The Agency for State Technology shall have the following powers, duties, and functions:
(1) Develop and publish information technology policy for the management of the state’s information technology resources.
(2) Establish and publish information technology architecture standards to provide for the most efficient use of the state’s information technology resources and to ensure compatibility and alignment with the needs of state agencies. The agency shall assist state agencies in complying with the standards.
(3) By June 30, 2015, establish project management and oversight standards with which state agencies must comply when implementing information technology projects. The agency shall provide training opportunities to state agencies to assist in the adoption of the project management and oversight standards. To support data-driven decisionmaking, the standards must include, but are not limited to:
(a) Performance measurements and metrics that objectively reflect the status of an information technology project based on a defined and documented project scope, cost, and schedule.
(b) Methodologies for calculating acceptable variances in the projected versus actual scope, schedule, or cost of an information technology project.
(c) Reporting requirements, including requirements designed to alert all defined stakeholders that an information technology project has exceeded acceptable variances defined and documented in a project plan.
(d) Content, format, and frequency of project updates.
(4) Beginning January 1, 2015, perform project oversight on all state agency information technology projects that have total project costs of $10 million or more and that are funded in the General Appropriations Act or any other law. The agency shall report at least quarterly to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives on any information technology project that the agency identifies as high-risk due to the project exceeding acceptable variance ranges defined and documented in a project plan. The report must include a risk assessment, including fiscal risks, associated with proceeding to the next stage of the project, and a recommendation for corrective actions required, including suspension or termination of the project.
(5) By April 1, 2016, and biennially thereafter, identify opportunities for standardization and consolidation of information technology services that support business functions and operations, including administrative functions such as purchasing, accounting and reporting, cash management, and personnel, and that are common across state agencies. The agency shall provide recommendations for standardization and consolidation to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives. The agency is not precluded from providing recommendations before April 1, 2016.
(6) In collaboration with the Department of Management Services, establish best practices for the procurement of information technology products in order to reduce costs, increase productivity, or improve services. Such practices must include a provision requiring the agency to review all information technology purchases made by state agencies that have a total cost of $250,000 or more, unless a purchase is specifically mandated by the Legislature, for compliance with the standards established pursuant to this section.
(7)(a) Participate with the Department of Management Services in evaluating, conducting, and negotiating competitive solicitations for state term contracts for information technology commodities, consultant services, or staff augmentation contractual services pursuant to s. 287.0591.
(b) Collaborate with the Department of Management Services in information technology resource acquisition planning.
(8) Develop standards for information technology reports and updates, including, but not limited to, operational work plans, project spend plans, and project status reports, for use by state agencies.
(9) Upon request, assist state agencies in the development of information technology-related legislative budget requests.
(10) Beginning July 1, 2016, and annually thereafter, conduct annual assessments of state agencies to determine compliance with all information technology standards and guidelines developed and published by the agency, and beginning December 1, 2016, and annually thereafter, provide results of the assessments to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives.
(11) Provide operational management and oversight of the state data center established pursuant to s. 282.201, which includes:
(a) Implementing industry standards and best practices for the state data center’s facilities, operations, maintenance, planning, and management processes.
(b) Developing and implementing cost-recovery mechanisms that recover the full direct and indirect cost of services through charges to applicable customer entities. Such cost-recovery mechanisms must comply with applicable state and federal regulations concerning distribution and use of funds and must ensure that, for any fiscal year, no service or customer entity subsidizes another service or customer entity.
(c) Developing and implementing appropriate operating guidelines and procedures necessary for the state data center to perform its duties pursuant to s. 282.201. The guidelines and procedures must comply with applicable state and federal laws, regulations, and policies and conform to generally accepted governmental accounting and auditing standards. The guidelines and procedures must include, but not be limited to:
1. Implementing a consolidated administrative support structure responsible for providing financial management, procurement, transactions involving real or personal property, human resources, and operational support.
2. Implementing an annual reconciliation process to ensure that each customer entity is paying for the full direct and indirect cost of each service as determined by the customer entity’s use of each service.
3. Providing rebates that may be credited against future billings to customer entities when revenues exceed costs.
4. Requiring customer entities to validate that sufficient funds exist in the appropriate data processing appropriation category or will be transferred into the appropriate data processing appropriation category before implementation of a customer entity’s request for a change in the type or level of service provided, if such change results in a net increase to the customer entity’s costs for that fiscal year.
5. By September 1 of each year, providing to each customer entity’s agency head the projected costs of providing data center services for the following fiscal year.
6. Providing a plan for consideration by the Legislative Budget Commission if the cost of a service is increased for a reason other than a customer entity’s request made pursuant to subparagraph 4. Such a plan is required only if the service cost increase results in a net increase to a customer entity for that fiscal year.
7. Standardizing and consolidating procurement and contracting practices.
(d) In collaboration with the Department of Law Enforcement, developing and implementing a process for detecting, reporting, and responding to information technology security incidents, breaches, and threats.
(e) Adopting rules relating to the operation of the state data center, including, but not limited to, budgeting and accounting procedures, cost-recovery methodologies, and operating procedures.
(f) Beginning May 1, 2016, and annually thereafter, conducting a market analysis to determine whether the state’s approach to the provision of data center services is the most effective and efficient manner by which its customer entities can acquire such services, based on federal, state, and local government trends; best practices in service provision; and the acquisition of new and emerging technologies. The results of the market analysis shall assist the state data center in making adjustments to its data center service offerings.
(12) Recommend other information technology services that should be designed, delivered, and managed as enterprise information technology services. Recommendations must include the identification of existing information technology resources associated with the services, if existing services must be transferred as a result of being delivered and managed as enterprise information technology services.
(13) Recommend additional consolidations of agency computing facilities or data centers into the state data center established pursuant to s. 282.201. Such recommendations shall include a proposed timeline for consolidation.
(14) In consultation with state agencies, propose a methodology and approach for identifying and collecting both current and planned information technology expenditure data at the state agency level.
(15)(a) Beginning January 1, 2015, and notwithstanding any other law, provide project oversight on any information technology project of the Department of Financial Services, the Department of Legal Affairs, and the Department of Agriculture and Consumer Services that has a total project cost of $25 million or more and that impacts one or more other agencies. Such information technology projects must also comply with the applicable information technology architecture, project management and oversight, and reporting standards established by the agency.
(b) When performing the project oversight function specified in paragraph (a), report at least quarterly to the Executive Office of the Governor, the President of the Senate, and the Speaker of the House of Representatives on any information technology project that the agency identifies as high-risk due to the project exceeding acceptable variance ranges defined and documented in the project plan. The report shall include a risk assessment, including fiscal risks, associated with proceeding to the next stage of the project and a recommendation for corrective actions required, including suspension or termination of the project.
(16) If an information technology project implemented by a state agency must be connected to or otherwise accommodated by an information technology system administered by the Department of Financial Services, the Department of Legal Affairs, or the Department of Agriculture and Consumer Services, consult with these departments regarding the risks and other effects of such projects on their information technology systems and work cooperatively with these departments regarding the connections, interfaces, timing, or accommodations required to implement such projects.
(17) If adherence to standards or policies adopted by or established pursuant to this section causes conflict with federal regulations or requirements imposed on a state agency and results in adverse action against the state agency or federal funding, work with the state agency to provide alternative standards, policies, or requirements that do not conflict with the federal regulation or requirement. Beginning July 1, 2015, the agency shall annually report such alternative standards to the Governor, the President of the Senate, and the Speaker of the House of Representatives.
(18) In collaboration with the Department of Management Services: (a) Establish an information technology policy for all information technology-related state contracts, including state term contracts for information technology commodities, consultant services, and staff augmentation services. The information technology policy must include:
1. Identification of the information technology product and service categories to be included in state term contracts.
2. Requirements to be included in solicitations for state term contracts.
3. Evaluation criteria for the award of information technology-related state term contracts.
4. The term of each information technology-related state term contract.
5. The maximum number of vendors authorized on each state term contract.
(b) Evaluate vendor responses for state term contract solicitations and invitations to negotiate.
(c) Answer vendor questions on state term contract solicitations.
(d) Ensure that the information technology policy established pursuant to paragraph (a) is included in all solicitations and contracts which are administratively executed by the department.
(19) Adopt rules to administer this section.