Florida Senate - 2026 SB 1292
By Senator Martin
33-01643-26 20261292__
1 A bill to be entitled
2 An act relating to information technology procurement
3 and contracting; amending s. 20.22, F.S.; providing
4 that the Bureau of Enterprise Project Management and
5 Oversight is within the Florida Digital Service;
6 amending s. 282.0041, F.S.; revising definitions and
7 defining terms; amending s. 282.0051, F.S.; revising
8 the duties and responsibilities of the Florida Digital
9 Service; requiring the Florida Digital Service to
10 manage certain contracts, report certain information
11 to specified parties annually, and adopt certain
12 rules; creating s. 282.00513, F.S.; creating the
13 Bureau of Enterprise Project Management and Oversight
14 within the Florida Digital Service; providing duties
15 and responsibilities of the bureau; requiring certain
16 parties to designate a chief of the bureau; creating
17 s. 282.00514, F.S.; requiring state agencies to
18 include specified information in certain solicitations
19 and contracts; requiring state agencies to follow
20 certain processes and use certain forms in certain
21 circumstances; requiring the Florida Digital Service
22 to provide consultation and work cooperatively with
23 specified entities in certain circumstances; requiring
24 certain state agencies to take certain actions
25 involving specified contracts; requiring state
26 agencies to provide information in a specified format;
27 amending s. 282.00515, F.S.; conforming provisions to
28 changes made by the act; amending s. 287.057, F.S.;
29 requiring the Department of Management Services to
30 maintain a specified repository for certain records;
31 creating s. 287.0583, F.S.; providing contract
32 requirements for certain information technology
33 commodities and services; amending s. 287.0591, F.S.;
34 revising requirements for information technology
35 competitive solicitations; providing an effective
36 date.
37
38 Be It Enacted by the Legislature of the State of Florida:
39
40 Section 1. Paragraph (b) of subsection (2) of section
41 20.22, Florida Statutes, is amended to read:
42 20.22 Department of Management Services.—There is created a
43 Department of Management Services.
44 (2) The following divisions, programs, and services within
45 the Department of Management Services are established:
46 (b) The Florida Digital Service, which shall include the
47 Bureau of Enterprise Project Management and Oversight.
48 Section 2. Present subsections (24) through (38) of section
49 282.0041, Florida Statutes, are redesignated as subsections (25)
50 through (39), respectively, a new subsection (24) is added to
51 that section, and present subsections (27) and (29) of that
52 section are amended, to read:
53 282.0041 Definitions.—As used in this chapter, the term:
54 (24) “Major information technology system” means an
55 information technology system with a total cost of ownership of
56 $10 million or more which directly serves or impacts end users
57 in the delivery of constituent-facing services or which supports
58 mission-critical operations essential to a state agency’s
59 statutory duties or core business functions.
60 (28)(27) “Project oversight” means an independent review
61 and assessment analysis of an information technology project
62 which that provides information on the project’s scope,
63 completion timeframes, performance measurement, and budget and
64 which that identifies and quantifies issues or risks affecting
65 the successful and timely completion of the project.
66 (30)(29) “Risk assessment” means the process of identifying
67 operational risks and security risks, determining their
68 magnitude, and identifying areas needing safeguards.
69 Section 3. Section 282.0051, Florida Statutes, is amended
70 to read:
71 282.0051 Department of Management Services; Florida Digital
72 Service; powers, duties, and functions.—
73 (1) The Florida Digital Service is has been created within
74 the department to propose innovative solutions that securely
75 modernize state government, including technology and information
76 services, to achieve value through digital transformation and
77 interoperability, and to fully support the cloud-first policy as
78 specified in s. 282.206. The department, through the Florida
79 Digital Service, shall have the following powers, duties, and
80 functions:
81 (a) Develop and publish information technology policy for
82 the management of the state’s information technology resources.
83 (b) Develop an enterprise architecture that:
84 1. Acknowledges the unique needs of the entities within the
85 enterprise in the development and publication of standards and
86 terminologies to facilitate digital interoperability;
87 2. Supports the cloud-first policy as specified in s.
88 282.206; and
89 3. Addresses how information technology infrastructure may
90 be modernized to achieve cloud-first objectives.
91 (c) Establish project management and oversight standards
92 with which state agencies shall must comply when implementing
93 information technology projects. The department, acting through
94 the Florida Digital Service, shall update the provide training
95 opportunities to state agencies to assist in the adoption of the
96 project management and oversight standards at least once every 2
97 years, incorporating best practices from the public and private
98 sectors, as well as any lessons learned by state agencies. When
99 updating the standards, the Florida Digital Service shall
100 solicit input from all state agencies. To support data-driven
101 decisionmaking, the standards must include, but are not limited
102 to:
103 1. Performance measurements and metrics that objectively
104 assess reflect the progress and risks status of an information
105 technology project through performance baselines and monitoring
106 mechanisms to determine whether the project is performing as
107 planned and delivering the intended outcomes based on a defined
108 and documented project scope, cost, and schedule.
109 2. Methodologies for calculating acceptable variances
110 between the planned and in the projected versus actual scope of
111 a technology project which provide clear thresholds to guide
112 corrective actions. Such methodologies must account for project
113 complexity and scale, schedule, performance, quality, and the or
114 cost of an information technology project.
115 3. Reporting requirements, including requirements designed
116 to alert all defined stakeholders when that an information
117 technology project has exceeded acceptable variances and when
118 specifying procedures for escalating critical issues to
119 appropriate individuals defined and documented in a project
120 plan.
121 4. Content, format, and frequency of project updates.
122 5. Technical standards to ensure an information technology
123 project complies with the enterprise architecture, including
124 interoperability, security, scalability, and data management
125 requirements.
126 6. Mechanisms for engaging stakeholders throughout a
127 project’s life cycle.
128 (d) Provide training opportunities to state agencies
129 regarding the project management and oversight standards.
130 (e)(d) Perform project oversight on all state agency
131 information technology projects that have total project costs of
132 $10 million or more and that are funded in the General
133 Appropriations Act or any other law. The department, acting
134 through the Florida Digital Service, shall report at least
135 quarterly to the Executive Office of the Governor, the President
136 of the Senate, and the Speaker of the House of Representatives
137 on any information technology project that the Florida Digital
138 Service department identifies as high-risk due to the project
139 exceeding the acceptable project variance thresholds provided in
140 the project management and oversight standards ranges defined
141 and documented in a project plan. The report must include:
142 1. A risk assessment, including fiscal risks, associated
143 with proceeding to the next stage of the project.
144 2. Recommendations, and a recommendation for corrective
145 actions required, including suspension or termination of the
146 project.
147 3. A list of all projects with a performance deficiency,
148 reported pursuant to s. 287.057(26)(d)1., which has not been
149 corrected by the vendor as of the end of the reporting period.
150 (f)(e) Identify opportunities for standardization and
151 consolidation of information technology services that support
152 interoperability and the cloud-first policy, as specified in s.
153 282.206, and business functions and operations, including
154 administrative functions such as purchasing, accounting and
155 reporting, cash management, and personnel, and that are common
156 across state agencies. The department, acting through the
157 Florida Digital Service, shall biennially on January 15 1 of
158 each odd-numbered even-numbered year provide recommendations for
159 standardization and consolidation to the Executive Office of the
160 Governor, the President of the Senate, and the Speaker of the
161 House of Representatives.
162 (g)(f) Establish best practices for the procurement of
163 information technology products and cloud-computing services in
164 order to reduce costs, increase the quality of data center
165 services, or improve government services.
166 (h)(g) Develop standards for information technology reports
167 and updates, including, but not limited to, operational work
168 plans, project spend plans, and project status reports, for use
169 by state agencies.
170 (i)(h) Upon request, assist state agencies in the
171 development of information technology-related legislative budget
172 requests.
173 (j)(i) Conduct annual assessments of state agencies to
174 determine compliance with all information technology standards
175 and guidelines developed and published by the department and
176 provide results of the assessments to the Executive Office of
177 the Governor, the President of the Senate, and the Speaker of
178 the House of Representatives.
179 (j) Conduct a market analysis not less frequently than
180 every 3 years beginning in 2021 to determine whether the
181 information technology resources within the enterprise are
182 utilized in the most cost-effective and cost-efficient manner,
183 while recognizing that the replacement of certain legacy
184 information technology systems within the enterprise may be cost
185 prohibitive or cost inefficient due to the remaining useful life
186 of those resources; whether the enterprise is complying with the
187 cloud-first policy specified in s. 282.206; and whether the
188 enterprise is utilizing best practices with respect to
189 information technology, information services, and the
190 acquisition of emerging technologies and information services.
191 Each market analysis shall be used to prepare a strategic plan
192 for continued and future information technology and information
193 services for the enterprise, including, but not limited to,
194 proposed acquisition of new services or technologies and
195 approaches to the implementation of any new services or
196 technologies. Copies of each market analysis and accompanying
197 strategic plan must be submitted to the Executive Office of the
198 Governor, the President of the Senate, and the Speaker of the
199 House of Representatives not later than December 31 of each year
200 that a market analysis is conducted.
201 (k) Recommend other information technology services that
202 should be designed, delivered, and managed as enterprise
203 information technology services. Recommendations must include
204 the identification of existing information technology resources
205 associated with the services, if existing services must be
206 transferred as a result of being delivered and managed as
207 enterprise information technology services. The recommendations
208 must be submitted to the Governor, the President of the Senate,
209 and the Speaker of the House of Representatives no later than
210 January 15 of each odd-numbered year.
211 (l) In consultation with state agencies, propose a
212 methodology and approach for identifying and collecting both
213 current and planned information technology expenditure data at
214 the state agency level.
215 (m)1. Notwithstanding any other law, provide project
216 oversight on any information technology project of the
217 Department of Financial Services, the Department of Legal
218 Affairs, and the Department of Agriculture and Consumer Services
219 which has a total project cost of $20 million or more. Such
220 information technology projects must also comply with the
221 applicable information technology architecture, project
222 management and oversight, and reporting standards established by
223 the department, acting through the Florida Digital Service.
224 2. When performing the project oversight function specified
225 in subparagraph 1., report at least quarterly to the Executive
226 Office of the Governor, the President of the Senate, and the
227 Speaker of the House of Representatives on any information
228 technology project that the department, acting through the
229 Florida Digital Service, identifies as high-risk due to the
230 project exceeding the established acceptable project variance
231 thresholds ranges defined and documented in the project plan.
232 The report must shall include a risk assessment, including
233 fiscal risks, associated with proceeding to the next stage of
234 the project and a recommendation for corrective actions
235 required, including suspension or termination of the project.
236 (n) If an information technology project implemented by a
237 state agency must be connected to or otherwise accommodated by
238 an information technology system administered by the Department
239 of Financial Services, the Department of Legal Affairs, or the
240 Department of Agriculture and Consumer Services, consult with
241 these departments regarding the risks and other effects of such
242 projects on their information technology systems and work
243 cooperatively with these departments regarding the connections,
244 interfaces, timing, or accommodations required to implement such
245 projects.
246 (n)(o) If adherence to standards or policies adopted by or
247 established pursuant to this section causes conflict with
248 federal regulations or requirements imposed on an entity within
249 the enterprise and results in adverse action against an entity
250 or federal funding, work with the entity to provide alternative
251 standards, policies, or requirements that do not conflict with
252 the federal regulation or requirement. The department, acting
253 through the Florida Digital Service, shall annually report each
254 January 15 such alternative standards to the Executive Office of
255 the Governor, the President of the Senate, and the Speaker of
256 the House of Representatives.
257 (o)(p)1. Establish an information technology policy for all
258 information technology-related state contracts, including state
259 term contracts for information technology commodities,
260 consultant services, and staff augmentation services. The
261 information technology policy must include:
262 a. Identification of the information technology product and
263 service categories to be included in state term contracts.
264 b. Requirements to be included in solicitations for state
265 term contracts.
266 c. Evaluation criteria for the award of information
267 technology-related state term contracts.
268 d. The term of each information technology-related state
269 term contract.
270 e. The maximum number of vendors authorized on each state
271 term contract.
272 f. At a minimum, a requirement that any contract for
273 information technology commodities or services meet the National
274 Institute of Standards and Technology Cybersecurity Framework.
275 g. For an information technology project wherein project
276 oversight is required pursuant to paragraph (e) (d) or paragraph
277 (m), a requirement that independent verification and validation
278 be employed throughout the project life cycle with the primary
279 objective of independent verification and validation being to
280 provide an objective assessment of products and processes
281 throughout the project life cycle. An entity providing
282 independent verification and validation may not have technical,
283 managerial, or financial interest in the project and may not
284 have responsibility for, or participate in, any other aspect of
285 the project.
286 2. Evaluate vendor responses for information technology
287 related state term contract solicitations and invitations to
288 negotiate.
289 3. Answer vendor questions on information technology
290 related state term contract solicitations.
291 4. Ensure that the information technology policy
292 established pursuant to subparagraph 1. is included in all
293 solicitations and contracts that are administratively executed
294 by the department.
295 (p)(q) Recommend potential methods for standardizing data
296 across state agencies which will promote interoperability and
297 reduce the collection of duplicative data.
298 (q)(r) Recommend open data technical standards and
299 terminologies for use by the enterprise.
300 (r)(s) Ensure that enterprise information technology
301 solutions are capable of utilizing an electronic credential and
302 comply with the enterprise architecture standards.
303 (s) Review all state agency information technology
304 legislative budget requests to identify compliance issues
305 related to the enterprise architecture, project planning
306 standards, and cybersecurity.
307 (t) Identify efficiency opportunities in the use of
308 information technology resources.
309 (u) Submit recommendations for improvement or any statutory
310 changes necessary to implement the improvements to the Governor,
311 the President of the Senate, and the Speaker of the House of
312 Representatives no later than November 15 of each year.
313 (v) Develop and publish, in collaboration with the
314 enterprise, a data dictionary for each agency that reflects the
315 nomenclature in the comprehensive indexed data catalog.
316 (w) Each December 1, compile an enterprise report of major
317 information technology systems approaching end-of-life within 5
318 fiscal years after such December 1, and submit the report to the
319 Governor, the President of the Senate, and the Speaker of the
320 House of Representatives. For purposes of this paragraph, the
321 term “end-of-life” means the point at which an information
322 technology resource no longer receives vendor support, uses
323 obsolete technology, cannot be adequately maintained, or fails
324 to meet enterprise architecture standards. The report must:
325 1. Describe each major information technology system,
326 including its primary functions, user base, and dependencies
327 with other systems.
328 2. Provide the age, projected end-of-life date, technology
329 platform, and vendor support status of such system.
330 3. Identify the risks to operations, service delivery, or
331 cybersecurity if such system reaches end-of-life without
332 replacement.
333 4. Describe the plan for such system’s replacement,
334 modernization, or retirement.
335 (2)(a) The Secretary of Management Services shall designate
336 a state chief information officer, who shall administer the
337 Florida Digital Service. The state chief information officer,
338 prior to appointment, must have at least 5 years of experience
339 in the development of information system strategic planning and
340 development or information technology policy, and, preferably,
341 have leadership-level experience in the design, development, and
342 deployment of interoperable software and data solutions.
343 (b) The state chief information officer, in consultation
344 with the Secretary of Management Services, shall designate a
345 state chief data officer. The chief data officer must be a
346 proven and effective administrator who must have significant and
347 substantive experience in data management, data governance,
348 interoperability, and security.
349 (3) The department, acting through the Florida Digital
350 Service and from funds appropriated to the Florida Digital
351 Service, shall:
352 (a) Create, not later than December 1, 2022, and maintain a
353 comprehensive indexed data catalog in collaboration with the
354 enterprise that lists the data elements housed within the
355 enterprise and the legacy system or application in which these
356 data elements are located. The data catalog must, at a minimum,
357 specifically identify all data that is restricted from public
358 disclosure based on federal or state laws and regulations and
359 require that all such information be protected in accordance
360 with s. 282.318.
361 (4) The Florida Digital Service shall manage all
362 independent verification and validation contracts for state
363 agencies entered into or amended on or after July 1, 2026.
364 (b) Develop and publish, not later than December 1, 2022,
365 in collaboration with the enterprise, a data dictionary for each
366 agency that reflects the nomenclature in the comprehensive
367 indexed data catalog.
368 (c) Adopt, by rule, standards that support the creation and
369 deployment of an application programming interface to facilitate
370 integration throughout the enterprise.
371 (d) Adopt, by rule, standards necessary to facilitate a
372 secure ecosystem of data interoperability that is compliant with
373 the enterprise architecture.
374 (e) Adopt, by rule, standards that facilitate the
375 deployment of applications or solutions to the existing
376 enterprise system in a controlled and phased approach.
377 (f) After submission of documented use cases developed in
378 conjunction with the affected agencies, assist the affected
379 agencies with the deployment, contingent upon a specific
380 appropriation therefor, of new interoperable applications and
381 solutions:
382 1. For the Department of Health, the Agency for Health Care
383 Administration, the Agency for Persons with Disabilities, the
384 Department of Education, the Department of Elderly Affairs, and
385 the Department of Children and Families.
386 2. To support military members, veterans, and their
387 families.
388 (5)(4) For information technology projects that have a
389 total project cost of $10 million or more, the Florida Digital
390 Service shall:
391 (a) No later than January 1, 2027, establish a
392 presolicitation planning framework that includes standards,
393 procedures, forms, and guidance that state agencies shall follow
394 before issuing a competitive solicitation must provide the
395 Florida Digital Service with written notice of any planned
396 procurement of an information technology project.
397 (b) The Florida Digital Service must Participate in the
398 development of specifications and recommend modifications to any
399 planned procurement of an information technology project by
400 state agencies so that the procurement complies with the
401 enterprise architecture and the presolicitation planning
402 framework.
403 (c) Certify that a state agency has complied with the
404 presolicitation planning framework and is ready to initiate the
405 planned procurement. The Florida Digital Service shall withhold
406 certification for any project that does not comply with the
407 established presolicitation planning framework.
408 (d)(c) The Florida Digital Service must Participate in
409 post-award contract monitoring, including risk oversight and
410 monitoring for issues or situations that should be elevated to
411 ensure timely resolution of the issue or situation.
412 (6)(5) The department, acting through the Florida Digital
413 Service, may not retrieve or disclose any data without a shared
414 data agreement in place between the Florida Digital Service
415 department and the enterprise entity that has primary custodial
416 responsibility of, or data-sharing responsibility for, that
417 data. The Florida Digital Service shall report to the Governor,
418 the President of the Senate, and the Speaker of the House of
419 Representatives each January 15 any failure to reach a shared
420 data agreement with a state agency that prevents the Florida
421 Digital Service from fulfilling its duties and responsibilities.
422 (7)(6) The department, acting through the Florida Digital
423 Service, shall adopt rules:
424 (a) To administer this section.
425 (b) To support the creation and deployment of an
426 application programming interface to facilitate integration
427 throughout the enterprise.
428 (c) Necessary to facilitate a secure ecosystem of data
429 interoperability which is compliant with the enterprise
430 architecture.
431 (d) To facilitate the deployment of applications or
432 solutions to the existing enterprise system in a controlled and
433 phased approach.
434 Section 4. Section 282.00513, Florida Statutes, is created
435 to read:
436 282.00513 Bureau of Enterprise Project Management and
437 Oversight; duties.—
438 (1) There is created a Bureau of Enterprise Project
439 Management and Oversight within the Florida Digital Service,
440 which shall:
441 (a) Oversee the procurement of information technology
442 commodities and services by state agencies.
443 (b) Oversee the performance of vendors under information
444 technology contracts for commodities or services entered into by
445 state agencies.
446 (c) Develop a framework that provides processes,
447 activities, and deliverables state agencies must comply with
448 when planning an information technology project. The processes,
449 activities, and deliverables must include, but are not limited
450 to, all of the following:
451 1. Business case development. The business case development
452 must include the information required by s. 287.0571(4), full
453 life cycle cost estimates, governance structure, system
454 interoperability goals, data management plans, scalability
455 approach, evaluation of cybersecurity and data privacy risks,
456 and technology-specific performance metrics and service levels.
457 2. Market research, including the use of a request for
458 information as defined in s. 287.012.
459 3. Planning and scheduling.
460 4. Stakeholder engagement.
461 5. Risk assessment.
462 6. Procurement strategy.
463 7. Project governance definition.
464 8. System design and requirements.
465 9. Change management.
466 10. Monitoring and reporting.
467 11. Postimplementation review and planning.
468 12. Solicitation documentation.
469 (d) Develop on or before January 1, 2027, forms for state
470 agencies to use to evaluate and report the performance of
471 information technology vendors in the delivery of information
472 technology commodities or services.
473 (e) Develop trainings specific to information technology
474 which supplement and enhance the trainings offered by the
475 department and the Chief Financial Officer under s.
476 287.057(15)(b). The bureau shall evaluate such training every 2
477 years to assess its effectiveness and update the training
478 curriculum. The training must be designed to:
479 1. Address the unique requirements and risk profiles of
480 state information technology projects, procurements, contract
481 management, and vendor management.
482 2. Improve the technical understanding of the job
483 requirements, certifications, and skill sets required by state
484 agencies recruiting individuals for information technology
485 roles.
486 (2) The state chief information officer, in consultation
487 with the Secretary of Management Services, shall designate a
488 chief of the Bureau of Enterprise Project Management and
489 Oversight. The chief must have demonstrable experience in the
490 governance of large-scale public sector information technology
491 initiatives and portfolios, negotiation and management of
492 information technology contracts, modular contracting and
493 delivery, and performance management.
494 Section 5. Section 282.00514, Florida Statutes, is created
495 to read:
496 282.00514 Duties of state agencies.—
497 (1) State agencies shall include the information technology
498 policy adopted pursuant to s. 282.0051(1)(o) in all
499 solicitations and contracts for information technology
500 commodities or services.
501 (2) State agencies shall follow the processes and use the
502 forms developed by the Bureau of Enterprise Project Management
503 and Oversight to evaluate and report the performance of
504 information technology vendors in the delivery of information
505 technology commodities or services.
506 (3) If an information technology project implemented by a
507 state agency must be connected to or otherwise accommodated by
508 an information technology system administered by the Department
509 of Financial Services, the Department of Legal Affairs, or the
510 Department of Agriculture and Consumer Services, the Florida
511 Digital Service must consult with these departments regarding
512 the risks and other effects of such projects on their
513 information technology systems and work cooperatively with these
514 departments regarding the connections, interfaces, timing, or
515 accommodations required to implement such projects.
516 (4) For information technology projects that have a total
517 project cost of $10 million or more, state agencies shall:
518 (a) Provide the Florida Digital Service with written notice
519 of any planned procurement of an information technology project,
520 the proposed scope, the project specifications, and the project
521 business case at least 90 days before the planned publication
522 date of the competitive solicitation.
523 (b) Receive certification by the Florida Digital Service
524 that the project planning complies with the presolicitation
525 planning framework established by the Florida Digital Service
526 before any competitive solicitation related to an information
527 technology project may be issued.
528 (c) Provide the Florida Digital Service all information
529 necessary for the Florida Digital Service to fulfill its project
530 oversight responsibilities.
531 (5) State agencies shall provide the information required
532 to complete the report in s. 282.0051(1)(w) in a format and
533 manner prescribed by the Florida Digital Service and shall
534 certify that the information provided is accurate and complete
535 to the best of their knowledge as of the submission date.
536 Section 6. Subsections (1) and (3) and paragraph (b) of
537 subsection (4) of section 282.00515, Florida Statutes, are
538 amended to read:
539 282.00515 Duties of Cabinet agencies.—
540 (1) The Department of Legal Affairs, the Department of
541 Financial Services, and the Department of Agriculture and
542 Consumer Services shall adopt the standards established in s.
543 282.0051(1)(b), (c), and (q) and (7)(d) s. 282.0051(1)(b), (c),
544 and (r) and (3)(e) or adopt alternative standards based on best
545 practices and industry standards that allow for open data
546 interoperability.
547 (3) The Department of Legal Affairs, the Department of
548 Financial Services, and the Department of Agriculture and
549 Consumer Services may contract with the Florida Digital Service
550 department to provide or perform any of the services and
551 functions described in s. 282.0051.
552 (4)
553 (b) The department, acting through the Florida Digital
554 Service, may not retrieve or disclose any data without a shared
555 data agreement in place between the Florida Digital Service
556 department and the Department of Legal Affairs, the Department
557 of Financial Services, or the Department of Agriculture and
558 Consumer Services.
559 Section 7. Paragraph (e) is added to subsection (26) of
560 section 287.057, Florida Statutes, to read:
561 287.057 Procurement of commodities or contractual
562 services.—
563 (26)
564 (e) The department shall maintain a centralized repository
565 of vendor performance records developed by the continuing
566 oversight teams for information technology services contracts.
567 Section 8. Section 287.0583, Florida Statutes, is created
568 to read:
569 287.0583 Contract requirements for information technology
570 commodities or services.—A contract for information technology
571 commodities or services involving the development,
572 customization, implementation, integration, support or
573 maintenance of software systems, applications, platforms, or
574 related services must ensure the following:
575 (1) Any data created, processed, or maintained under the
576 contract is portable and can be extracted in a machine-readable
577 format upon request.
578 (2) The vendor will provide, upon request, comprehensive
579 operational documentation sufficient to allow continued
580 operation and maintenance by the agency or a new vendor.
581 (3) The vendor will provide, upon request, reasonable
582 assistance and support during a transition to the agency or to a
583 new vendor.
584 (4) All anticipated software license fees, license renewal
585 fees, and operation and maintenance costs are documented in
586 detail. If exact figures are not feasible, the vendor must
587 provide a reasonable cost range.
588 Section 9. Section 287.0591, Florida Statutes, is amended
589 to read:
590 287.0591 Information technology competitive solicitations
591 and state term contracts; vendor performance disqualification.—
592 (1)(a) Any competitive solicitation issued by the
593 department for a state term contract for information technology
594 commodities must include a term that does not exceed 48 months.
595 (b)(2) Any competitive solicitation issued by the
596 department for a state term contract for information technology
597 consultant services or information technology staff augmentation
598 contractual services must include a term that does not exceed 48
599 months.
600 (c)(3) The department may execute a state term contract for
601 information technology commodities, consultant services, or
602 staff augmentation contractual services that exceeds the 48
603 month requirement if the Secretary of Management Services and
604 the state chief information officer certify in writing to the
605 Executive Office of the Governor that a longer contract term is
606 in the best interest of the state.
607 (2)(4) If the department issues a competitive solicitation
608 for information technology commodities, consultant services, or
609 staff augmentation contractual services, The Florida Digital
610 Service within the department shall participate in such
611 competitive solicitations for information technology
612 commodities, consultant services, or staff augmentation
613 contractual services issued by the department, which must
614 include reviewing the solicitation specifications to verify
615 compliance with enterprise architecture and cybersecurity
616 standards, evaluating vendor responses under established
617 criteria, answering vendor questions, and providing any other
618 technical expertise necessary.
619 (3)(a)(5) If an agency issues a request for quote to
620 purchase information technology commodities, information
621 technology consultant services, or information technology staff
622 augmentation contractual services from the state term contract
623 that meets the CATEGORY TWO threshold amount, but is less than
624 the CATEGORY FOUR threshold amount:
625 1. For any contract with 25 approved vendors or fewer, the
626 agency must issue a request for quote to all vendors approved to
627 provide such commodity or service.
628 2. For any contract with more than 25 approved vendors, the
629 agency must issue a request for quote to at least 25 of the
630 vendors approved to provide such commodity or contractual
631 service.
632 (b) The agency shall maintain a copy of the request for
633 quote, the identity of the vendor that was sent the request for
634 quote, and any vendor response to the request for quote for 2
635 years after the date of issuance of the purchase order.
636 (c) Use of a request for quote does not constitute a
637 decision or intended decision that is subject to protest under
638 s. 120.57(3).
639 (4)(a) An agency issuing a request for quote to purchase
640 information technology commodities, information technology
641 consultant services, or information technology staff
642 augmentation contractual services from the state term contract
643 which exceeds the CATEGORY FOUR threshold amount shall publish
644 on a searchable and publicly available system of record
645 maintained by the department:
646 1. The request for quote for a minimum of 10 days before
647 executing a purchase order.
648 2. The name of the vendor awarded the purchase order.
649 (b) The agency shall maintain a copy of the request for
650 quote, the identity of the vendor that was sent the request for
651 quote, and any vendor responses to the request for quote for 2
652 years after the date of issuance of the purchase order.
653 (c) Use of a request for quote does not constitute a
654 decision or intended decision that is subject to protest under
655 s. 120.57(3).
656 (5) Agencies issuing a competitive solicitation to purchase
657 information technology services shall consult the repository of
658 vendor performance records developed under s. 287.057(26)(e),
659 and consider any relevant records when evaluating vendor
660 responses to the competitive solicitation.
661 (6) To the extent practicable, an agency’s contract for the
662 procurement of a major information technology system must be
663 divided into increments that:
664 (a) Address complex information technology objectives
665 incrementally to enhance the likelihood of attaining those
666 objectives.
667 (b) Provide for delivery, implementation, and testing of
668 workable systems or solutions in discrete increments, each of
669 which comprises a system or solution that is not dependent on a
670 subsequent increment in order to perform its principal
671 functions.
672 (c) Provide an opportunity for subsequent increments of the
673 acquisition to take advantage of any evolution in technology or
674 needs that occur during the implementation of earlier
675 increments.
676 (7)(a)(6) Beginning October 1, 2021, and Each October 1
677 thereafter, the department shall prequalify firms and
678 individuals to provide information technology staff augmentation
679 contractual services and information technology commodities on
680 state term contract.
681 (b) In order to prequalify a firm or individual for
682 participation on the state term contract, the department shall
683 must consider, at a minimum, the capability, experience, and
684 past performance record of the firm or individual.
685 (c) A firm or individual removed from the source of supply
686 pursuant to s. 287.042(1)(b) or placed on a disqualified vendor
687 list pursuant to s. 287.133 or s. 287.134 is immediately
688 disqualified from state term contract eligibility.
689 (d) Once a firm or individual has been prequalified to
690 provide information technology staff augmentation contractual
691 services or information technology commodities on state term
692 contract, the firm or individual may respond to requests for
693 quotes from an agency to provide such services.
694 Section 10. This act shall take effect July 1, 2026.