed to the
550 customer entity by the primary data center within the 3 months
551 before service commencement, and a revised cost-of-service
552 estimate. If a new customer entity fails to execute an agreement
553 within 60 days after service commencement, the data center may
554 cease services.
555 (2) BOARD OF TRUSTEES.—Each primary data center shall be
556 headed by a board of trustees as defined in s. 20.03.
557 (e) The executive director of the Department of Agency for
558 Enterprise Information Technology shall be the advisor to the
559 board.
560 (3) BOARD DUTIES.—Each board of trustees of a primary data
561 center shall:
562 (b) Establish procedures for the primary data center to
563 ensure that budgeting and accounting procedures, cost-recovery
564 methodologies, and operating procedures are in compliance with
565 laws governing the state data center system, rules adopted by
566 the Department of Agency for Enterprise Information Technology,
567 and applicable federal regulations, including 2 C.F.R. part 225
568 and 45 C.F.R.
569 (e) Ensure the sufficiency and transparency of the primary
570 data center financial information by:
571 1. Establishing policies that ensure that cost-recovery
572 methodologies, billings, receivables, expenditure, budgeting,
573 and accounting data are captured and reported timely,
574 consistently, accurately, and transparently and, upon adoption
575 of rules by the Department of Agency for Enterprise Information
576 Technology, are in compliance with such rules.
577 2. Requiring execution of service-level agreements by the
578 data center and each customer entity for services provided by
579 the data center to the customer entity.
580 3. Requiring cost recovery for the full cost of services,
581 including direct and indirect costs. The cost-recovery
582 methodology must ensure that no service is subsidizing another
583 service without an affirmative vote of approval by the customer
584 entity providing the subsidy.
585 4. Establishing special assessments to fund expansions
586 based on a methodology that apportions the assessment according
587 to the proportional benefit to each customer entity.
588 5. Providing rebates to customer entities when revenues
589 exceed costs and offsetting charges to those who have subsidized
590 other customer entity costs based on actual prior year final
591 expenditures. Rebates may be credited against future billings.
592 6. Approving all expenditures committing over $50,000 in a
593 fiscal year.
594 7. Projecting costs and revenues at the beginning of the
595 third quarter of each fiscal year through the end of the fiscal
596 year. If in any given fiscal year the primary data center is
597 projected to earn revenues that are below costs for that fiscal
598 year after first reducing operating costs where possible, the
599 board shall implement any combination of the following remedies
600 to cover the shortfall:
601 a. The board may direct the primary data center to adjust
602 current year chargeback rates through the end of the fiscal year
603 to cover the shortfall. The rate adjustments shall be
604 implemented using actual usage rate and billing data from the
605 first three quarters of the fiscal year and the same principles
606 used to set rates for the fiscal year.
607 b. The board may direct the primary data center to levy
608 one-time charges on all customer entities to cover the
609 shortfall. The one-time charges shall be implemented using
610 actual usage rate and billing data from the first three quarters
611 of the fiscal year and the same principles used to set rates for
612 the fiscal year.
613 c. The customer entities represented by each board member
614 may provide payments to cover the shortfall in proportion to the
615 amounts each entity paid in the prior fiscal year.
616 (h) By July 1 of each year, submit to the Department of
617 Agency for Enterprise Information Technology proposed cost
618 recovery mechanisms and rate structures for all customer
619 entities for the fiscal year including the cost-allocation
620 methodology for administrative expenditures and the calculation
621 of administrative expenditures as a percent of total costs.
622 (k) Coordinate with other primary data centers and the
623 Department of Agency for Enterprise Information Technology in
624 order to consolidate purchases of goods and services and lower
625 the cost of providing services to customer entities.
626 Section 11. Subsection (2) of section 282.204, Florida
627 Statutes, is amended to read:
628 282.204 Northwood Shared Resource Center.—The Northwood
629 Shared Resource Center is an agency established within the
630 Department of Children and Family Services for administrative
631 purposes only.
632 (2) The center shall be headed by a board of trustees as
633 provided in s. 282.203, who shall comply with all requirements
634 of that section related to the operation of the center and with
635 the rules of the Department of Agency for Enterprise Information
636 Technology related to the design and delivery of enterprise
637 information technology services.
638 Section 12. Subsection (2) of section 282.205, Florida
639 Statutes, is amended to read:
640 282.205 Southwood Shared Resource Center.—The Southwood
641 Shared Resource Center is an agency established within the
642 department for administrative purposes only.
643 (2) The center shall be headed by a board of trustees as
644 provided in s. 282.203, who shall comply with all requirements
645 of that section related to the operation of the center and with
646 the rules of the Department of Agency for Enterprise Information
647 Technology related to the design and delivery of enterprise
648 information technology services.
649 Section 13. Paragraphs (b) and (e) of subsection (2) of
650 section 282.3055, Florida Statutes, are amended to read:
651 282.3055 Agency chief information officer; appointment;
652 duties.—
653 (2) The duties of the agency chief information officer
654 include, but are not limited to:
655 (b) Implementing agency information technology planning and
656 management procedures, guidelines, and standards that are
657 consistent with the procedures and standards adopted by the
658 Department of Agency for Enterprise Information Technology.
659 (e) Assisting the Department of Agency for Enterprise
660 Information Technology in the development of strategies for
661 implementing the enterprise information technology services
662 established in law and developing recommendations for enterprise
663 information technology policy.
664 Section 14. Subsections (1) and (3) of section 282.315,
665 Florida Statutes, are amended to read:
666 282.315 Agency Chief Information Officers Council;
667 creation.—The Legislature finds that enhancing communication,
668 consensus building, coordination, and facilitation with respect
669 to issues concerning enterprise information technology resources
670 are essential to improving the management of such resources.
671 (1) There is created an Agency Chief Information Officers
672 Council to:
673 (a) Enhance communication and collaboration among the
674 Agency Chief Information Officers and the Department of Agency
675 for Enterprise Information Technology.
676 (b) Identify and recommend best practices that are
677 characteristic of highly successful technology organizations, as
678 well as exemplary information technology applications for use by
679 state agencies, and assist the Department of Agency for
680 Enterprise Information Technology in developing strategies for
681 implementing the enterprise information technology services
682 established in law and developing recommendations for enterprise
683 information technology policy.
684 (c) Identify efficiency opportunities among state agencies
685 and make recommendations for action to the Department of Agency
686 for Enterprise Information Technology. This includes
687 recommendations relating to the consolidation of agency data
688 center and computing facilities, including operational policies,
689 procedures and standards for the consolidated facilities, and
690 procedures and standards for planning the migration to
691 consolidated facilities.
692 (d) Assist the Department of Agency for Enterprise
693 Information Technology in identifying critical enterprise
694 information technology issues and, when appropriate, make
695 recommendations for solving enterprise resource planning and
696 management deficiencies.
697 (e) Annually, by October 1, identify information technology
698 products, as defined in s. 282.0041, which, if purchased in a
699 consolidated manner, would result in savings to the state, and
700 develop recommendations regarding a process for consolidating
701 such purchases. The council shall transmit its recommendations
702 to the Department of Agency for Enterprise Information
703 Technology.
704 (3) The Department of Agency for Enterprise Information
705 Technology shall provide administrative support to the council.
706 Section 15. Subsection (3), paragraph (c), (d), and (f) of
707 subsection (4), subsection (6), and subsection (7) of section
708 282.318, Florida Statutes, are amended to read:
709 282.318 Enterprise security of data and information
710 technology.—
711 (3) The Office of Information Security within the
712 Department of Agency for Enterprise Information Technology is
713 responsible for establishing rules and publishing guidelines for
714 ensuring an appropriate level of security for all data and
715 information technology resources for executive branch agencies.
716 The office shall also perform the following duties and
717 responsibilities:
718 (a) Develop, and annually update by February 1, an
719 enterprise information security strategic plan that includes
720 security goals and objectives for the strategic issues of
721 information security policy, risk management, training, incident
722 management, and survivability planning.
723 (b) Develop enterprise security rules and published
724 guidelines for:
725 1. Comprehensive risk analyses and information security
726 audits conducted by state agencies.
727 2. Responding to suspected or confirmed information
728 security incidents, including suspected or confirmed breaches of
729 personal information or exempt data.
730 3. Agency security plans, including strategic security
731 plans and security program plans.
732 4. The recovery of information technology and data
733 following a disaster.
734 5. The managerial, operational, and technical safeguards
735 for protecting state government data and information technology
736 resources.
737 (c) Assist agencies in complying with the provisions of
738 this section.
739 (d) Pursue appropriate funding for the purpose of enhancing
740 domestic security.
741 (e) Provide training for agency information security
742 managers.
743 (f) Annually review the strategic and operational
744 information security plans of executive branch agencies.
745 (4) To assist the Office of Information Security in
746 carrying out its responsibilities, each agency head shall, at a
747 minimum:
748 (c) Conduct, and update every 3 years, a comprehensive risk
749 analysis to determine the security threats to the data,
750 information, and information technology resources of the agency.
751 The risk analysis information is confidential and exempt from
752 the provisions of s. 119.07(1), except that such information
753 shall be available to the Auditor General and the Department of
754 Agency for Enterprise Information Technology for performing
755 postauditing duties.
756 (d) Develop, and periodically update, written internal
757 policies and procedures, which include procedures for notifying
758 the office when a suspected or confirmed breach, or an
759 information security incident, occurs. Such policies and
760 procedures must be consistent with the rules and guidelines
761 established by the office to ensure the security of the data,
762 information, and information technology resources of the agency.
763 The internal policies and procedures that, if disclosed, could
764 facilitate the unauthorized modification, disclosure, or
765 destruction of data or information technology resources are
766 confidential information and exempt from s. 119.07(1), except
767 that such information shall be available to the Auditor General
768 and the Department of Agency for Enterprise Information
769 Technology for performing postauditing duties.
770 (f) Ensure that periodic internal audits and evaluations of
771 the agency’s security program for the data, information, and
772 information technology resources of the agency are conducted.
773 The results of such audits and evaluations are confidential
774 information and exempt from s. 119.07(1), except that such
775 information shall be available to the Auditor General and the
776 Department of Agency for Enterprise Information Technology for
777 performing postauditing duties.
778 (6) The Department of Agency for Enterprise Information
779 Technology may adopt rules relating to information security and
780 to administer the provisions of this section.
781 (7) By December 31, 2010, the Agency for Enterprise
782 Information Technology shall develop, and submit to the
783 Governor, the President of the Senate, and the Speaker of the
784 House of Representatives a proposed implementation plan for
785 information technology security. The agency shall describe the
786 scope of operation, conduct costs and requirements analyses,
787 conduct an inventory of all existing security information
788 technology resources, and develop strategies, timeframes, and
789 resources necessary for statewide migration.
790 Section 16. Subsections (1) through (3) of section 282.33,
791 Florida Statutes, are amended to read:
792 282.33 Objective standards for data center energy
793 efficiency.—
794 (1) By July 1, 2009, The Department of Agency for
795 Enterprise Information Technology shall define objective
796 standards for:
797 (a) Measuring data center energy consumption and
798 efficiency, including, but not limited to, airflow and cooling,
799 power consumption and distribution, and environmental control
800 systems in a data center facility.
801 (b) Calculating total cost of ownership of energy-efficient
802 information technology products, including initial purchase,
803 installation, ongoing operation and maintenance, and disposal
804 costs over the life cycle of the product.
805 (2) State shared resource data centers and other data
806 centers that the Department of Agency for Enterprise Information
807 Technology has determined will be recipients for consolidating
808 data centers, which are designated by the department Agency for
809 Enterprise Information Technology, shall evaluate their data
810 center facilities for energy efficiency using the standards
811 established in this section.
812 (a) Results of these evaluations shall be reported to the
813 department Agency for Enterprise Information Technology, the
814 President of the Senate, and the Speaker of the House of
815 Representatives. Reports shall enable the tracking of energy
816 performance over time and comparisons between facilities.
817 (b) By December 31, 2010, and biennially thereafter, the
818 department Agency for Enterprise Information Technology shall
819 submit to the Legislature recommendations for reducing energy
820 consumption and improving the energy efficiency of state primary
821 data centers.
822 (3) The primary means of achieving maximum energy savings
823 across all state data centers and computing facilities shall be
824 the consolidation of data centers and computing facilities as
825 determined by the Department of Agency for Enterprise
826 Information Technology. State data centers and computing
827 facilities in the state data center system shall be established
828 as an enterprise information technology service as defined in s.
829 282.0041. The department Agency for Enterprise Information
830 Technology shall make recommendations on consolidating state
831 data centers and computing facilities, pursuant to s. 282.0056,
832 by December 31, 2009.
833 Section 17. Subsection (2) through (5), (7), and (9)
834 through (11) of section 282.34, Florida Statutes, are amended to
835 read:
836 282.34 Statewide e-mail service.—A state e-mail system that
837 includes the delivery and support of e-mail, messaging, and
838 calendaring capabilities is established as an enterprise
839 information technology service as defined in s. 282.0041. The
840 service shall be designed to meet the needs of all executive
841 branch agencies. The primary goals of the service are to
842 minimize the state investment required to establish, operate,
843 and support the statewide service; reduce the cost of current e
844 mail operations and the number of duplicative e-mail systems;
845 and eliminate the need for each state agency to maintain its own
846 e-mail staff.
847 (2) The Department of Agency for Enterprise Information
848 Technology, in consultation with the Southwood Shared Resource
849 Center, shall establish and coordinate a multiagency project
850 team to develop a competitive solicitation for establishing the
851 statewide e-mail service.
852 (a) The Southwood Shared Resource Center shall issue the
853 competitive solicitation by August 31, 2010, with vendor
854 responses required by October 15, 2010. Issuance of the
855 competitive solicitation does not obligate the agency and the
856 center to conduct further negotiations or to execute a contract.
857 The decision to conduct or conclude negotiations, or execute a
858 contract, must be made solely at the discretion of the agency.
859 (b) The competitive solicitation must include detailed
860 specifications describing:
861 1. The current e-mail approach for state agencies and the
862 specific business objectives met by the present system.
863 2. The minimum functional requirements necessary for
864 successful statewide implementation and the responsibilities of
865 the prospective service provider and the agency.
866 3. The form and required content for submitted proposals,
867 including, but not limited to, a description of the proposed
868 system and its internal and external sourcing options, a 5-year
869 life-cycle-based pricing based on cost per mailbox per month,
870 and a decommissioning approach for current e-mail systems; an
871 implementation schedule and implementation services; a
872 description of e-mail account management, help desk, technical
873 support, and user provisioning services; disaster recovery and
874 backup and restore capabilities; antispam and antivirus
875 capabilities; remote access and mobile messaging capabilities;
876 and staffing requirements.
877 (c) Other optional requirements specifications may be
878 included in the competitive solicitation if not in conflict with
879 the primary goals of the statewide e-mail service.
880 (d) The competitive solicitation must permit alternative
881 financial and operational models to be proposed, including, but
882 not limited to:
883 1. Leasing or usage-based subscription fees;
884 2. Installing and operating the e-mail service within the
885 Southwood Shared Resource Center or in a data center operated by
886 an external service provider; or
887 3. Provisioning the e-mail service as an Internet-based
888 offering provided to state agencies. Specifications for proposed
889 models must be optimized to meet the primary goals of the e-mail
890 service.
891 (3) By December 31, 2010, or within 1 month after
892 negotiations are complete, whichever is later, the multiagency
893 project team and the Department of Agency for Enterprise
894 Information Technology shall prepare a business case analysis
895 containing its recommendations for procuring the statewide e
896 mail service for submission to the Governor and Cabinet, the
897 President of the Senate, and the Speaker of the House of
898 Representatives. The business case is not subject to challenge
899 or protest pursuant to chapter 120. The business case must
900 include, at a minimum:
901 (a) An assessment of the major risks that must be managed
902 for each proposal compared to the risks for the current state
903 agency e-mail system and the major benefits that are associated
904 with each.
905 (b) A cost-benefit analysis that estimates all major cost
906 elements associated with each sourcing option, focusing on the
907 nonrecurring and recurring life-cycle costs of each option. The
908 analysis must include a comparison of the estimated total 5-year
909 life-cycle cost of the current agency e-mail systems versus each
910 enterprise e-mail sourcing option in order to determine the
911 feasibility of funding the migration and operation of the
912 statewide e-mail service and the overall level of savings that
913 can be expected. The 5-year life-cycle costs for each state
914 agency must include, but are not limited to:
915 1. The total recurring operating costs of the current
916 agency e-mail systems, including monthly mailbox costs,
917 staffing, licensing and maintenance costs, hardware, and other
918 related e-mail product and service costs.
919 2. An estimate of nonrecurring hardware and software
920 refresh, upgrade, or replacement costs based on the expected 5
921 year obsolescence of current e-mail software products and
922 equipment through the 2014 fiscal year, and the basis for the
923 estimate.
924 3. An estimate of recurring costs associated with the
925 energy consumption of current agency e-mail equipment, and the
926 basis for the estimate.
927 4. Any other critical costs associated with the current
928 agency e-mail systems which can reasonably be estimated and
929 included in the business case analysis.
930 (c) A comparison of the migrating schedules of each
931 sourcing option to the statewide e-mail service, including the
932 approach and schedule for the decommissioning of all current
933 state agency e-mail systems beginning with phase 1 and phase 2
934 as provided in subsection (4).
935 (4) All agencies must be completely migrated to the
936 statewide e-mail service as soon as financially and
937 operationally feasible, but no later than June 30, 2015.
938 (a) The following statewide e-mail service implementation
939 schedule is established for state agencies:
940 1. Phase 1.—The following agencies must be completely
941 migrated to the statewide e-mail system by June 30, 2012: the
942 Department of Agency for Enterprise Information Technology; the
943 Department of Community Affairs, including the Division of
944 Emergency Management; the Department of Corrections; the
945 Department of Health; the Department of Highway Safety and Motor
946 Vehicles; the Department of Management Services, including the
947 Division of Administrative Hearings, the Division of Retirement,
948 the Commission on Human Relations, and the Public Employees
949 Relations Commission; the Southwood Shared Resource Center; and
950 the Department of Revenue.
951 2. Phase 2.—The following agencies must be completely
952 migrated to the statewide e-mail system by June 30, 2013: the
953 Department of Business and Professional Regulation; the
954 Department of Education, including the Board of Governors; the
955 Department of Environmental Protection; the Department of
956 Juvenile Justice; the Department of the Lottery; the Department
957 of State; the Department of Law Enforcement; the Department of
958 Veterans’ Affairs; the Judicial Administration Commission; the
959 Public Service Commission; and the Statewide Guardian Ad Litem
960 Office.
961 3. Phase 3.—The following agencies must be completely
962 migrated to the statewide e-mail system by June 30, 2014: the
963 Agency for Health Care Administration; the Agency for Workforce
964 Innovation; the Department of Financial Services, including the
965 Office of Financial Regulation and the Office of Insurance
966 Regulation; the Department of Agriculture and Consumer Services;
967 the Executive Office of the Governor; the Department of
968 Transportation; the Fish and Wildlife Conservation Commission;
969 the Agency for Persons With Disabilities; the Northwood Shared
970 Resource Center; and the State Board of Administration.
971 4. Phase 4.—The following agencies must be completely
972 migrated to the statewide e-mail system by June 30, 2015: the
973 Department of Children and Family Services; the Department of
974 Citrus; the Department of Elderly Affairs; and the Department of
975 Legal Affairs.
976 (b) Agency requests to modify their scheduled implementing
977 date must be submitted in writing to the Department of Agency
978 for Enterprise Information Technology. Any exceptions or
979 modifications to the schedule must be approved by the Department
980 of Agency for Enterprise Information Technology based only on
981 the following criteria:
982 1. Avoiding nonessential investment in agency e-mail
983 hardware or software refresh, upgrade, or replacement.
984 2. Avoiding nonessential investment in new software or
985 hardware licensing agreements, maintenance or support
986 agreements, or e-mail staffing for current e-mail systems.
987 3. Resolving known agency e-mail problems through migration
988 to the statewide e-mail service.
989 4. Accommodating unique agency circumstances that require
990 an acceleration or delay of the implementation date.
991 (5) In order to develop the implementation plan for the
992 statewide e-mail service, the Department of Agency for
993 Enterprise Information Technology shall establish and coordinate
994 a statewide e-mail project team. The agency shall also consult
995 with and, as necessary, form workgroups consisting of agency e
996 mail management staff, agency chief information officers, agency
997 budget directors, and other administrative staff. The statewide
998 e-mail implementation plan must be submitted to the Governor,
999 the President of the Senate, and the Speaker of the House of
1000 Representatives by July 1, 2011.
1001 (7) Exceptions to paragraphs (6)(a), (b), and (c) may be
1002 granted by the Department of Agency for Enterprise Information
1003 Technology only if the Southwood Shared Resource Center is
1004 unable to meet agency business requirements for the e-mail
1005 service, and if such requirements are essential to maintain
1006 agency operations. Requests for exceptions must be submitted in
1007 writing to the Agency for Enterprise Information Technology and
1008 include documented confirmation by the Southwood Shared Resource
1009 Center board of trustees that it cannot meet the requesting
1010 agency’s e-mail service requirements.
1011 (9) The Department of Agency for Enterprise Information
1012 Technology shall adopt rules to standardize the format for state
1013 agency e-mail addresses.
1014 (10) State agencies must fully cooperate with the
1015 Department of Agency for Enterprise Information Technology in
1016 the performance of its responsibilities established in this
1017 section.
1018 (11) The Department of Agency for Enterprise Information
1019 Technology shall recommend changes to an agency’s scheduled date
1020 for migration to the statewide e-mail service pursuant to this
1021 section, annually by December 31, until migration to the
1022 statewide service is complete.
1023 Section 18. Subsection (22) of section 287.057, Florida
1024 Statutes, is amended to read:
1025 287.057 Procurement of commodities or contractual
1026 services.—
1027 (22) The department, in consultation with the Department of
1028 Agency for Enterprise Information Technology and the
1029 Comptroller, shall develop a program for online procurement of
1030 commodities and contractual services. To enable the state to
1031 promote open competition and to leverage its buying power,
1032 agencies shall participate in the online procurement program,
1033 and eligible users may participate in the program. Only vendors
1034 prequalified as meeting mandatory requirements and
1035 qualifications criteria may participate in online procurement.
1036 (a) The department, in consultation with the Department of
1037 Information Technology agency, may contract for equipment and
1038 services necessary to develop and implement online procurement.
1039 (b) The department, in consultation with the Department of
1040 Information Technology agency, shall adopt rules, pursuant to
1041 ss. 120.536(1) and 120.54, to administer the program for online
1042 procurement. The rules shall include, but not be limited to:
1043 1. Determining the requirements and qualification criteria
1044 for prequalifying vendors.
1045 2. Establishing the procedures for conducting online
1046 procurement.
1047 3. Establishing the criteria for eligible commodities and
1048 contractual services.
1049 4. Establishing the procedures for providing access to
1050 online procurement.
1051 5. Determining the criteria warranting any exceptions to
1052 participation in the online procurement program.
1053 (c) The department may impose and shall collect all fees
1054 for the use of the online procurement systems.
1055 1. The fees may be imposed on an individual transaction
1056 basis or as a fixed percentage of the cost savings generated. At
1057 a minimum, the fees must be set in an amount sufficient to cover
1058 the projected costs of the services, including administrative
1059 and project service costs in accordance with the policies of the
1060 department.
1061 2. If the department contracts with a provider for online
1062 procurement, the department, pursuant to appropriation, shall
1063 compensate the provider from the fees after the department has
1064 satisfied all ongoing costs. The provider shall report
1065 transaction data to the department each month so that the
1066 department may determine the amount due and payable to the
1067 department from each vendor.
1068 3. All fees that are due and payable to the state on a
1069 transactional basis or as a fixed percentage of the cost savings
1070 generated are subject to s. 215.31 and must be remitted within
1071 40 days after receipt of payment for which the fees are due. For
1072 fees that are not remitted within 40 days, the vendor shall pay
1073 interest at the rate established under s. 55.03(1) on the unpaid
1074 balance from the expiration of the 40-day period until the fees
1075 are remitted.
1076 4. All fees and surcharges collected under this paragraph
1077 shall be deposited in the Operating Trust Fund as provided by
1078 law.
1079 Section 19. Subsection (4) of section 445.011, Florida
1080 Statutes, is amended to read:
1081 445.011 Workforce information systems.—
1082 (4) Workforce Florida, Inc., shall coordinate development
1083 and implementation of workforce information systems with the
1084 executive director of the Department of Agency for Enterprise
1085 Information Technology to ensure compatibility with the state’s
1086 information system strategy and enterprise architecture.
1087 Section 20. Subsections (2) and (4) of section 445.045,
1088 Florida Statutes, are amended to read:
1089 445.045 Development of an Internet-based system for
1090 information technology industry promotion and workforce
1091 recruitment.—
1092 (2) Workforce Florida, Inc., shall coordinate with the
1093 Department of Agency for Enterprise Information Technology and
1094 the Agency for Workforce Innovation to ensure links, where
1095 feasible and appropriate, to existing job information websites
1096 maintained by the state and state agencies and to ensure that
1097 information technology positions offered by the state and state
1098 agencies are posted on the information technology website.
1099 (4)(a) Workforce Florida, Inc., shall coordinate
1100 development and maintenance of the website under this section
1101 with the executive director of the Department of Agency for
1102 Enterprise Information Technology to ensure compatibility with
1103 the state’s information system strategy and enterprise
1104 architecture.
1105 (a)(b) Workforce Florida, Inc., may enter into an agreement
1106 with the Department of Agency for Enterprise Information
1107 Technology, the Agency for Workforce Innovation, or any other
1108 public agency with the requisite information technology
1109 expertise for the provision of design, operating, or other
1110 technological services necessary to develop and maintain the
1111 website.
1112 (b)(c) Workforce Florida, Inc., may procure services
1113 necessary to implement the provisions of this section, if it
1114 employs competitive processes, including requests for proposals,
1115 competitive negotiation, and other competitive processes to
1116 ensure that the procurement results in the most cost-effective
1117 investment of state funds.
1118 Section 21. Paragraph (b) of subsection (18) of section
1119 668.50, Florida Statutes, is amended to read:
1120 668.50 Uniform Electronic Transaction Act.—
1121 (18) ACCEPTANCE AND DISTRIBUTION OF ELECTRONIC RECORDS BY
1122 GOVERNMENTAL AGENCIES.—
1123 (b) To the extent that a governmental agency uses
1124 electronic records and electronic signatures under paragraph
1125 (a), the Department of Agency for Enterprise Information
1126 Technology, in consultation with the governmental agency, giving
1127 due consideration to security, may specify:
1128 1. The manner and format in which the electronic records
1129 must be created, generated, sent, communicated, received, and
1130 stored and the systems established for those purposes.
1131 2. If electronic records must be signed by electronic
1132 means, the type of electronic signature required, the manner and
1133 format in which the electronic signature must be affixed to the
1134 electronic record, and the identity of, or criteria that must be
1135 met by, any third party used by a person filing a document to
1136 facilitate the process.
1137 3. Control processes and procedures as appropriate to
1138 ensure adequate preservation, disposition, integrity, security,
1139 confidentiality, and auditability of electronic records.
1140 4. Any other required attributes for electronic records
1141 which are specified for corresponding nonelectronic records or
1142 reasonably necessary under the circumstances.
1143 Section 22. During the 2011-2012 fiscal year, the
1144 Department of Information Technology shall coordinate with all
1145 state agencies to identify each state agency’s total number of
1146 positions and resources related to information technology.
1147 Agencies must submit the information to the department by August
1148 1, 2011. By September 1, 2011, the department shall submit a
1149 plan to the Executive Office of the Governor, the President of
1150 the Senate, and the Speaker of the House of Representatives for
1151 transferring to the department all information technology
1152 operations. Such information shall be included in each agency’s
1153 legislative budget request for the 2012-2013 fiscal year as a
1154 transfer to the Department of Information Technology. This
1155 section expires July 1, 2012.
1156 Section 23. The Department of Information Technology is
1157 established effective July 1, 2012. On that date, the Agency for
1158 Enterprise Information Technology is transferred from the
1159 Executive Office of the Governor to the Department of
1160 Information Technology by a type two transfer, as defined in s.
1161 20.06(1), Florida Statutes.
1162 Section 24. This act shall take effect July 1, 2011.
1163
1164 ================= T I T L E A M E N D M E N T ================
1165 And the title is amended as follows:
1166 Delete everything before the enacting clause
1167 and insert:
1168 A bill to be entitled
1169 An act relating to the Agency for Enterprise
1170 Information Technology; transferring, renumbering, and
1171 amending s. 14.204, F.S.; renaming the agency the
1172 Department of Information Technology; establishing
1173 divisions within the department; amending ss. 17.0315,
1174 110.205, 215.322, and 216.235, F.S.; conforming
1175 provisions to changes made by the act; repealing s.
1176 282.0041, F.S., to delete reference to the agency;
1177 amending s. 282.0055, F.S.; conforming provisions to
1178 changes made by the act; amending s. 282.0056, F.S.;
1179 specifying proposals that must be included in the
1180 department’s annual work plan; amending ss. 282.201,
1181 282.203, 282.204, 282.205, 282.3055, 282.315, 282.318,
1182 282.33, 282.34, 287.057, 445.011, 445.045, and 668.50,
1183 F.S.; conforming provisions to changes made by the
1184 act; requiring the department and state agencies to
1185 identify all positions and resources related to
1186 information technology by a certain date; requiring
1187 the department to submit a plan to the Governor and
1188 Legislature transferring all information technology
1189 operations to the department; transferring the agency
1190 from the Executive Office of the Governor to the
1191 department by a type two transfer; providing an
1192 effective date.