Florida Senate - 2012                          SENATOR AMENDMENT
       Bill No. CS for HB 5509
       
       
       
       
       
       
                                Barcode 830690                          
       
                              LEGISLATIVE ACTION                        
                    Senate             .             House              
                                       .                                
                                       .                                
                                       .                                
                 Floor: WD/2R          .                                
             02/23/2012 06:30 PM       .                                
       —————————————————————————————————————————————————————————————————




       —————————————————————————————————————————————————————————————————
       Senator Ring moved the following:
       
    1         Senate Amendment (with title amendment)
    2  
    3         Delete everything after the enacting clause
    4  and insert:
    5         Section 1. (1) The Agency for Enterprise Information
    6  Technology is abolished.
    7         (2) All of the powers, duties, functions, records,
    8  personnel, and property; funds, trust funds, and unexpended
    9  balances of appropriations, allocations, and other funds;
   10  administrative authority; administrative rules; pending issues;
   11  and existing contracts of the Agency for Enterprise Information
   12  Technology are transferred by a type two transfer, pursuant to
   13  s. 20.06(2), Florida Statutes, to the Agency for State
   14  Technology.
   15         Section 2. (1) The portions of the Technology Program
   16  established under section 20.22(2), Florida Statutes and
   17  identified in the approved plan defined in s. 282.0055(2),
   18  Florida Statutes shall transfer by a type one transfer, as
   19  defined in s. 20.06(1), Florida Statutes, from the Department of
   20  Management Services to the Agency for State Technology no later
   21  than June 30, 2014.
   22         (2) The Northwood Shared Resource Center is transferred by
   23  a type one transfer, as defined in s. 20.06(1), Florida
   24  Statutes, from the Department of Management Services to the
   25  Agency for State Technology
   26         (a) Any binding contract or interagency agreement entered
   27  into between the Northwood Shared Resource Center or an entity
   28  or agent of the center and any other agency, entity, or person
   29  continues as a binding contract or agreement for the remainder
   30  of the term of such contract or agreement on the Agency for
   31  State Technology.
   32         (b) The rules of the Northwood Shared Resource Center which
   33  were in effect at 11:59 p.m. on June 30, 2012, become rules of
   34  the Agency for State Technology and remain in effect until
   35  amended or repealed in the manner provided by law.
   36         (3) The Southwood Shared Resource Center is transferred by
   37  a type one transfer, as defined in s. 20.06(1), Florida
   38  Statutes, from the Department of Management Services to the
   39  Agency for State Technology.
   40         (a) Any binding contract or interagency agreement entered
   41  into between the Southwood Shared Resource Center or an entity
   42  or agent of the center and any other agency, entity, or person
   43  continues as a binding contract or agreement for the remainder
   44  of the term of such contract or agreement on the Agency for
   45  State Technology.
   46         (b) The rules of the Southwood Shared Resource Center which
   47  were in effect at 11:59 p.m. on June 30, 2012, become rules of
   48  the Agency for State Technology and remain in effect until
   49  amended or repealed in the manner provided by law.
   50         Section 3. Section 14.204, Florida Statutes, is repealed.
   51         Section 4. Section 14.206, Florida Statutes, is created to
   52  read:
   53         14.206 Agency for State Technology.—The Agency for State
   54  Technology is created .
   55         (1) The head of the agency shall be the Governor and
   56  Cabinet.
   57         (2) The agency shall have an executive director who is the
   58  state’s Chief Information Officer and who must:
   59         (a) Have at least a bachelor’s degree in computer science,
   60  information systems, business or public administration, or a
   61  related field, or equivalent work experience;
   62         (b) Have 10 or more years of experience working in the
   63  field of information technology;
   64         (c) Have 5 or more years of experience in related industry
   65  managing multiple, large, cross-functional teams or projects,
   66  and influencing senior-level management and key stakeholders;
   67         (d) Have at least 5 years of executive-level leadership
   68  responsibilities;
   69         (e) Have performed an integral role in enterprise-wide
   70  information technology consolidations;
   71         (f) Be appointed by the Governor, subject to confirmation
   72  by the Cabinet and the Senate, and shall serve at the pleasure
   73  of the Governor and Cabinet.
   74         (3) The executive director:
   75         (a) Shall be responsible for developing and administering a
   76  comprehensive long-range plan for the state’s information
   77  technology resources, ensuring the proper management of such
   78  resources, and delivering services.
   79         (b) Shall appoint a Chief Technology Officer to lead the
   80  divisions of the agency dedicated to the operation and delivery
   81  of enterprise information technology services.
   82         (c) Shall appoint a Chief Operations Officer to lead the
   83  divisions of the agency dedicated to enterprise information
   84  technology policy, planning, standards and procurement.
   85         (d) Shall designate a state Chief Information Security
   86  Officer.
   87         (e) May appoint all employees necessary to carry out the
   88  duties and responsibilities of the agency.
   89         (4) The Agency for State Technology is prohibited from
   90  using, and executives of the agency are prohibited from
   91  directing spending from, operational information technology
   92  trust funds, as defined in 282.0041, F.S., for any purpose for
   93  which the Strategic Information Technology Trust Fund was
   94  established.
   95         (5) The following officers, and divisions, of the agency
   96  are established:
   97         (a) Under the Chief Technology Officer:
   98         1. Upon transfer any portion of the Technology Program from
   99  the Department of Management Services to the agency, there shall
  100  be a The Division of Telecommunications once the migration of
  101  DivTel from DMS is accomplished.
  102         2. The Division of Data Center Operations which includes,
  103  but is not limited to, any shared resource center established or
  104  operated by the agency.
  105         (b) Under the Chief Operations Officer:
  106         1. Strategic Planning.
  107         2. Enterprise Information Technology Standards.
  108         a. Enterprise Information Technology Procurement.
  109         b. Information Technology Security and Compliance.
  110         3. Enterprise Services Planning and Consolidation.
  111         4. Enterprise Project Management.
  112         (c) Under the Director of Administration:
  113         1. Accounting and Budgeting.
  114         2. Personnel.
  115         3. Procurement and Contracts.
  116         (d) Under the Office of the Executive Director:
  117         1. Inspector General.
  118         2. Legal.
  119         3. Governmental Affairs.
  120         (6) The agency shall operate in a manner that ensures the
  121  participation and representation of state agencies.
  122         (7) The agency shall have the following duties and
  123  responsibilities. The agency shall:
  124         (a) Develop and publish a long-term State Information
  125  Technology Resources Strategic Plan.
  126         (b) Initiate, plan, design, implement, and manage
  127  enterprise information technology services.
  128         (c) Beginning October 1, 2012, and every 3 months
  129  thereafter, provide a status report on its initiatives. The
  130  report shall be presented at a meeting of the Governor and
  131  Cabinet.
  132         (d) Beginning September 1, 2013, and every 3 months
  133  thereafter until enterprise information technology service
  134  consolidations are complete, provide a status report on the
  135  implementation of the consolidations that must be completed
  136  during the fiscal year. The report shall be submitted to the
  137  Executive Office of the Governor, the Cabinet, the President of
  138  the Senate, and the Speaker of the House of Representatives. At
  139  a minimum, the report must describe:
  140         1. Whether the consolidation is on schedule, including
  141  progress on achieving the milestones necessary for successful
  142  and timely consolidation of scheduled agency data centers and
  143  computing facilities; and
  144         2. The risks that may affect the progress or outcome of the
  145  consolidation and how such risks are being mitigated or managed.
  146         (e) Set technical standards for information technology,
  147  including, but not limited to, desktop computers, printers, and
  148  mobile devices; review major information technology projects and
  149  procurements; establish information technology security
  150  standards; provide for the procurement of information technology
  151  resources, excluding human resources; and deliver enterprise
  152  information technology services as defined in s. 282.0041.
  153         (f) Designate primary data centers and shared resource
  154  centers.
  155         (g) Operate shared resource centers in a manner that
  156  promotes energy efficiency.
  157         (h) Establish and deliver enterprise information technology
  158  services to serve state agencies on a cost-sharing basis,
  159  charging each state agency its proportionate share of the cost
  160  of maintaining and delivering a service based on a state
  161  agency’s use of the service.
  162         (i) Use the following principles to develop a means of
  163  chargeback for primary data center services:
  164         1. The customers of the primary data center shall provide
  165  payments to the primary data center which are sufficient to
  166  maintain the solvency of the primary data center operation for
  167  all costs not directly funded through the General Appropriations
  168  Act.
  169         2. Per unit cost of usage shall be the primary basis for
  170  pricing, and usage must be accurately measurable and
  171  attributable to the appropriate customer.
  172         3. The primary data center shall combine the aggregate
  173  purchasing power of large and small customers to achieve
  174  collective savings opportunities to all customers.
  175         4. Chargeback methodologies shall be devised to consider
  176  restrictions on grants to customers.
  177         5. Chargeback methodologies should establish incentives
  178  that lead to customer usage practices that result in lower costs
  179  to the state.
  180         6. Chargeback methodologies must consider technological
  181  change when:
  182         a. New services require short-term investments before
  183  achieving long-term, full cost recovery for the service.
  184         b. Customers of antiquated services may not be able to bear
  185  all of the costs for the antiquated services during periods when
  186  customers are migrating to replacement services.
  187         7. Prices may be established which allow for accrual of
  188  cash balances for the purpose of maintaining contingent
  189  operating funds and funding planned capital investments. Accrual
  190  of the cash balances shall be considered costs for the purposes
  191  of this section.
  192         8. Flat rate charges may be used only if there are
  193  provisions for reconciling charges to comport with actual costs
  194  and use.
  195         (i) Exercise technical and fiscal prudence in determining
  196  the best way to deliver enterprise information technology
  197  services.
  198         (j) Collect and maintain an inventory of the information
  199  technology resources in the state agencies.
  200         (k) Assume ownership or custody and control of information
  201  processing equipment, supplies, and positions required in order
  202  to thoroughly carry out the agency’s duties and
  203  responsibilities.
  204         (l) Adopt rules and policies for the efficient, secure, and
  205  economical management and operation of the shared resource
  206  centers and state telecommunications services.
  207         (m) Provide other public sector organizations as defined in
  208  s. 282.0041 with access to the services provided by the agency.
  209  Access shall be provided on the same cost basis that applies to
  210  state agencies.
  211         (n) Ensure that data that is confidential under state or
  212  federal law may not be entered into or processed through any
  213  shared resource center or network established under the agency
  214  until safeguards for the data’s security satisfactory to the
  215  agency head and the executive director of the agency have been
  216  designed, installed, and tested and are fully operational. This
  217  paragraph does not prescribe what actions necessary to satisfy a
  218  state agency’s objectives are to be undertaken or to remove from
  219  the control and administration of the state agency the
  220  responsibility for working with the agency to implement
  221  safeguards, regardless of whether such control and
  222  administration are specifically required by general law or
  223  administered under the general program authority and
  224  responsibility of the state agency. If the agency head and
  225  executive director of the agency cannot reach agreement on
  226  satisfactory safeguards, the issue shall be decided by the
  227  Governor and Cabinet.
  228         (o) Conduct periodic assessments of state agencies for
  229  compliance with statewide information technology policies and
  230  recommend to the Governor and Cabinet statewide policies for
  231  information technology.
  232         (8) The agency may not use or direct the spending of
  233  operational information technology trust funds to study and
  234  develop enterprise information technology strategies, plans,
  235  rules, reports, policies, proposals, budgets, or enterprise
  236  information technology initiatives that are not directly related
  237  to developing information technology services for which usage
  238  fees reimburse the costs of the initiative. As used in this
  239  subsection, the term “operational information technology trust
  240  funds” means funds into which deposits are made on a fee-for
  241  service basis or a trust fund dedicated to a specific
  242  information technology project or system.
  243         (9) The portions of the agency’s activities described in
  244  subsection (8) for which usage fees do not reimburse costs of
  245  the activity shall be funded at a rate of 0.55% of the total
  246  identified information technology spend through
  247  MyFloridaMarketPlace.
  248         (10) The agency may adopt rules to carry out its duties and
  249  responsibilities.
  250         Section 5. Section 282.0041, Florida Statutes, is reordered
  251  and amended to read:
  252         282.0041 Definitions.—As used in this chapter, the term:
  253         (1) “Agency” has the same meaning as in s. 216.011(1)(qq),
  254  except that for purposes of this chapter, “agency” does not
  255  include university boards of trustees or state universities.
  256         (1)(2) “Agency for State Enterprise Information Technology”
  257  or “agency” means the agency created in s. 14.206 14.204.
  258         (2)(3) “Agency information technology service” means a
  259  service that directly helps a state an agency fulfill its
  260  statutory or constitutional responsibilities and policy
  261  objectives and is usually associated with the state agency’s
  262  primary or core business functions.
  263         (4) “Annual budget meeting” means a meeting of the board of
  264  trustees of a primary data center to review data center usage to
  265  determine the apportionment of board members for the following
  266  fiscal year, review rates for each service provided, and
  267  determine any other required changes.
  268         (3)(5) “Breach” has the same meaning as in s. 817.5681(4).
  269         (4)(6) “Business continuity plan” means a plan for disaster
  270  recovery which provides for the continued functioning of a
  271  primary data center during and after a disaster.
  272         (5) “Collocation” means the method by which a state
  273  agency’s data center occupies physical space within a shared
  274  resource center where physical floor space, bandwidth, power,
  275  cooling, and physical security are available for an equitable
  276  usage rate and minimal complexity, and allow for the sustained
  277  management and oversight of the collocating agency’s information
  278  technology resources as well as physical and logical database
  279  administration by the collocating agency’s staff.
  280         (6)(7) “Computing facility” means a state agency site space
  281  containing fewer than a total of 10 physical or logical servers,
  282  any of which supports a strategic or nonstrategic information
  283  technology service, as described in budget instructions
  284  developed pursuant to s. 216.023, but excluding
  285  telecommunications and voice gateways and a clustered pair of
  286  servers operating as a single logical server to provide file,
  287  print, security, and endpoint management services single,
  288  logical-server installations that exclusively perform a utility
  289  function such as file and print servers.
  290         (7) “Computing service” means an information technology
  291  service that is used in all state agencies or a subset of
  292  agencies and is, therefore, a candidate for being established as
  293  an enterprise information technology service. Examples include
  294  e-mail, service hosting, telecommunications, and disaster
  295  recovery.
  296         (8) “Customer entity” means an entity that obtains services
  297  from a primary data center.
  298         (8)(9) “Data center” means a state agency site space
  299  containing 10 or more physical or logical servers any of which
  300  supports a strategic or nonstrategic information technology
  301  service, as described in budget instructions developed pursuant
  302  to s. 216.023.
  303         (10) “Department” means the Department of Management
  304  Services.
  305         (10)(11) “Enterprise information technology service” means
  306  an information technology service that is used in all state
  307  agencies or a subset of state agencies and is designated by the
  308  agency or established in law to be designed, delivered, and
  309  managed at the enterprise level. Current enterprise information
  310  technology services include data center services, e-mail, and
  311  security.
  312         (11)(12) “E-mail, messaging, and calendaring service” means
  313  the enterprise information technology service that enables users
  314  to send, receive, file, store, manage, and retrieve electronic
  315  messages, attachments, appointments, and addresses. The e-mail,
  316  messaging, and calendaring service must include e-mail account
  317  management; help desk; technical support and user provisioning
  318  services; disaster recovery and backup and restore capabilities;
  319  antispam and antivirus capabilities; archiving and e-discovery;
  320  and remote access and mobile messaging capabilities.
  321         (12)(13) “Information-system utility” means an information
  322  processing a full-service information-processing facility
  323  offering hardware, software, operations, integration,
  324  networking, floor space, and consulting services.
  325         (13)(14) “Information technology resources” means
  326  equipment, hardware, software, firmware, programs, systems,
  327  networks, infrastructure, media, and related material used to
  328  automatically, electronically, and wirelessly collect, receive,
  329  access, transmit, display, store, record, retrieve, analyze,
  330  evaluate, process, classify, manipulate, manage, assimilate,
  331  control, communicate, exchange, convert, converge, interface,
  332  switch, or disseminate information of any kind or form, and
  333  includes the human resources to perform such duties, but
  334  excludes application developers and logical database
  335  administrators.
  336         (14) “Local area network” means any telecommunications
  337  network through which messages and data are exchanged strictly
  338  within a single building or contiguous campus.
  339         (12)(15) “Information technology policy” means statements
  340  that describe clear choices for how information technology will
  341  deliver effective and efficient government services to residents
  342  and improve state agency operations. A policy may relate to
  343  investments, business applications, architecture, or
  344  infrastructure. A policy describes its rationale, implications
  345  of compliance or noncompliance, the timeline for implementation,
  346  metrics for determining compliance, and the accountable
  347  structure responsible for its implementation.
  348         (15) “Logical database administration” means the resources
  349  required to build and maintain database structure, implement and
  350  maintain role-based data access controls, and perform
  351  performance optimization of data queries and includes the
  352  manipulation, transformation, modification, and maintenance of
  353  data within a logical database. Typical tasks include schema
  354  design and modifications, user provisioning, query tuning, index
  355  and statistics maintenance, and data import, export, and
  356  manipulation.
  357         (16) “Memorandum of understanding” means a written
  358  agreement between a shared resource center or the Division of
  359  Telecommunications in the agency and a state agency which
  360  specifies the scope of services provided, service level,
  361  duration of the agreement, responsible parties, and service
  362  costs. A memorandum of understanding is not a rule pursuant to
  363  chapter 120.
  364         (17) “Operational information technology trust funds” means
  365  funds into which deposits are made on a fee for service bases,
  366  or a trust fund dedicated to a specific information technology
  367  project or system.
  368         (18) “Other public sector organizations” means entities of
  369  the legislative and judicial branches, the State University
  370  System, the Florida Community College System, counties, and
  371  municipalities. Such organizations may elect to participate in
  372  the information technology programs, services, or contracts
  373  offered by the Agency for State Technology, including
  374  information technology procurement, in accordance with general
  375  law, policies, and administrative rules.
  376         (19)(16) “Performance metrics” means the measures of an
  377  organization’s activities and performance.
  378         (20) “Physical database administration” means the resources
  379  responsible for installing, maintaining, and operating an
  380  environment within which a database is hosted. Typical tasks
  381  include database engine installation, configuration, and
  382  security patching, as well as performing backup and restoration
  383  of hosted databases, setup and maintenance of instance-based
  384  data replication, and monitoring the health and performance of
  385  the database environment.
  386         (21)(17) “Primary data center” means a data center that is
  387  a recipient entity for consolidation of state agency information
  388  technology resources nonprimary data centers and computing
  389  facilities and that is established by law.
  390         (22)(18) “Project” means an endeavor that has a defined
  391  start and end point; is undertaken to create or modify a unique
  392  product, service, or result; and has specific objectives that,
  393  when attained, signify completion.
  394         (23)(19) “Risk analysis” means the process of identifying
  395  security risks, determining their magnitude, and identifying
  396  areas needing safeguards.
  397         (24)(20) “Service level” means the key performance
  398  indicators (KPI) of an organization or service which must be
  399  regularly performed, monitored, and achieved.
  400         (21) “Service-level agreement” means a written contract
  401  between a data center and a customer entity which specifies the
  402  scope of services provided, service level, the duration of the
  403  agreement, the responsible parties, and service costs. A
  404  service-level agreement is not a rule pursuant to chapter 120.
  405         (25) “Shared resource center” means a primary data center
  406  that has been designated and assigned specific duties under this
  407  chapter or by the Agency for State Technology under s. 14.206.
  408         (26)(22) “Standards” means required practices, controls,
  409  components, or configurations established by an authority.
  410         (27) “State agency” means any official, officer,
  411  commission, board, authority, council, committee, or department
  412  of the executive branch of state government. The term does not
  413  include university boards of trustees or state universities.
  414         (28) “State agency site” means a single, contiguous local
  415  area network segment that does not traverse a metropolitan area
  416  network or wide area network.
  417         (29)(23) “SUNCOM Network” means the state enterprise
  418  telecommunications system that provides all methods of
  419  electronic or optical telecommunications beyond a single
  420  building or contiguous building complex and used by entities
  421  authorized as network users under this part.
  422         (30)(24) “Telecommunications” means the science and
  423  technology of communication at a distance, including electronic
  424  systems used in the transmission or reception of information.
  425         (31)(25) “Threat” means any circumstance or event that may
  426  cause harm to the integrity, availability, or confidentiality of
  427  information technology resources.
  428         (32)(26) “Total cost” means all costs associated with
  429  information technology projects or initiatives, including, but
  430  not limited to, value of hardware, software, service,
  431  maintenance, incremental personnel, and facilities. Total cost
  432  of a loan or gift of information technology resources to a state
  433  an agency includes the fair market value of the resources.
  434         (33)(27) “Usage” means the billing amount charged by the
  435  primary data center, less any pass-through charges, to the state
  436  agency customer entity.
  437         (34)(28) “Usage rate” means a state agency’s customer
  438  entity’s usage or billing amount as a percentage of total usage.
  439         (35) “Wide area network” means any telecommunications
  440  network or components thereof through which messages and data
  441  are exchanged outside of a local area network.
  442         Section 6. Section 282.0055, Florida Statutes, is amended
  443  to read:
  444         (Substantial rewording of section. See
  445         s. 282.0055, Florida Statutes, for current text.)
  446         282.0055 Assignment of enterprise information technology.—
  447         (1) The establishment of a systematic process for the
  448  planning, design, implementation, procurement, delivery, and
  449  maintenance of enterprise information technology services shall
  450  be the responsibility of the Agency for State Technology for
  451  executive branch agencies that are created or authorized in
  452  statute to perform legislatively delegated functions. The
  453  agency’s duties shall be performed in collaboration with the
  454  state agencies. The supervision, design, development, delivery,
  455  and maintenance of state-agency specific or unique software
  456  applications shall remain within the responsibility and control
  457  of the individual state agency or other public sector
  458  organization.
  459         (2) During the 2012-2013 fiscal year, the Agency for State
  460  Technology shall, in collaboration with the state agencies and
  461  other stakeholders, create a road map for enterprise information
  462  technology service consolidation. The road map shall be
  463  presented for approval by the Governor and Cabinet by August 30,
  464  2013. At a minimum, the road map must include:
  465         (a) An enterprise architecture that provides innovative,
  466  yet pragmatic and cost-effective offering, and which
  467  contemplates the consolidated delivery of services based on
  468  similar business processes and functions that span across all
  469  executive and cabinet agencies.
  470         (b) A schedule for the consolidation of state agency data
  471  centers.
  472         (c) Cost-saving targets and timeframes for when the savings
  473  will be realized.
  474         (d) Recommendations, including cost estimates, for
  475  improvements to the shared resource centers, which will improve
  476  the agency’s ability to deliver enterprise information
  477  technology services.
  478         (e) A transition plan for the transfer of portions of the
  479  Technology Program established under s. 20.22(2), Florida
  480  Statutes that provide an enterprise information technology
  481  service.
  482         (3) By October 15th of each year beginning in 2013, the
  483  Agency for State Technology shall develop a comprehensive
  484  transition plan for scheduled consolidations occurring in the
  485  next fiscal year. This plan shall be submitted to the Governor,
  486  the Cabinet, the President of the Senate, and the Speaker of the
  487  House of Representatives. The transition plan shall be developed
  488  in consultation with other state agencies submitting state
  489  agency transition plans. The comprehensive transition plan must
  490  include:
  491         (a) Recommendations for accomplishing the proposed
  492  transitions as efficiently and effectively as possible with
  493  minimal disruption to state agency business processes.
  494         (b) Strategies to minimize risks associated with any of the
  495  proposed consolidations.
  496         (c) A compilation of the state agency transition plans
  497  submitted by state agencies scheduled for consolidation for the
  498  following fiscal year.
  499         (d) An estimate of the cost to provide enterprise
  500  information technology services for each state agency scheduled
  501  for consolidation.
  502         (e) An analysis of the cost effects resulting from the
  503  planned consolidations on existing state agencies.
  504         (f) The fiscal year adjustments to budget categories in
  505  order to absorb the transfer of state agency information
  506  technology resources pursuant to the legislative budget request
  507  instructions provided in s. 216.023.
  508         (g) A description of any issues that must be resolved in
  509  order to accomplish as efficiently and effectively as possible
  510  all consolidations required during the fiscal year.
  511         (4) State agencies have the following duties:
  512         (a) For the purpose of completing its work activities, each
  513  state agency shall provide to the Agency for State Technology
  514  all requested information and any other information relevant to
  515  the state agency’s ability to effectively transition its
  516  information technology resources into the agency.
  517         (b) For the purpose of completing its work activities, each
  518  state agency shall temporarily assign staff to assist the agency
  519  with designated tasks as negotiated between the agency and the
  520  state agency.
  521         (c) Each state agency identified for consolidation into an
  522  enterprise information technology service offering must submit a
  523  transition plan to the Agency for State Technology by September
  524  1 of the fiscal year before the fiscal year in which the
  525  scheduled consolidation will occur. Transition plans shall be
  526  developed in consultation with the agency and must include:
  527         1. An inventory of the state agency data center’s resources
  528  being consolidated, including all hardware, software, staff, and
  529  contracted services, and the facility resources performing data
  530  center management and operations, security, backup and recovery,
  531  disaster recovery, system administration, database
  532  administration, system programming, mainframe maintenance, job
  533  control, production control, print, storage, technical support,
  534  help desk, and managed services, but excluding application
  535  development.
  536         2. A description of the level of services needed to meet
  537  the technical and operational requirements of the platforms
  538  being consolidated and an estimate of the primary data center’s
  539  cost for the provision of such services.
  540         3. A description of expected changes to its information
  541  technology needs and the timeframe when such changes will occur.
  542         4. A description of the information technology resources
  543  proposed to remain in the state agency.
  544         5. A baseline project schedule for the completion of the
  545  consolidation.
  546         6. The specific recurring and nonrecurring budget
  547  adjustments of budget resources by appropriation category into
  548  the appropriate data processing category pursuant to the
  549  legislative budget instructions in s. 216.023 necessary to
  550  support state agency costs for the transfer.
  551         (5)(a) Unless authorized by the Legislature or the agency
  552  as provided in paragraphs (b) and (c), a state agency may not:
  553         1. Create a new computing service or expand an existing
  554  computing service if that service has been designated as an
  555  enterprise information technology service.
  556         2. Spend funds before the state agency’s scheduled
  557  consolidation to an enterprise information technology service to
  558  purchase or modify hardware or operations software that does not
  559  comply with hardware and software standards established by the
  560  Agency for State Technology.
  561         3. Unless for the purpose of offsite disaster recovery
  562  services, transfer existing computing services to any service
  563  provider other than the Agency for State Technology.
  564         4. Terminate services with the Agency for State Technology
  565  without giving written notice of intent to terminate or transfer
  566  services 180 days before such termination or transfer.
  567         5. Initiate a new computing service with any service
  568  provider other than the Agency for State Technology if that
  569  service has been designated as an enterprise information
  570  technology service.
  571         (b) Exceptions to the limitations in subparagraphs (a)1.,
  572  2., 3., and 5. may be granted by the Agency for State Technology
  573  if there is insufficient capacity in the primary data centers to
  574  absorb the workload associated with agency computing services,
  575  expenditures are compatible with the scheduled consolidation and
  576  established standards, or the equipment or resources are needed
  577  to meet a critical state agency business need that cannot be
  578  satisfied from surplus equipment or resources of the primary
  579  data center until the state agency data center is consolidated.
  580         1. A request for an exception must be submitted in writing
  581  to the Agency for State Technology. The agency must accept,
  582  accept with conditions, or deny the request within 60 days after
  583  receipt of the written request. The agency’s decision is not
  584  subject to chapter 120.
  585         2. The Agency for State Technology may not approve a
  586  request unless it includes, at a minimum:
  587         a. A detailed description of the capacity requirements of
  588  the state agency requesting the exception.
  589         b. Documentation from the state agency head demonstrating
  590  why it is critical to the state agency’s mission that the
  591  expansion or transfer must be completed within the fiscal year
  592  rather than when capacity is established at a primary data
  593  center.
  594         3. Exceptions to subparagraph (a)4. may be granted by the
  595  Agency for State Technology if the termination or transfer of
  596  services can be absorbed within the current cost-allocation
  597  plan.
  598         Section 7. Section 282.0056, Florida Statutes, is amended
  599  to read:
  600         282.0056 Strategic plan, development of work plan, and;
  601  development of implementation plans; and policy
  602  recommendations.—
  603         (1) In order to provide a systematic process for meeting
  604  the state’s technology needs, the executive director of the
  605  Agency for State Technology shall develop a biennial state
  606  Information Technology Resources Strategic Plan. The Governor
  607  and Cabinet shall approve the plan before transmitting it to the
  608  Legislature, biennially, starting October 1, 2013. The plan must
  609  include the following elements:
  610         (a) The vision, goals, initiatives, and targets for state
  611  information technology for the short term of 2 years, midterm of
  612  3 to 5 years, and long term of more than 5 years.
  613         (b) An inventory of the information technology resources in
  614  state agencies and major projects currently in progress and
  615  planned. This does not imply that the agency has approval
  616  authority over major projects. As used in this section, the term
  617  “major project” means projects that cost more than $1 million to
  618  implement.
  619         (c) An analysis of opportunities for statewide initiatives
  620  that would yield efficiencies, cost savings, or avoidance or
  621  improve effectiveness in state programs. The analysis must
  622  include:
  623         1. Information technology services that should be designed,
  624  delivered, and managed as enterprise information technology
  625  services.
  626         2. Techniques for consolidating the purchase of information
  627  technology commodities and services that may result in savings
  628  for the state and for establishing a process to achieve savings
  629  through consolidated purchases.
  630         3. A cost-benefit analysis of options, such as
  631  privatization, outsourcing, or in-sourcing, to reduce costs or
  632  improve services to agencies and taxpayers.
  633         (d) Recommended initiatives based on the analysis in
  634  paragraph (c).
  635         (e) Implementation plans for enterprise information
  636  technology services designated by the agency. The implementation
  637  plans must describe the scope of service, requirements analyses,
  638  costs and savings projects, and a project schedule for statewide
  639  implementation.
  640         (2) Each state agency shall, biennially, provide to the
  641  agency the inventory required under paragraph (1)(b). The agency
  642  shall consult with and assist state agencies in the preparation
  643  of these inventories. Each state agency shall submit its
  644  inventory to the agency biennially, starting January 1, 2013.
  645         (3) For the purpose of completing its work activities, each
  646  state agency shall provide to the agency all requested
  647  information, including, but not limited to, the state agency’s
  648  costs, service requirements, staffing, and equipment
  649  inventories.
  650         (4)(1)For the purpose of ensuring accountability for the
  651  duties and responsibilities of the executive director and the
  652  agency under ss. 14.206 and 282.0055, the executive director For
  653  the purposes of carrying out its responsibilities under s.
  654  282.0055, the Agency for Enterprise Information Technology shall
  655  develop an annual work plan within 60 days after the beginning
  656  of the fiscal year describing the activities that the agency
  657  intends to undertake for that year and identify the critical
  658  success factors, risks, and issues associated with the work
  659  planned. The work plan must also include planned including
  660  proposed outcomes and completion timeframes for the planning and
  661  implementation of all enterprise information technology
  662  services. The work plan must align with the state Information
  663  Technology Resources Strategic Plan, be presented at a public
  664  hearing, and be approved by the Governor and Cabinet;, and,
  665  thereafter, be submitted to the President of the Senate and the
  666  Speaker of the House of Representatives. The work plan may be
  667  amended as needed, subject to approval by the Governor and
  668  Cabinet.
  669         (2) The agency may develop and submit to the President of
  670  the Senate, the Speaker of the House of Representatives, and the
  671  Governor by October 1 of each year implementation plans for
  672  proposed enterprise information technology services to be
  673  established in law.
  674         (3) In developing policy recommendations and implementation
  675  plans for established and proposed enterprise information
  676  technology services, the agency shall describe the scope of
  677  operation, conduct costs and requirements analyses, conduct an
  678  inventory of all existing information technology resources that
  679  are associated with each service, and develop strategies and
  680  timeframes for statewide migration.
  681         (4) For the purpose of completing its work activities, each
  682  state agency shall provide to the agency all requested
  683  information, including, but not limited to, the state agency’s
  684  costs, service requirements, and equipment inventories.
  685         (5) For the purpose of ensuring accountability for the
  686  duties and responsibilities of the executive director and the
  687  agency under ss. 14.206 and 282.0055, within 60 days after the
  688  end of each fiscal year, the executive director agency shall
  689  report to the Governor and Cabinet, the President of the Senate,
  690  and the Speaker of the House of Representatives on what was
  691  achieved or not achieved in the prior year’s work plan.
  692         Section 8. Section 282.201, Florida Statutes, is amended to
  693  read:
  694         (Substantial rewording of section. See
  695         s. 282.201, Florida Statutes, for current text.)
  696         282.201 State data center system; agency duties and
  697  limitations.—A state data center system that includes all
  698  primary data centers, other nonprimary data centers, and
  699  computing facilities, and that provides an enterprise
  700  information technology service, is established.
  701         (1) INTENT.—The Legislature finds that the most efficient
  702  and effective means of providing quality utility data processing
  703  services to state agencies requires that computing resources be
  704  concentrated in quality facilities that provide the proper
  705  security, infrastructure, and staff resources to ensure that the
  706  state’s data is maintained reliably and safely and is
  707  recoverable in the event of a disaster. Efficiencies resulting
  708  from such consolidation include the increased ability to
  709  leverage technological expertise and hardware and software
  710  capabilities; increased savings through consolidated purchasing
  711  decisions; and the enhanced ability to deploy technology
  712  improvements and implement new policies consistently throughout
  713  the consolidated organization.
  714         (2) AGENCY FOR STATE TECHNOLOGY DUTIES.—(a) The agency
  715  shall by October 1, 2013, provide to the Governor and Cabinet,
  716  recommendations for approving, confirming and removing primary
  717  data center designation. The recommendations shall consider the
  718  recommendations from the Law Enforcement Consolidations Task
  719  Force. Upon approval of the Governor and Cabinet of primary data
  720  center designations, existing primary data center designations
  721  are repealed by operation of law, and therefore, obsolete.
  722         (b) Establish a schedule for the consolidation of state
  723  agency data centers or a transition plan for outsourcing data
  724  center services, subject to review by the Governor and Cabinet.
  725  The schedule or transition plan must be provided by October 1,
  726  2013, and be updated annually until the completion of
  727  consolidation. The schedule must be based on the goals of
  728  maximizing the efficiency and quality of service delivery and
  729  cost savings.
  730         (3) STATE AGENCY DUTIES.—
  731         (a) Any state agency that is consolidating agency data
  732  centers into a primary data center must execute a new or update
  733  an existing memorandum of understanding or service level
  734  agreement within 60 days after the specified consolidation date,
  735  as required by s. 282.203, in order to specify the services and
  736  levels of service it is to receive from the primary data center
  737  as a result of the consolidation. If a state agency is unable to
  738  execute a memorandum of understanding by that date, the state
  739  agency shall submit a report to the Executive Office of the
  740  Governor, the Cabinet, the President of the Senate, and the
  741  Speaker of the House of Representatives within 5 working days
  742  after that date which explains the specific issues preventing
  743  execution and describes its plan and schedule for resolving
  744  those issues.
  745         (b) On the date of each consolidation specified in general
  746  law or the General Appropriations Act, each state agency shall
  747  retain the least-privileged administrative access rights
  748  necessary to perform the duties not assigned to the primary data
  749  centers.
  750         (4) SCHEDULE FOR CONSOLIDATIONS OF STATE AGENCY DATA
  751  CENTERS.—Consolidations of state agency data centers are
  752  suspended for the 2012-2013 fiscal year. Consolidations shall
  753  resume during the 2013-2014 fiscal year based upon a revised
  754  schedule developed by the agency. The revised schedule shall
  755  consider the recommendations from the Law Enforcement
  756  Consolidation Task Force. State agency data centers and
  757  computing facilities shall be consolidated into the agency by
  758  June 30, 2018.
  759         Section 9. Section 282.203, Florida Statutes, is amended to
  760  read:
  761         (Substantial rewording of section. See
  762         s. 282.203, Florida Statutes, for current text.)
  763         282.203 Primary data centers; duties.—
  764         (1) Each primary data center shall:
  765         (a) Serve participating state agencies as an information
  766  system utility.
  767         (b) Cooperate with participating state agencies to offer,
  768  develop, and support the services and applications.
  769         (c) Provide transparent financial statements to
  770  participating state agencies.
  771         (d) Assume the least-privileged administrative access
  772  rights necessary to perform the services provided by the data
  773  center for the software and equipment that is consolidated into
  774  a primary data center.
  775         (2) Each primary data center shall enter into a memorandum
  776  of understanding with each participating state agency to provide
  777  services. A memorandum of understanding may not have a term
  778  exceeding 3 years but may include an option to renew for up to 3
  779  years. Failure to execute a memorandum within 60 days after
  780  service commencement shall, in the case of a participating state
  781  agency, result in the continuation of the terms of the
  782  memorandum of understanding from the previous fiscal year,
  783  including any amendments that were formally proposed to the
  784  state agency by the primary data center within the 3 months
  785  before service commencement, and a revised cost-of-service
  786  estimate. If a participating state agency fails to execute a
  787  memorandum of understanding within 60 days after service
  788  commencement, the data center may cease providing services.
  789         Section 10. Section 282.204, Florida Statutes, is repealed.
  790         Section 11. Section 282.205, Florida Statutes, is repealed.
  791         Section 12. Section 282.33, Florida Statutes, is repealed.
  792         Section 13. Section 282.34, Florida Statutes, is amended to
  793  read:
  794         282.34 Statewide e-mail service.—A statewide e-mail service
  795  that includes the delivery and support of e-mail, messaging, and
  796  calendaring capabilities is established as an enterprise
  797  information technology service as defined in s. 282.0041. The
  798  service shall be provisioned designed to meet the needs of all
  799  executive branch agencies and may also be used by other public
  800  sector nonstate agency entities. The primary goals of the
  801  service are to provide a reliable collaborative communication
  802  service to state agencies; minimize the state investment
  803  required to establish, operate, and support the statewide
  804  service; reduce the cost of current e-mail operations and the
  805  number of duplicative e-mail systems; and eliminate the need for
  806  each state agency to maintain its own e-mail staff.
  807         (1) Except as specified in subsection (2), all state
  808  agencies shall receive their primary email services exclusively
  809  through the Agency for State Technology. The Southwood Shared
  810  Resource Center, a primary data center, shall be the provider of
  811  the statewide e-mail service for all state agencies. The center
  812  shall centrally host, manage, operate, and support the service,
  813  or outsource the hosting, management, operational, or support
  814  components of the service in order to achieve the primary goals
  815  identified in this section.
  816         (2) The Department of Legal Affairs shall work with the
  817  agency to develop a plan to migrate to the enterprise email
  818  service. The plan shall identify the time frame for migration,
  819  the associated costs, and the risks. The plan shall be presented
  820  to the Governor and Cabinet by December 1, 2014. The Agency for
  821  Enterprise Information Technology, in cooperation and
  822  consultation with all state agencies, shall prepare and submit
  823  for approval by the Legislative Budget Commission at a meeting
  824  scheduled before June 30, 2011, a proposed plan for the
  825  migration of all state agencies to the statewide e-mail service.
  826  The plan for migration must include:
  827         (a) A cost-benefit analysis that compares the total
  828  recurring and nonrecurring operating costs of the current agency
  829  e-mail systems, including monthly mailbox costs, staffing,
  830  licensing and maintenance costs, hardware, and other related e
  831  mail product and service costs to the costs associated with the
  832  proposed statewide e-mail service. The analysis must also
  833  include:
  834         1. A comparison of the estimated total 7-year life-cycle
  835  cost of the current agency e-mail systems versus the feasibility
  836  of funding the migration and operation of the statewide e-mail
  837  service.
  838         2. An estimate of recurring costs associated with the
  839  energy consumption of current agency e-mail equipment, and the
  840  basis for the estimate.
  841         3. An identification of the overall cost savings resulting
  842  from state agencies migrating to the statewide e-mail service
  843  and decommissioning their agency e-mail systems.
  844         (b) A proposed migration date for all state agencies to be
  845  migrated to the statewide e-mail service. The Agency for
  846  Enterprise Information Technology shall work with the Executive
  847  Office of the Governor to develop the schedule for migrating all
  848  state agencies to the statewide e-mail service except for the
  849  Department of Legal Affairs. The Department of Legal Affairs
  850  shall provide to the Agency for Enterprise Information
  851  Technology by June 1, 2011, a proposed migration date based upon
  852  its decision to participate in the statewide e-mail service and
  853  the identification of any issues that require resolution in
  854  order to migrate to the statewide e-mail service.
  855         (c) A budget amendment, submitted pursuant to chapter 216,
  856  for adjustments to each agency’s approved operating budget
  857  necessary to transfer sufficient budget resources into the
  858  appropriate data processing category to support its statewide e
  859  mail service costs.
  860         (d) A budget amendment, submitted pursuant to chapter 216,
  861  for adjustments to the Southwood Shared Resource Center approved
  862  operating budget to include adjustments in the number of
  863  authorized positions, salary budget and associated rate,
  864  necessary to implement the statewide e-mail service.
  865         (3) Contingent upon approval by the Legislative Budget
  866  Commission, the Southwood Shared Resource Center may contract
  867  for the provision of a statewide e-mail service. Executive
  868  branch agencies must be completely migrated to the statewide e
  869  mail service based upon the migration date included in the
  870  proposed plan approved by the Legislative Budget Commission.
  871         (4) Notwithstanding chapter 216, general revenue funds may
  872  be increased or decreased for each agency provided the net
  873  change to general revenue in total for all agencies is zero or
  874  less.
  875         (5) Subsequent to the approval of the consolidated budget
  876  amendment to reflect budget adjustments necessary to migrate to
  877  the statewide e-mail service, an agency may make adjustments
  878  subject to s. 216.177, notwithstanding provisions in chapter 216
  879  which may require such adjustments to be approved by the
  880  Legislative Budget Commission.
  881         (6) No agency may initiate a new e-mail service or execute
  882  a new e-mail contract or amend a current e-mail contract, other
  883  than with the Southwood Shared Resource Center, for nonessential
  884  products or services unless the Legislative Budget Commission
  885  denies approval for the Southwood Shared Resource Center to
  886  enter into a contract for the statewide e-mail service.
  887         (7) The Agency for Enterprise Information Technology shall
  888  work with the Southwood Shared Resource Center to develop an
  889  implementation plan that identifies and describes the detailed
  890  processes and timelines for an agency’s migration to the
  891  statewide e-mail service based on the migration date approved by
  892  the Legislative Budget Commission. The agency may establish and
  893  coordinate workgroups consisting of agency e-mail management,
  894  information technology, budget, and administrative staff to
  895  assist the agency in the development of the plan.
  896         (8) Each executive branch agency shall provide all
  897  information necessary to develop the implementation plan,
  898  including, but not limited to, required mailbox features and the
  899  number of mailboxes that will require migration services. Each
  900  agency must also identify any known business, operational, or
  901  technical plans, limitations, or constraints that should be
  902  considered when developing the plan.
  903         Section 14. Section 282.702, Florida Statutes, is amended
  904  to read:
  905         282.702 Powers and duties.—The Department of Management
  906  Services shall have the following powers, duties, and functions:
  907         (1) To publish electronically the portfolio of services
  908  available from the department, including pricing information;
  909  the policies and procedures governing usage of available
  910  services; and a forecast of the department’s priorities for each
  911  telecommunications service.
  912         (2) To adopt technical standards by rule for the state
  913  telecommunications network which ensure the interconnection and
  914  operational security of computer networks, telecommunications,
  915  and information systems of agencies.
  916         (3) To enter into agreements related to information
  917  technology and telecommunications services with state agencies
  918  and political subdivisions of the state.
  919         (4) To purchase from or contract with information
  920  technology providers for information technology, including
  921  private line services.
  922         (5) To apply for, receive, and hold authorizations,
  923  patents, copyrights, trademarks, service marks, licenses, and
  924  allocations or channels and frequencies to carry out the
  925  purposes of this part.
  926         (6) To purchase, lease, or otherwise acquire and to hold,
  927  sell, transfer, license, or otherwise dispose of real, personal,
  928  and intellectual property, including, but not limited to,
  929  patents, trademarks, copyrights, and service marks.
  930         (7) To cooperate with any federal, state, or local
  931  emergency management agency in providing for emergency
  932  telecommunications services.
  933         (8) To control and approve the purchase, lease, or
  934  acquisition and the use of telecommunications services,
  935  software, circuits, and equipment provided as part of any other
  936  total telecommunications system to be used by the state or its
  937  agencies.
  938         (9) To adopt rules pursuant to ss. 120.536(1) and 120.54
  939  relating to telecommunications and to administer the provisions
  940  of this part.
  941         (10) To apply for and accept federal funds for the purposes
  942  of this part as well as gifts and donations from individuals,
  943  foundations, and private organizations.
  944         (11) To monitor issues relating to telecommunications
  945  facilities and services before the Florida Public Service
  946  Commission and the Federal Communications Commission and, if
  947  necessary, prepare position papers, prepare testimony, appear as
  948  a witness, and retain witnesses on behalf of state agencies in
  949  proceedings before the commissions.
  950         (12) Unless delegated to the state agencies by the
  951  department, to manage and control, but not intercept or
  952  interpret, telecommunications within the SUNCOM Network by:
  953         (a) Establishing technical standards to physically
  954  interface with the SUNCOM Network.
  955         (b) Specifying how telecommunications are transmitted
  956  within the SUNCOM Network.
  957         (c) Controlling the routing of telecommunications within
  958  the SUNCOM Network.
  959         (d) Establishing standards, policies, and procedures for
  960  access to and the security of the SUNCOM Network.
  961         (e) Ensuring orderly and reliable telecommunications
  962  services in accordance with the service level agreements
  963  executed with state agencies.
  964         (13) To plan, design, and conduct experiments for
  965  telecommunications services, equipment, and technologies, and to
  966  implement enhancements in the state telecommunications network
  967  if in the public interest and cost-effective. Funding for such
  968  experiments must be derived from SUNCOM Network service revenues
  969  and may not exceed 2 percent of the annual budget for the SUNCOM
  970  Network for any fiscal year or as provided in the General
  971  Appropriations Act. New services offered as a result of this
  972  subsection may not affect existing rates for facilities or
  973  services.
  974         (14) To enter into contracts or agreements, with or without
  975  competitive bidding or procurement, to make available, on a
  976  fair, reasonable, and nondiscriminatory basis, property and
  977  other structures under departmental control for the placement of
  978  new facilities by any wireless provider of mobile service as
  979  defined in 47 U.S.C. s. 153(27) or s. 332(d) and any
  980  telecommunications company as defined in s. 364.02 if it is
  981  practical and feasible to make such property or other structures
  982  available. The department may, without adopting a rule, charge a
  983  just, reasonable, and nondiscriminatory fee for the placement of
  984  the facilities, payable annually, based on the fair market value
  985  of space used by comparable telecommunications facilities in the
  986  state. The department and a wireless provider or
  987  telecommunications company may negotiate the reduction or
  988  elimination of a fee in consideration of services provided to
  989  the department by the wireless provider or telecommunications
  990  company. All such fees collected by the department shall be
  991  deposited directly into the Law Enforcement Radio Operating
  992  Trust Fund, and may be used by the department to construct,
  993  maintain, or support the system.
  994         (15) Establish policies that ensure that the department’s
  995  cost-recovery methodologies, billings, receivables,
  996  expenditures, budgeting, and accounting data are captured and
  997  reported timely, consistently, accurately, and transparently and
  998  are in compliance with all applicable federal and state laws and
  999  rules. The department shall annually submit to the Governor, the
 1000  President of the Senate, and the Speaker of the House of
 1001  Representatives a report that describes each service and its
 1002  cost, the billing methodology for recovering the cost of the
 1003  service, and, if applicable, the identity of those services that
 1004  are subsidized.
 1005         (16) Develop a plan for statewide voice-over-Internet
 1006  protocol services. The plan shall include cost estimates and the
 1007  estimated return on investment. The plan shall be submitted to
 1008  the Governor, the Cabinet, the President of the Senate, and the
 1009  Speaker of the House of Representatives by June 30, 2013.
 1010         (17) The department shall produce a feasibility analysis by
 1011  January 1, 2013, of the options for procuring end-to-end network
 1012  services, including services provided by the statewide area
 1013  network, metropolitan area networks, and local area networks,
 1014  which may be provided by each state agency. The scope of this
 1015  service does not include wiring or file and print server
 1016  infrastructure. The feasibility analysis must determine the
 1017  technical and economic feasibility of using existing resources
 1018  and infrastructure that are owned or used by state entities in
 1019  the provision or receipt of network services in order to reduce
 1020  the cost of network services for the state.
 1021         (a)At a minimum, the feasibility analysis must include:
 1022         1.A definition and assessment of the current portfolio of
 1023  services, the network services that are provided by each state
 1024  agency, and a forecast of anticipated changes in network service
 1025  needs which considers specific state agency business needs and
 1026  the implementation of enterprise services established under this
 1027  chapter.
 1028         2.A description of any limitations or enhancements in the
 1029  network, including any technical or logistical challenges
 1030  relating to the central provisioning of local area network
 1031  services currently provided and supported by each state agency.
 1032  The analysis must also address changes in usage patterns which
 1033  can reasonably be expected due to the consolidation of state
 1034  agency data centers or the specific business needs of state
 1035  agencies and other service customers.
 1036         3.An analysis and comparison of the risks associated with
 1037  the current service delivery models and at least two other
 1038  options that leverage the existing resources and infrastructure
 1039  identified in this subsection. Options may include multi-vendor
 1040  and segmented contracting options. All sourcing options must
 1041  produce a service that can be used by schools and other
 1042  qualified entities that seek federal grants provided through the
 1043  Universal Service Fund Program.
 1044         4.A cost-benefit analysis that estimates all major cost
 1045  elements associated with each sourcing option, focusing on the
 1046  nonrecurring and recurring life-cycle costs of the proposal in
 1047  order to determine the financial feasibility of each sourcing
 1048  option. The cost-benefit analysis must include:
 1049         a.The total recurring operating costs of the proposed
 1050  state network service including estimates of monthly charges,
 1051  staffing, billing, licenses and maintenance, hardware, and other
 1052  related costs.
 1053         b.An estimate of nonrecurring costs associated with
 1054  construction, transmission lines, premises and switching
 1055  hardware purchase and installation, and required software based
 1056  on the proposed solution.
 1057         c.An estimate of other critical costs associated with the
 1058  current and proposed sourcing options for the state network.
 1059         5.Recommendations for reducing current costs associated
 1060  with statewide network services. The department shall consider
 1061  the following in developing the recommendations:
 1062         a.Leveraging existing resources and expertise.
 1063         b.Standardizing service-level agreements to customer
 1064  entities in order to maximize capacity and availability.
 1065         6.A detailed timeline for the complete procurement and
 1066  transition to a more efficient and cost-effective solution.
 1067         Section 15. Paragraph (e) of subsection (2) of section
 1068  110.205, Florida Statutes, is amended to read:
 1069         110.205 Career service; exemptions.—
 1070         (2) EXEMPT POSITIONS.—The exempt positions that are not
 1071  covered by this part include the following:
 1072         (e) The executive director of Chief Information Officer in
 1073  the Agency for State Enterprise Information Technology. Unless
 1074  otherwise fixed by law, the Governor and Cabinet Agency for
 1075  Enterprise Information Technology shall set the salary and
 1076  benefits of this position in accordance with the rules of the
 1077  Senior Management Service.
 1078         Section 16. Subsections (2) and (9) of section 215.322,
 1079  Florida Statutes, are amended to read:
 1080         215.322 Acceptance of credit cards, charge cards, debit
 1081  cards, or electronic funds transfers by state agencies, units of
 1082  local government, and the judicial branch.—
 1083         (2) A state agency as defined in s. 216.011, or the
 1084  judicial branch, may accept credit cards, charge cards, debit
 1085  cards, or electronic funds transfers in payment for goods and
 1086  services with the prior approval of the Chief Financial Officer.
 1087  If the Internet or other related electronic methods are to be
 1088  used as the collection medium, the Agency for State Enterprise
 1089  Information Technology shall review and recommend to the Chief
 1090  Financial Officer whether to approve the request with regard to
 1091  the process or procedure to be used.
 1092         (9) For payment programs in which credit cards, charge
 1093  cards, or debit cards are accepted by state agencies, the
 1094  judicial branch, or units of local government, the Chief
 1095  Financial Officer, in consultation with the Agency for State
 1096  Enterprise Information Technology, may adopt rules to establish
 1097  uniform security safeguards for cardholder data and to ensure
 1098  compliance with the Payment Card Industry Data Security
 1099  Standards.
 1100         Section 17. Subsections (3), (4), (5), and (6) of section
 1101  282.318, Florida Statutes, are amended to read:
 1102         282.318 Enterprise security of data and information
 1103  technology.—
 1104         (3) The Agency for State Enterprise Information Technology
 1105  is responsible for establishing rules and publishing guidelines
 1106  for ensuring an appropriate level of security for all data and
 1107  information technology resources for executive branch agencies.
 1108  The agency shall also perform the following duties and
 1109  responsibilities:
 1110         (a) Develop, and annually update by February 1, an
 1111  enterprise information security strategic plan that includes
 1112  security goals and objectives for the strategic issues of
 1113  information security policy, risk management, training, incident
 1114  management, and survivability planning.
 1115         (b) Develop enterprise security rules and published
 1116  guidelines for:
 1117         1. Comprehensive risk analyses and information security
 1118  audits conducted by state agencies.
 1119         2. Responding to suspected or confirmed information
 1120  security incidents, including suspected or confirmed breaches of
 1121  personal information or exempt data.
 1122         3. Agency security plans, including strategic security
 1123  plans and security program plans.
 1124         4. The recovery of information technology and data
 1125  following a disaster.
 1126         5. The managerial, operational, and technical safeguards
 1127  for protecting state government data and information technology
 1128  resources.
 1129         (c) Assist agencies in complying with the provisions of
 1130  this section.
 1131         (d) Pursue appropriate funding for the purpose of enhancing
 1132  domestic security.
 1133         (e) Provide training for agency information security
 1134  managers.
 1135         (f) Annually review the strategic and operational
 1136  information security plans of executive branch agencies.
 1137         (4) To assist the Agency for State Enterprise Information
 1138  Technology in carrying out its responsibilities, each state
 1139  agency head shall, at a minimum:
 1140         (a) Designate an information security manager to administer
 1141  the security program of the state agency for its data and
 1142  information technology resources. This designation must be
 1143  provided annually in writing to the Agency for State Enterprise
 1144  Information Technology by January 1.
 1145         (b) Annually submit to the Agency for State Enterprise
 1146  Information Technology annually by July 31, the state agency’s
 1147  comprehensive strategic and operational information security
 1148  plans developed pursuant to the rules and guidelines established
 1149  by the Agency for State Enterprise Information Technology.
 1150         1. The state agency comprehensive strategic information
 1151  security plan must cover a 3-year period and define security
 1152  goals, intermediate objectives, and projected agency costs for
 1153  the strategic issues of agency information security policy, risk
 1154  management, security training, security incident response, and
 1155  survivability. The plan must be based on the enterprise
 1156  strategic information security plan created by the Agency for
 1157  State Enterprise Information Technology. Additional issues may
 1158  be included.
 1159         2. The state agency operational information security plan
 1160  must include a progress report for the prior operational
 1161  information security plan and a project plan that includes
 1162  activities, timelines, and deliverables for security objectives
 1163  that, subject to current resources, the state agency will
 1164  implement during the current fiscal year. The cost of
 1165  implementing the portions of the plan which cannot be funded
 1166  from current resources must be identified in the plan.
 1167         (c) Conduct, and update every 3 years, a comprehensive risk
 1168  analysis to determine the security threats to the data,
 1169  information, and information technology resources of the state
 1170  agency. The risk analysis information is confidential and exempt
 1171  from the provisions of s. 119.07(1), except that such
 1172  information shall be available to the Auditor General and the
 1173  Agency for State Enterprise Information Technology for
 1174  performing postauditing duties.
 1175         (d) Develop, and periodically update, written internal
 1176  policies and procedures that, which include procedures for
 1177  notifying the Agency for State Enterprise Information Technology
 1178  when a suspected or confirmed breach, or an information security
 1179  incident, occurs. Such policies and procedures must be
 1180  consistent with the rules and guidelines established by the
 1181  Agency for State Enterprise Information Technology to ensure the
 1182  security of the data, information, and information technology
 1183  resources of the state agency. The internal policies and
 1184  procedures that, if disclosed, could facilitate the unauthorized
 1185  modification, disclosure, or destruction of data or information
 1186  technology resources are confidential information and exempt
 1187  from s. 119.07(1), except that such information shall be
 1188  available to the Auditor General and the Agency for State
 1189  Enterprise Information Technology for performing postauditing
 1190  duties.
 1191         (e) Implement appropriate cost-effective safeguards to
 1192  address identified risks to the data, information, and
 1193  information technology resources of the state agency.
 1194         (f) Ensure that periodic internal audits and evaluations of
 1195  the state agency’s security program for the data, information,
 1196  and information technology resources of the state agency are
 1197  conducted. The results of such audits and evaluations are
 1198  confidential information and exempt from s. 119.07(1), except
 1199  that such information shall be available to the Auditor General
 1200  and the Agency for State Enterprise Information Technology for
 1201  performing postauditing duties.
 1202         (g) Include appropriate security requirements in the
 1203  written specifications for the solicitation of information
 1204  technology and information technology resources and services,
 1205  which are consistent with the rules and guidelines established
 1206  by the Agency for State Enterprise Information Technology.
 1207         (h) Provide security awareness training to employees and
 1208  users of the state agency’s communication and information
 1209  resources concerning information security risks and the
 1210  responsibility of employees and users to comply with policies,
 1211  standards, guidelines, and operating procedures adopted by the
 1212  state agency to reduce those risks.
 1213         (i) Develop a process for detecting, reporting, and
 1214  responding to suspected or confirmed security incidents,
 1215  including suspected or confirmed breaches consistent with the
 1216  security rules and guidelines established by the Agency for
 1217  State Enterprise Information Technology.
 1218         1. Suspected or confirmed information security incidents
 1219  and breaches must be immediately reported to the Agency for
 1220  State Enterprise Information Technology.
 1221         2. For incidents involving breaches, agencies shall provide
 1222  notice in accordance with s. 817.5681 and to the Agency for
 1223  State Enterprise Information Technology in accordance with this
 1224  subsection.
 1225         (5) Each state agency shall include appropriate security
 1226  requirements in the specifications for the solicitation of
 1227  contracts for procuring information technology or information
 1228  technology resources or services which are consistent with the
 1229  rules and guidelines established by the Agency for State
 1230  Enterprise Information Technology.
 1231         (6) The Agency for State Enterprise Information Technology
 1232  may adopt rules relating to information security and to
 1233  administer the provisions of this section.
 1234         Section 18. Subsection (14) of section 287.012, Florida
 1235  Statutes, is amended to read:
 1236         287.012 Definitions.—As used in this part, the term:
 1237         (14) “Information technology” means, but is not limited to,
 1238  equipment, hardware, software, mainframe maintenance, firmware,
 1239  programs, systems, networks, infrastructure, media, and related
 1240  material used to automatically, electronically, and wirelessly
 1241  collect, receive, access, transmit, display, store, record,
 1242  retrieve, analyze, evaluate, process, classify, manipulate,
 1243  manage, assimilate, control, communicate, exchange, convert,
 1244  converge, interface, switch, or disseminate information of any
 1245  kind or form has the meaning ascribed in s. 282.0041.
 1246         Section 19. Subsection (22) of section 287.057, Florida
 1247  Statutes, is amended to read:
 1248         287.057 Procurement of commodities or contractual
 1249  services.—
 1250         (22) The department, in consultation with the Agency for
 1251  State Enterprise Information Technology and the Chief Financial
 1252  Officer Comptroller, shall develop a program for online
 1253  procurement of commodities and contractual services. To enable
 1254  the state to promote open competition and to leverage its buying
 1255  power, agencies shall participate in the online procurement
 1256  program, and eligible users may participate in the program. Only
 1257  vendors prequalified as meeting mandatory requirements and
 1258  qualifications criteria may participate in online procurement.
 1259         (a) The department, in consultation with the agency, may
 1260  contract for equipment and services necessary to develop and
 1261  implement online procurement.
 1262         (b) The department, in consultation with the agency, shall
 1263  adopt rules, pursuant to ss. 120.536(1) and 120.54, to
 1264  administer the program for online procurement. The rules shall
 1265  include, but not be limited to:
 1266         1. Determining the requirements and qualification criteria
 1267  for prequalifying vendors.
 1268         2. Establishing the procedures for conducting online
 1269  procurement.
 1270         3. Establishing the criteria for eligible commodities and
 1271  contractual services.
 1272         4. Establishing the procedures for providing access to
 1273  online procurement.
 1274         5. Determining the criteria warranting any exceptions to
 1275  participation in the online procurement program.
 1276         (c) The department may impose and shall collect all fees
 1277  for the use of the online procurement systems.
 1278         1. The fees may be imposed on an individual transaction
 1279  basis or as a fixed percentage of the cost savings generated. At
 1280  a minimum, the fees must be set in an amount sufficient to cover
 1281  the projected costs of the services, including administrative
 1282  and project service costs in accordance with the policies of the
 1283  department.
 1284         2. If the department contracts with a provider for online
 1285  procurement, the department, pursuant to appropriation, shall
 1286  compensate the provider from the fees after the department has
 1287  satisfied all ongoing costs. The provider shall report
 1288  transaction data to the department each month so that the
 1289  department may determine the amount due and payable to the
 1290  department from each vendor.
 1291         3. All fees that are due and payable to the state on a
 1292  transactional basis or as a fixed percentage of the cost savings
 1293  generated are subject to s. 215.31 and must be remitted within
 1294  40 days after receipt of payment for which the fees are due. For
 1295  fees that are not remitted within 40 days, the vendor shall pay
 1296  interest at the rate established under s. 55.03(1) on the unpaid
 1297  balance from the expiration of the 40-day period until the fees
 1298  are remitted.
 1299         4. All fees and surcharges collected under this paragraph
 1300  shall be deposited in the Operating Trust Fund as provided by
 1301  law.
 1302         Section 20. Subsection (4) of section 445.011, Florida
 1303  Statutes, is amended to read:
 1304         445.011 Workforce information systems.—
 1305         (4) Workforce Florida, Inc., shall coordinate development
 1306  and implementation of workforce information systems with the
 1307  executive director of the Agency for State Enterprise
 1308  Information Technology to ensure compatibility with the state’s
 1309  information system strategy and enterprise architecture.
 1310         Section 21. Subsection (2) and paragraphs (a) and (b) of
 1311  subsection (4) of section 445.045, Florida Statutes, are amended
 1312  to read:
 1313         445.045 Development of an Internet-based system for
 1314  information technology industry promotion and workforce
 1315  recruitment.—
 1316         (2) Workforce Florida, Inc., shall coordinate with the
 1317  Agency for State Enterprise Information Technology and the
 1318  Department of Economic Opportunity to ensure links, where
 1319  feasible and appropriate, to existing job information websites
 1320  maintained by the state and state agencies and to ensure that
 1321  information technology positions offered by the state and state
 1322  agencies are posted on the information technology website.
 1323         (4)(a) Workforce Florida, Inc., shall coordinate
 1324  development and maintenance of the website under this section
 1325  with the executive director of the Agency for State Enterprise
 1326  Information Technology to ensure compatibility with the state’s
 1327  information system strategy and enterprise architecture.
 1328         (b) Workforce Florida, Inc., may enter into an agreement
 1329  with the Agency for State Enterprise Information Technology, the
 1330  Department of Economic Opportunity, or any other public agency
 1331  with the requisite information technology expertise for the
 1332  provision of design, operating, or other technological services
 1333  necessary to develop and maintain the website.
 1334         Section 22. Paragraph (b) of subsection (18) of section
 1335  668.50, Florida Statutes, is amended to read:
 1336         668.50 Uniform Electronic Transaction Act.—
 1337         (18) ACCEPTANCE AND DISTRIBUTION OF ELECTRONIC RECORDS BY
 1338  GOVERNMENTAL AGENCIES.—
 1339         (b) To the extent that a governmental agency uses
 1340  electronic records and electronic signatures under paragraph
 1341  (a), the Agency for State Enterprise Information Technology, in
 1342  consultation with the governmental agency, giving due
 1343  consideration to security, may specify:
 1344         1. The manner and format in which the electronic records
 1345  must be created, generated, sent, communicated, received, and
 1346  stored and the systems established for those purposes.
 1347         2. If electronic records must be signed by electronic
 1348  means, the type of electronic signature required, the manner and
 1349  format in which the electronic signature must be affixed to the
 1350  electronic record, and the identity of, or criteria that must be
 1351  met by, any third party used by a person filing a document to
 1352  facilitate the process.
 1353         3. Control processes and procedures as appropriate to
 1354  ensure adequate preservation, disposition, integrity, security,
 1355  confidentiality, and auditability of electronic records.
 1356         4. Any other required attributes for electronic records
 1357  which are specified for corresponding nonelectronic records or
 1358  reasonably necessary under the circumstances.
 1359         Section 23. This act shall take effect July 1, 2012.
 1360  
 1361  
 1362  ================= T I T L E  A M E N D M E N T ================
 1363         And the title is amended as follows:
 1364         Delete everything before the enacting clause
 1365  and insert:
 1366                        A bill to be entitled                      
 1367         An act relating to state technology; abolishing the
 1368         Agency for Enterprise Information Technology;
 1369         transferring the personnel, functions, and funds of
 1370         the Agency for Enterprise Information Technology to
 1371         the Agency for State Technology; transferring
 1372         specified personnel, functions, and funds relating to
 1373         technology programs from the Department of Management
 1374         Services to the Agency for State Technology;
 1375         transferring the Northwood Shared Resource Center and
 1376         the Southwood Shared Resource Center to the agency;
 1377         repealing s. 14.204, F.S., relating to the Agency for
 1378         Enterprise Information Technology; creating s. 14.206,
 1379         F.S.; creating the Agency for State Technology;
 1380         providing for an executive director who shall be the
 1381         state’s Chief Information Officer; providing for
 1382         organization of the agency; providing duties and
 1383         responsibilities of the agency and of the executive
 1384         director; requiring certain status reports to the
 1385         Governor, the Cabinet, and the Legislature;
 1386         authorizing the agency to adopt rules; reordering and
 1387         amending s. 282.0041, F.S.; revising and providing
 1388         definitions of terms as used in the Enterprise
 1389         Information Technology Services Management Act;
 1390         amending s. 282.0055, F.S.; revising provisions for
 1391         assignment of information technology services;
 1392         directing the agency to create a road map for
 1393         enterprise information technology service
 1394         consolidation and a comprehensive transition plan;
 1395         requiring the transition plan to be submitted to the
 1396         Governor and Cabinet and the Legislature by a certain
 1397         date; providing duties for state agencies relating to
 1398         the transition plan; prohibiting state agencies from
 1399         certain technology-related activities; providing for
 1400         exceptions; amending s. 282.0056, F.S.; providing for
 1401         development by the agency executive director of a
 1402         biennial State Information Technology Strategic
 1403         Resources Plan for approval by the Governor and the
 1404         Cabinet; directing state agencies to submit their own
 1405         information technology plans and any requested
 1406         information to the agency; revising provisions for
 1407         development of work plans and implementation plans;
 1408         revising provisions for reporting on achievements;
 1409         amending s. 282.201, F.S.; revising provisions for a
 1410         state data center system; providing legislative
 1411         intent; directing the agency to provide
 1412         recommendations to the Governor and Legislature
 1413         relating to changes to the schedule for the
 1414         consolidations of state agency data centers; providing
 1415         duties of a state agency consolidating a data center
 1416         into a primary data center; revising the scheduled
 1417         consolidation dates for state agency data centers;
 1418         amending s. 282.203, F.S.; revising duties of primary
 1419         data centers; removing provisions for boards of
 1420         trustees to head primary data centers; requiring a
 1421         memorandum of understanding between the primary data
 1422         center and the participating state agency; limiting
 1423         the term of the memorandum; providing for failure to
 1424         enter into a memorandum; repealing s. 282.204, F.S.,
 1425         relating to Northwood Shared Resource Center;
 1426         repealing s. 282.205, F.S., relating to Southwood
 1427         Shared Resource Center; creating s. 282.206, F.S.;
 1428         establishing the Fletcher Shared Resource Center
 1429         within the Department of Financial Services to provide
 1430         enterprise information technology services; directing
 1431         the center to collaborate with the agency; directing
 1432         the center to provide collocation services to the
 1433         Department of Legal Affairs, the Department of
 1434         Agriculture and Consumer Services, and the Department
 1435         of Financial Services; directing the Department of
 1436         Financial Services to continue to use the center and
 1437         provide service to the Office of Financial Regulation
 1438         and the Office of Insurance Regulation and host the
 1439         Legislative Appropriations System/Planning and
 1440         Budgeting Subsystem; providing for governance of the
 1441         center; providing for a steering committee to ensure
 1442         adequacy and appropriateness of services; directing
 1443         the Department of Legal Affairs and the Department of
 1444         Agriculture and Consumer Services to move data center
 1445         equipment to the center by certain dates; repealing s.
 1446         282.33, F.S., relating to objective standards for data
 1447         center energy efficiency; amending s. 282.34, F.S.;
 1448         revising provisions for a statewide e-mail service to
 1449         meet the needs of executive branch agencies; requiring
 1450         state agencies to receive e-mail services through the
 1451         agency; authorizing the Department of Agriculture and
 1452         Consumer Services, the Department of Financial
 1453         Services, the Office of Financial Regulation, and the
 1454         Office of Insurance Regulation to receive e-mail
 1455         services from the Fletcher Shared Resource Center or
 1456         the agency; amending s. 282.702, F.S.; directing the
 1457         agency to develop a plan for statewide voice-over
 1458         Internet protocol services; requiring certain content
 1459         in the plan; requiring the plan to be submitted to the
 1460         Governor, the Cabinet, and the Legislature by a
 1461         certain date; amending s. 364.0135, F.S.; providing
 1462         for the agency’s role in the promotion of broadband
 1463         Internet service; providing an additional duty;
 1464         amending ss. 20.22, 110.205, 215.22, 215.322, 216.292,
 1465         282.318, 282.604, 282.703, 282.704, 282.705, 282.706,
 1466         282.707, 282.709, 282.7101, 282.711, 287.012, 287.057,
 1467         318.18, 320.0802, 328.72, 365.171, 365.172, 365.173,
 1468         365.174, 401.013, 401.015, 401.018, 401.021, 401.024,
 1469         401.027, 401.465, 445.011, 445.045, and 668.50, F.S.,
 1470         relating to a financial and cash management system
 1471         task force, career service exemptions, trust funds,
 1472         payment cards and electronic funds transfers, the
 1473         Communications Working Capital Trust Fund, the
 1474         Enterprise Information Technology Services Management
 1475         Act, adoption of rules, the Communication Information
 1476         Technology Services Act, procurement of commodities
 1477         and contractual services, the Florida Uniform
 1478         Disposition of Traffic Infractions Act, surcharge on
 1479         vehicle license tax, vessel registration, broadband
 1480         Internet service, the emergency communications number
 1481         E911, regional emergency medical telecommunications,
 1482         the Workforce Innovation Act of 2000, and the Uniform
 1483         Electronic Transaction Act; conforming provisions and
 1484         cross-references to changes made by the act; revising
 1485         and deleting obsolete provisions; providing an
 1486         effective date.
 1487